Xem mẫu
- A STUDY ON CLOUD COMPUTING SECURITY
SVTH: Đỗ Chí Bằng, Nguyễn Thị Ninh Thuận
GVHD: ThS Hoàng Thị Kiều Hoa
Tóm tắt - Bảo mật điện toán đám mây là một lĩnh vực nghiên cứu sâu rộng với nhiều mối quan
tâm khác nhau ở nhiều khía cạnh. Trong khi lợi ích của điện toán đám mây và các dịch vụ đám mây
có thể dễ dàng nhận thấy, các vấn đề về quyền riêng tư và bảo mật của công nghệ này luôn được chú
trọng. Bài báo này nhằm mục đích xác định các vấn đề bảo mật và giải pháp của chúng trong việc sử
dụng các dịch vụ điện toán đám mây. Và đây sẽ là tài liệu tham khảo cho bất kỳ ai cần cái nhìn tổng
quan về các yếu tố rủi ro và các giải pháp khả thi trong môi trường đám mây.
Abstract - Cloud computing security is an extensive field of research with various concerns in
many aspects. While the benefits of cloud computing and cloud services are easily noticeable, the
privacy and security problems of this technology has always been concentrated on. This paper aim to
identify the security issues and their solutions in using cloud computing services. And this would serve
as a reference for anyone in need of an overview on the risks factors and possible solutions in a cloud
environment.
Key words: Privacy, Cloud computing, Cloud Consumer, Cloud Service Provider, Cloud User,
Security.
I. Introduction about cloud computing security
Since its popularization by Amazon’s Elastic Computer Cloud (EC2) in 2006, cloud
computing has been heavily focused on and developed by many other information Enterprises
such as Dell, Microsoft, Google…During 2020, the COVID-19 pandemic has affected the
cloud computing market exponentially. The demand for Software-as-a-Service (SaaS) surged
due to the adaptation of work from home model in some enterprises. Video conferencing
programs using cloud computing such as Google Hangouts, Zoom, WeChat Work, Tencent
Meeting, Cisco Webex,… has experienced over three times in new user registration number
(Marketsandmarkets, 2020). Moreover, streaming platforms such as Netflix, Twitch, Hulu,
Amazon, Disney+, Youtube… has also undergone a significant increase in demand due to
country lockdowns causing most of the people to stay indoors. Thus, Video on Demand
(VoD) which uses the cloud is vital and has remarkably raised the demand for Infrastructure
as a Service (IaaS). According to Research and Market, the global cloud computing market
size in 2020 is 371.4 billion USD and should reach 832.1 billion by 2025. This clearly shows
the importance of cloud computing during this digital age.
With new technology comes new risks and issues, the problem of Cloud security has
become a major challenge of cloud computing. To prevent such issue, many solutions are
131
- introduced by IT workers (Subashini & Kavitha, 2011). In this paper, Cloud computing basic
information will be mentioned, following with the security risks cloud computing possesses
and then possible solutions will be presented before we conclude the paper.
II. Cloud computing, Cloud security risks and solution
A. Definition
1. Cloud computing
Cloud computing or cloud is referred to deliver possibly on-demand network, which
operates from applications to store data and processing power. People access to cloud
computing through the Internet and have a pay for their business. With an invention of cloud
computing, users no longer spend a huge amount of money getting their own computing
infrastructure of data centers, instead, they might rent cloud computing (CC) provider
applications to store their data on the Internet. In addition, the benefit of cloud computing is
that we can use our information every time and everywhere on the Internet without carrying a
hardware disk or settling work on computing infrastructure at the office (Steve R., 2018).
Therefore, since the beginning of cloud computing, it has been attracting many attention
in both the industrial field and the academic field because of its convenience (M. Sadiku & S.
Musa & O. Momoh, 2014).
Clouds nowadays are so familiar for the people in their daily life, which most of which
is not recognized by the users. Some typical examples of cloud computing are iCloud, Office
365, Google Drive or Dropbox,… Certainly, cloud computing is a big leap for IT
(Information of Technology) as this new-born network model has drastically changed the way
we conceive networking today.
132
- The cloud system can be dived into front-end and backend. The frontend helps the user
to access a data stored in the cloud using an internet browser or a cloud computing software
while the backend comprise of servers, computers, databases, and central servers - the
primary component of cloud computing, responsible for securely storing data and
information.
Fig. 1. Public Cloud Adoption for Enterprises
2. Security information
Security information is a common problem for all operational system, security within
cloud computing happens expectably (2015). The term “cloud security” refers to discipline of
policies, controls, procedures and technologies for protecting cloud based-system,
applications, data and information. These used solutions are to protect data, regulatory fidelity
and importantly clients’ privacy while backup rules for individual users and devices as well.
Running cloud security shall be a co-operation between the cloud owner and solution provider
to get the most effective cloud protection (Cyber Edu, 2020).
The measures for security issue are flexible depending on the various types of cloud
computing, with an attempt to bring the best solutions for each characteristic (Mall & Grance,
2011). Clouds are deployed using varying deployment methods which are broken into three
primary types of cloud environments: public, private, hybrid and community clouds (2015).
133
- 3. Types of cloud computing
Cloud
computing
Public Private Hybrid Community
cloud cloud cloud cloud
Fig. 2. Cloud computing deployment method
3.1 Public cloud
This term is easily understood that the service is hosted by third-party cloud service
provider such as a government, organization or companies and is allowed to be used freely
by the public (Mall & Grance, 2011). The management and maintenance of a public cloud is
entirely dependent on this third-party provider, with the responsibility of keeping the data of
their customers safe and secure. One of the obvious benefits of using a public cloud is the
reduction of maintenance cost for a data center.
3.2 Private cloud
A private cloud is ordinarily involved and accessible to only an organization, the
provider is its own organization or third-party (Mall & Grance, 2011). This is known as an
internal or enterprise cloud, typically located on a company’s data center, or its intranet. One
special feature of this type is that they are unlikelihood to approach violations, social
engineering and other exploits (Beyond Trust, 2020). However, opposite to the public cloud, a
private cloud requires management, maintenance and updating of data centers and in the long
run, the costs of replacing old servers would be moderately high.
3.3 Hybrid cloud
Hybrid cloud is described as a combination of public and private clouds which all
remain unique components from both types (Mall & Grance, 2011). The users have more
right to examine their data than usually utilizing public cloud. On the other hand, they still
may access to scalability and the benefits as wanted (Beyond Trust, 2020). According to a
report in 2019, enterprises using hybrid cloud grew from 58% to 51% in a year. This is due to
its combined advantages between public and private clouds such as improvement of security,
risk management and reduction of costs.
3.4 Community cloud
134
- Community cloud is an infrastructure for a community from different organizations
sharing common perception. This is operated by organization themselves or third-party.
Additionally, this service may be setup either inside or outside the CSP ( Cloud Service
Provider) (Srinivasan, Sarukesi, Rodrigues, Manoj, & Revathy, 2012). Taking advantage of
that, the cloud users pursue exploiting economies which reducing cost associated with private
and hybrid clouds, and the risks of public clouds (Boampong & Wahsheh, 2012).
4. Service Models
While considering cloud security from cloud environments, the cloud-based security
applies to service model environments (Beyond Trust, 2020). Service models or SPI
(software, platform and infrastructure) provide various services to the users (Ali, Mazhar,
Samee U. Khan, & Athanasios V. Vasilakos, 2015), moreover, each deployment characteristic
can use service model as well (Cloud Security Alliance, 2011).
Service Model
IaaS
PaaS
SaaS
Fig. 3. Cloud computing Service Model
4.1 Infrastructure as a Service
Infrastructure as a Service or “IaaS” is defined as a service offered infrastructure
solutions. One essential advantage of this service is the ability of allowing the costumer to
pay base on how much storage they use and to freely customize after hiring the infrastructure
(Srinivasan, Sarukesi, Rodrigues, Manoj, & Revathy, 2012). The responsibility of managing
the infrastructure belongs to the provider. This service, known for its evolutionary hosting
service, does not depend on any long term commitment and grant the users freedom of
managing the resources on demand. Similar to a data center, the host will supply the network
access, routing services and storage as well as offering the hardware, administrative services,
and the platform for the user to run their application.
4.2 Platform as a Service
135
- This service provides tools and computing infrastructure that can be used when
building, running web applications and distribution (Srinivasan, Sarukesi, Rodrigues, Manoj,
& Revathy, 2012). PaaS (Platform as a Service) fundamentally backups developers, develop
team and operations to establish a program (Beyond Trust, 2020). This means the platform is
provided while the customer can upload, run their codes and start their application.
4.3 Software as a Service
Abbreviated to “SaaS”, this service consists of instant applications and the underlying
database hosted by a third-party, delivered as a software services over a web browser
(Srinivasan, Sarukesi, Rodrigues, Manoj, & Revathy, 2012). One thing taken into
consideration is that SaaS makes no plea for deploying applications on end-user devices.
Furthermore, any customers can access to the web browser and utilize its information
(Beyond Trust, 2020). All the responsibility lies on the provider, while the costumer buy for
the finished product and application.
B. The issues in cloud computing security and solutions
The development speed of cloud computing is astonishing, which leads to an increasing
number of organizations and individuals utilizing its beneficial functions (A.Rot., 2017).
However, it is unavoidable that several risks are able to emerge from this new technology and
one of the most significant obstacles that needs to be dealt with is security risk (KPMG’s
2010, cloud computing survey). According to K.Djemame, risks of cloud computing are the
unwanted incidents and consequences for particular assets and the level of the risks is
determined by the value of the raised or the possibility of that risks. Since the cloud is a
brand-new computing paradigm, the issues regarding its security will be focused on by two
parties: the Cloud Consumer and the Cloud Service Provider (CSP). Moving confidential data
and critical application away from the data centers is literally a risky decision for
organizations. Therefore, to extenuate these concerns, the CSP must assure that the users can
have security and privacy controls over their applications and services. Furthermore, they are
required to bring evidence to prove that the organization of the consumer is greatly secured,
meeting their service level of agreement from the customers (Rittinghouse, J and Ransome, J,
2009).
To achieve a broad overview about risks of cloud security, this research will focus on
both Cloud consumer and CSP orientation of cloud security. There are 5 primary categories of
security risk: Physical Security, Data Security & Privacy, Technological, Organizational and
Compliance & Audit. Some of the most commonly faced problems, referred to as the main
risks are the first three categories due to the majority of customers using cloud services for
business purposes only (A.Rot., 2017).
136
- 1.Risks and solutions from Cloud Provider Perspective
1.1 Physical Security
Physical security is designed to avoid unauthorized access to the cloud facilities,
equipment and resources and to prevent personnel and properties from attackers such as
espionage, theft, or terrorist attacks (“Field Manual 3-19.30: Physical Security.”
Headquarters, United States Department of Army, 2001). In detail, CSP deals with the risks in
data location and data center which means they are responsible for guaranteeing the secure
operation of the cloud data center in order to provide an ensured physical location for
customer’s data (Julisch, K and Hall, M., 2010). Moreover, secure operation of infrastructures
including servers, networks and storage devices is also required. This can be achieved by
having the appropriate physical security of interdependent systems, namely staff training,
physical location security, network firewalls for denial of service attacks (DoS), and other
deterrent systems. Addressing this problem is crucial since the physical system being
vulnerable will lead to attackers or hackers able to stole the entire server, even with the
protection of firewalls and encryption (Julisch, K and hall, M., 2010). Moreover, the
providers bear both responsibility for storing and processing data within jurisdictions and
complying with privacy regulations as well (Kumar, Ashish, 2012).
1.2. Data Security and Privacy
The method of maintaining confidential and secure data for users from unauthorized
approach as well as anonymous or unintentional changes is truly not an easy task. One major
issue in securing and privatizing user data is the lack of the overall control of it (Chen &
Zhao, 2012). Basically, when providing users with cloud services, it can be divided into three
types of services which are IaaS, PaaS and SaaS. Noticeably all of the services have their data
stored in the cloud, rather than on a local hard drive for example the Amazon Simple Storage
Service. Thus, to protect the data in the cloud, encryption is utilized to minimize the risk of
137
- private data becoming public (Behl & Behl, 2012). For further information, CSP assure data
integrity, privacy and availability by proving encryption schema and scheduled data backups
(Harauz, J, Kauifman, M and Potter, B., 2009). They also adopt added solutions to ensure
data security that involve the strong technological encryption and reinforce authorization to
control customer’s access to data (Subashini, S and Kavitha, .V, 2011). Providers hold more
responsible for the privacy and security of data and applications services in public than in
private clouds (Takabi, H and Joshi, James.B.D, 2010). However, the key issue lies on
management which ideally belongs to the owners. Due to the shortage of expertise needed to
manage their encryption, CSP has to solve this problems. Unfortunately, managing a huge
number of keys for service provider is a strenuous challenge to handle (Chen & Zhao, 2012 &
Rahul, S, Sharda and Dr. Rai, 2013). The tasks for providers are processing, transferring and
storing data (Hashizume, K., Rosado, D.G, Medina, E.F and Fernandez, E., 2013). Aside from
these, users have no permission to modify physical security system in data center whose task
is for the infrastructure provider. It may leads to a security breach as there can be no absolute
certainty that the data is interfered with or not. This concern is legitimate due to the fact that
the CSP is the only party that can control the security settings remotely (Reddy, V.K.,
Thirumala, R.B, Dr. Reddy, L.S.S and Sai Kiran, 2013).
For storing data in PaaS or SaaS, encryption seems to not be a potential solution
because the data which are stored in applications are not feasible to be decrypted and
encrypted in each computing tasks (Chen & Zhao, 2012). Therefore, measure similar to
encryption is not usually considered to tackle security problems though it is possible to
perform some computing tasks, it is unsuitable for most model services (Tari, 2014).
Cloud databases 2018
Encrypted
49% 51%
Unencrypted
Fig. 4. Cloud Databases in 2018
Identity and Access Management (IAM):
IAM helps the providers to increase operational efficiency, regulatory obedience
138
- through managing core security issues, automatic provisioning, authentic and authorized
services. In Dervki’s study, he suggested that the concerns are solved by exerting various
techniques (such as single sign-on, federated identity of users, controlled list, guiding based
service, etc.) (Khajeh- Hosseini, A, Ian Sommerville, Bogaeert, J and Teregowda, P., 2011).
To deny unauthorized access, it is advised that the CSP should implement strict regulatory
mechanism, control and monitor administrative access (Harauz, J, Kauifman, M and Potter,
B., 2009). In terms of the issue of jurisdiction and privacy in general, it also raises several
concerns since the users’ confidential data may be outsourced to cloud, including secure and
reliable data access which is certainly critical. This will significantly affect the policy of cloud
providers (Pal, D., Krishna, R., Srivastava, P. and Kumar, S., 2012). The measure is to
encrypt data in varying manner, and allow corresponding decryption to only authorized
customers, which leads to some drawbacks in loss and scalability (Ren, K., wang, C. and
Wang, Q, 2012).
Multi-tenancy:
This is a crucial attribution of the cloud by adding the use of underlying hardware
resources and letting adequate resource to provision. Multi-tenancy security is a drastic
challenge for the CSP (Ren, K., Wang, C. and Wang, Q., 2012). The CSP have a duty of
protecting isolated boundary for each user at both physical and application levels (Subashini,
S and Kavitha, V., 2011). Most of the service providers employ virtualization to maximize the
volume of using hardware (Pearson, S. and Benameur, A., 2010). At once, attackers take this
advantage of approaching the host to extract information from the database (Hashizume, K.,
Rosado, D.G, Medina, E.F and Fernandez, 2013). Certainly, the providers should add some
mechanism for guarantee of data isolation (Ayala, L.C., Vega, M. and Vagas, L.M., 2013).
- Data Availability and Backup:
It is a tough mission for the CSP to maintain data availability and backup in the cloud
since the data is managed distantly (Pearson, S. and Benameur, A., 2010). In cloud
environments, there are multiple threats, comprising the availability of cloud computing
services (Chen & Zhao, 2012). This must be solved by an agreement between users and CSP
to specification relating to system availability (Zissis & Lekkas, 2012). With availability, it is
important to keep a local backup that user stores in the cloud. Unavoidably, security against
data loss occurs from the utility of backups. When a risk occurs, both user and data owner
should be held responsible, with no relation to the CSP. For CSP, they improve the
technology to support reliable backups, assure that backups are being operated and stored in
safe manner. They solely have a duty when faulty backups happen unexpectedly (Khalil,
Khreishah, Bouktif, & Ahmad, 2013).
139
- 1.3. Technical risks:
Technical risks are the failures in the technologies and services provided the CSP.
These types of threats in the cloud consists of resource sharing isolation problems, malicious
attacks associated with portability and inter-operability (Rana, S. and Joshi, P. K, 2012).
These issues emerge due to the poor maintenance of hardware, unresponsive system, and
mitigation of availability and hardware failure (Djememe, K, Armstrong, D., 2011). With
portability in the cloud, inter-operability is for incompatibilities among CSP platforms. The
suggested solution is using the cloud middleware (or public/ private cloud) which acts as an
intermediary between networks and applications much like between server and customers.
Another risk is service interruption at the provider side which results in outages, inaccessible
services or loss of data. In the authors’ point of view, they recommended using multiple cloud
providers and monitor applications outside the cloud that users have been exerting (Khajeh-
Hosseini, A, Ian Sommerville, Bogaerts, J and Teregowda, P., 2011). Last but not least, the
lack of interoperability standards comes into any cloud computing. What makes this issue
more difficult to create a suitable security function is that there is no firm communication and
data export concept between and within CSP (Pearson, S. and Benameur, A., 2010). Thus, an
acceptation of general standards is considered to guarantee inter-operability among providers
(Harauz, J, Kauifman, M and Potter, B., 2009)
2. Risks from cloud customer perspective
2.1 Physical security
When the CSP store data redundantly in several physical locations, the data location is
not disclosed to their customers. As a consequence, the users find it difficult to figure out if
appropriate security solutions are the same as their secure data (21). The customers cannot
handle the downtime of the cloud computing when it runs ineffectively because of CSP
machines. This can cause troubles to the users and immensely discourages them to continue
with the cloud (34)
2.2 Data security, privacy & control risks
- User Access Control:
User access control is an important part of any information system which ensures only
authorized users have the right to access the applications and data storage (Sabahi, 2011). The
customers have a full responsibilities for all software security controls, including application
access control, IAM, software patching, and virus protection (24). Depending on the types of
the cloud service, users take different responsibilities. In SaaS, the customers assures that
only intended users gain the right to access by controlling passwords and internal
resemblance. With regard to PaaS model, customers are responsible for managing access to
140
- particular application hosted by the provider. Towards IaaS model, the users must monitor all
aspects of access control, even resources namely host platform and network, etc. Moreover,
they must guarantee their virtual machines and stored data as well (Sabahi, 2011).
- Data privacy and security:
One of the most concerned problems for the end-users is how to manage privacy and
protection of their data from the CSP so as to assure that storage is not compromised. But in
some cases, the customers have a duty in monitoring their confidential and safe data even
while it resides on provider premises (15). When the cloud service losses encryption key or
privileged codes, it leads a threating issue to cloud users (36). The consumers will deal with
the damage of data loss and accidental leakage of data outside the cloud because of a loss of
cryptographic management information (24). Unfortunately, the CSA (Cloud Security
Alliance) predicts that preventing data loss does not submerge entirely. Even if a user
encrypts data before moving it in the cloud or lost the encryption keys, loss data will occur
(30).
- Data Segregation and Secure Data Deletion:
In terms of data segregation, the responsibility of the customers is to find out the
technical methods to isolate data, additionally to the guarantee that the encryption schemes
are productive enough to provide security and are deployed (29). However, deploying
encryption should not be suggested as sole measure since in specific situations, the users do
not want to encrypt data in which it may ruin the data (23). Regarding data deletion, it occurs
with error free and timely data deletion. This results in adding copies of data in various
locations or the disk including data from other clients is destroyed (19). This data is destroyed
completely as it is expired to utilize. With physical characteristics of storage medium, the
deleted data somehow exists or is stored which poses another risk of sensitive data disclosure
(11).
- Data Availability, Loss of Control and Backup:
When user data is uploaded to the cloud, the data on the cloud are not in their complete
possession anymore. Thus, personal data and information from clients can possibly be lost or
hacked without the chance of getting the original data back (31). Though it must be fixed by
the service providers, the users along with the CSP need to agree with particular specification
regarding system availability (Zissis & Lekkas, 2012).
A larger part of data availability is the loss of control which refers to the user not being
able to access to the physical hardware being used. The most basic step to avoid this problem
is evaluating the stored data in the cloud whether it is risky or not by previous violation
agreements with cloud owners (Zissis & Lekkas, 2012) (Al-anzi, Salman, Jacob & Soni,
141
- 2014). If sensitive data is seen as violation of data privacy owing to loss of control, customer
had better consider to place their storage and processing. Besides, it is essential to pick up a
trustworthy cloud service provider and carefully evaluate cloud service security solutions
(Xiao & Xiao, 2013). Another loss of control for the user is the fact that the service provider
could gain access to user’s stored data. The solutions are many but no single solution can
fully prevent malicious administrators from reading and manipulating the data. The first
solution is to never give the provider further privilege than they basically possess in order to
prevent an individual from controlling all data and functions (Varadharajan & Tupakula,
2014). The second solution is encrypting all data in the cloud though it is not feasible to
encrypt a huge quantity of data from a performance standpoint. The alternative is to conduct
some computing tasks without decryption, granting the cloud owner much more control of
data (Tari, 2014).
Eventually, assuring data counteracting data loss is by carrying out backups. For the
users, remaining a local backup (hardware storage) of everything in the cloud is the most
effective measure. Nevertheless, there is an obstacle to consider that it is relatively not saving,
go against the purpose of the cloud that store user’s data and information (Khalil, Khreishah,
Bouktif, & Ahmad, 2013).
2.3 Technical risks
Aside from private, secure and physical risks, there are still threats relating to technical
problem naturally (Grobauer, Walloschek, & Stocker, 2011). According to K. Popovic and
Z.Hocenski, the portability emerges as the user want to change from one provider to another
because the storage service from this provider might not compatible with that provider’s
service system (32). A drastically risk is a denial of service attack using account lockouts. The
moment that an authorized user locks account due to a failure of login attempts the hackers
will deny service to a large number of users if they get their account names by login with
username and arbitrary password to lock account (Grobauer, Walloschek, & Stocker, 2011).
Regarding the above issue a weak password reset mechanisms are described as a
technical risk. One benefit is that they can regain access by resetting the password from
locking out the account. But this brings a trouble of loss control, except this must be
conducted in safe manners otherwise the attackers could gain control of account from the user
(Grobauer, Walloschek, & Stocker, 2011).
While potential solution is launched such as more secure password reset mechanism, a
clear policy that authorized users legitimately take their account back in case of a lockout. In
detail, this specifies that the users need to identify themselves before resetting password and
who can manage the password reset function. Only a trustworthy entity at organization using
cloud have the privilege of identifying users requesting their password reset and approving
142
- the reset (Grobauer, Walloschek, & Stocker, 2011).
III. Conclusion
The popularity of cloud computing is undeniable. Despite the large number of
advantages in using cloud computing, the security threats in the sharing of resources is still
one of the biggest security worries of the model. It is of great importance that consumers must
be aware of the risks and issues in cloud computing as well as the service provider should
inform their customers the level of security that they provided beside the pros and cons of
their deployment models. Furthermore, new security techniques should always be developed
for the methods of attacks are always changing.
REFERENCES
[1]Advances in Computing, Communications and Informatics (pp. 470–476). New
York, NY,
[2]Ahmad, T, Amanul, H, M, Al-Nafjan, K, Ansari, A.: Development of Cloud
Computing and Security Issues. Information and Knowledge Management. 3(1) (2013).
www.iiste.org
[3]AlZain, M. A., Pardede, E., Soh, B., & Thom, J. A. (2012). Cloud Computing
Security: From Single to Multi-clouds. In 2012 45th Hawaii International Conference on
System Science (HICSS) (pp. 5490–5499). http://doi.org/10.1109/HICSS.2012.153
[4]Argall, K.: Compliance in a Cloud Computing Environment. HIPAA and PCI DSS.
(2010)
[5]Ayala, L.C., Vega, M. and Vargas, L.M.: Chapter 4: Cloud Computing Innovations
and Advances in Computer, Information, Systems Sciences, and Engineering, LNEE (2013)
[6]Behl, A., & Behl, K. (2012). An analysis of cloud computing security issues. In 2012
World Congress on Information and Communication Technologies (WICT) (pp. 109–114).
http://doi.org/10.1109/WICT.2012.6409059
[7]Beyond Trust, Cloud Security/Cloud Computing Security (2020).
https://www.beyondtrust.com/resources/glossary/cloud-security-cloud-computing-security
[8]Bisong, A and Rahman, S.M.: An Overview of The Security Concerns in Enterprise
Cloud Computing. International Journal of Network Security & Its Applications. 3(1) Jan
(2011)
[9]Boampong, P. A., & Wahsheh, L. A. (2012). Different Facets of Security in the
Cloud.
[10] Chen, D., & Zhao, H. (2012). Data Security and Privacy Protection Issues in Cloud
Computing. In 2012 International Conference on Computer Science and Electronics
143
- Engineering (ICCSEE) (Vol. 1, pp. 647–651). http://doi.org/10.1109/ICCSEE.2012.193
[11] Computing and Services Science (IJ-CLOSER). 1(2) June (2012)
[12] Cyber Edu,What is Cloud Security. https://www.forcepoint.com/cyber-edu/cloud-
security
[13] Djemame, K, Armstrong, D.:Risk Assessment Framework and Software Toolkit for
Cloud
[14] Environments. Published In: Security and Privacy, IEEE. 8(6). 24-31 Dec (2010)
[15] Flexera (2019) RightScale 2019 State of the Cloud Report from Flexera.
https://www.flexera.com/2019-cloud-report
[16] Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding Cloud
Computing Vulnerabilities. IEEE Security Privacy, 9(2), 50–57.
http://doi.org/10.1109/MSP.2010.115
[17] Harauz, J, Kauifman, M and Potter, B.: Data Security in the world of cloud
computing. Security & Privacy, IEEE. 7(4). 61-64 (2009)
[18] Hashizume, K., Rosado, D.G, Medina, E.F and Fernandez, E.: An analysis of
security issues for cloud computing. Journal of Internet Services and Applications 4(5)
(2013).
[19] Julisch, K and Hall, M.: Security and Control in the Cloud. Information Security
Journal: A Global Perspective. 299-309 (2010)
[20] Julisch, K and Hall, M.: Security and Control in the Cloud. Information Security
Journal: A Global Perspective. 299-309 (2010)
[21] Kelly Sheridan (2018) 49% of Cloud Databases Left Unencrypted.
https://www.darkreading.com/perimeter/49--of-cloud-databases-left-unencrypted/d/d-
id/1333462
[22] Khajeh- Hosseini, A, Ian Sommerville, Bogaerts, J and Teregowda, P.: Decision
Support Tools for Cloud Migration in the Enterprise. IEEE CLOUD 2011. Nov (2011).
[23] Khalil, I. M., Khreishah, A., Bouktif, S., & Ahmad, A. (2013). Security Concerns
in Cloud Computing. In 2013 Tenth International Conference on Information Technology:
New Generations (ITNG) (pp. 411–416). http://doi.org/10.1109/ITNG.2013.127
[24] Kumar, Ashish.: World of Cloud Computing & Security. International Journal of
Cloud
[25] Kumar, V, Swetha, M.S.: Cloud Computing: Towards Case Study of Data Security
Mechanisms. International Journal of Advanced Technology & Engineering Research
2(4)(2012).
144
- [26] Lee, K.: Security Threats in Cloud Computing Environments. International Journal
of Security and Applications. 6(4). Oct (2012). Cloud Security Alliance CSA: The Notorious
Nine Cloud Computing Threats 2013 (2013).
[27] M. Sadiku, S. Musa, O. Momoh, Cloud computing: opportunities and challenges,
IEEE Potentials 33 (1) (2014) 34–36
[28] Mell, P., Grance, T. (2011). The NIST definition of Cloud Computing. (Artikelnr
800-145).
[29] National Institute of Standards and Technology. Retrieved 10 february, 2015,
fromhttp://www.nist.gov/itl/cloud/
[30] Pal, D., Krishna, R., Srivastava, P. and Kumar, S.: A Novel Open Security
Framework for Cloud Computing. Int Journal of Cloud Computing and Services Science 1(2)
(2012).
[31] Pearson, S. and Benameur, A.: Privacy, Security and Trust Issues Arising from
Cloud Computing. 2nd Int Conference on Cloud Computing Technology and Science. (2010)
[32] Peiyu, L, and Dong, L.: Risk Assessment Model for Information System in Cloud
Computing Environment. Advanced in Control Engineering and Information Science. V.15
(2011)
[33] Present Cloud Computing Environment. In Proceedings of the International
Conference on
[34] Proceedings of the 15th Communications and Networking Simulation Symposium
(pp. 5:1–5:7). San Diego, CA, USA: Society for Computer Simulation International.
Retrieved from http://dl.acm.org/citation.cfm?id=2331762.233176
[35] Rahul, S, Sharda and Dr. Rai, J.K.: Security & Privacy Issues In Cloud Computing.
International Journal of Engineering Research & Technology (IJERT). 2(3). March – 2013
[36] Rana, S. and Joshi, P. K.: Risk Analysis in Web Applications by Using Cloud
Computing. International Journal of Multidisciplinary Research. Vol. 2 Jan (2012).
[37] Reddy, V.K., Thirumala, R.B, Dr. Reddy, L.S.S and Sai Kiran.: Research Issues in
Cloud Computing. Global Journal of Computer Science and Technology. 11(11). July (2011).
[38] Ren, K., Wang, C. and Wang, Q.: Security Challenges for the Public Cloud. Journal
of Internet Computing IEEE. 16(1) (2012)
[39] Rittinghouse, J and Ransome, J.: Security in the Cloud: Cloud Computing.
Implementation, Management, and Security (1st ed.). CRC Press (2009)
145
nguon tai.lieu . vn