Secure Cloud Computing

1. Front Matter

   Pages i-xii

   PDF

2. Cryptographic Key Management Issues and Challenges in Cloud Services

   • Ramaswamy Chandramouli, Michaela Iorga, Santosh Chokhani

   Pages 1-30

3. Costs and Security in Clouds

   • Yao Chen, Radu Sion

   Pages 31-56

4. Hardware-Enhanced Security for Cloud Computing

   • Jakub Szefer, Ruby B. Lee

   Pages 57-76

5. Cloud Computing Security: What Changes with Software-Defined Networking?

   • Maurício Tsugawa, Andréa Matsunaga, José A. B. Fortes

   Pages 77-93

6. Proof of Isolation for Cloud Storage

   • Zhan Wang, Kun Sun, Sushil Jajodia, Jiwu Jing

   Pages 95-121

7. Selective and Fine-Grained Access to Data in the Cloud

   • Sabrina De Capitani di Vimercati, Sara Foresti, Pierangela Samarati

   Pages 123-148

8. Enabling Collaborative Data Authorization Between Enterprise Clouds

   • Meixing Le, Krishna Kant, Sushil Jajodia

   Pages 149-169

9. Making Query Execution Over Encrypted Data Practical

   • Ken Smith, M. David Allen, Hongying Lan, Andrew Sillers

   Pages 171-188

10. Privacy-Preserving Keyword Search Over Encrypted Data in Cloud Computing

    • Wenhai Sun, Wenjing Lou, Y. Thomas Hou, Hui Li

    Pages 189-212

11. Towards Data Confidentiality and a Vulnerability Analysis Framework for Cloud Computing

    • Kerim Y. Oktay, Mahadevan Gomathisankaran, Murat Kantarcioglu, Sharad Mehrotra, Anoop Singhal

    Pages 213-238

12. Securing Mission-Centric Operations in the Cloud

    • Massimiliano Albanese, Sushil Jajodia, Ravi Jhawar, Vincenzo Piuri

    Pages 239-259

13. Computational Decoys for Cloud Security

    • Georgios Kontaxis, Michalis Polychronakis, Angelos D. Keromytis

    Pages 261-270

14. Towards a Data-Centric Approach to Attribution in the Cloud

    • Wenchao Zhou

    Pages 271-301

15. Software Cruising: A New Technology for Building Concurrent Software Monitor

    • Dinghao Wu, Peng Liu, Qiang Zeng, Donghai Tian

    Pages 303-324

16. Controllability and Observability of Risk and Resilience in Cyber-Physical Cloud Systems

    • Hasan Cam

    Pages 325-343

This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters address security issues of the cloud infrastructure. In Chapter 3, Szefer and Lee describe a hardware-enhanced security architecture that protects the confidentiality and integrity of a virtual machine’s memory from an untrusted or malicious hypervisor. In Chapter 4, Tsugawa et al. discuss the security issues introduced when Software-Defined Networking (SDN) is deployed within and across clouds. Chapters 5-9 focus on the protection of data stored in the cloud. In Chapter 5, Wang et al. present two storage isolation schemes that enable cloud users with high security requirements to verify that their disk storage is isolated from some or all other users, without any cooperation from cloud service providers. In Chapter 6, De Capitani di Vimercati, Foresti, and Samarati describe emerging approaches for protecting data stored externally and for enforcing fine-grained and selective accesses on them, and illustrate how the combination of these approaches can introduce new privacy risks. In Chapter 7, Le, Kant, and Jajodia explore data access challenges in collaborative enterprise computing environments where multiple parties formulate their own authorization rules, and discuss the problems of rule consistency, enforcement, and dynamic updates. In Chapter 8, Smith et al. address key challenges to the practical realization of a system that supports query execution over remote encrypted data without exposing decryption keys or plaintext at the server. In Chapter 9, Sun et al. provide an overview of secure search techniques over encrypted data, and then elaborate on a scheme that can achieve privacy-preserving multi-keyword text search. The next three chapters focus on the secure deployment of computations to the cloud. In Chapter 10, Oktay el al. present a risk-based approach for workload partitioning in hybrid clouds that selectively outsources data and computation based on their level of sensitivity. The chapter also describes a vulnerability assessment framework for cloud computing environments. In Chapter 11, Albanese et al. present a solution for deploying a mission in the cloud while minimizing the mission’s exposure to known vulnerabilities, and a cost-effective approach to harden the computational resources selected to support the mission. In Chapter 12, Kontaxis et al. describe a system that generates computational decoys to introduce uncertainty and deceive adversaries as to which data and computation is legitimate. The last section of the book addresses issues related to security monitoring and system resilience. In Chapter 13, Zhou presents a secure, provenance-based capability that captures dependencies between system states, tracks state changes over time, and that answers attribution questions about the existence, or change, of a system’s state at a given time. In Chapter 14, Wu et al. present a monitoring capability for multicore architectures that runs monitoring threads concurrently with user or kernel code to constantly check for security violations. Finally, in Chapter 15, Hasan Cam describes how to manage the risk and resilience of cyber-physical systems by employing controllability and observability techniques for linear and non-linear systems.

• Access control
• assurance
• cloud computing
• privacy
• security

From the book reviews:

“It provides practitioners as well as researchers with an impressive and fascinating state-of-the-art overview of cloud security techniques and approaches. The book is suitable and highly recommended for anyone from graduate students to researchers in the field. I sincerely hope that organizing recent results in cloud computing security in this manner will make these results accessible to a wide audience and prepare future generations of software and hardware developers for the challenges they will face.” (Burkhard Englert, Computing Reviews, September, 2014)

• Center for Secure Information Systems, George Mason University, Fairfax, USA

  Sushil Jajodia, Krishna Kant

• University of Milan, Crema, Italy

  Pierangela Samarati

• Computer Security Division, National Institute of Standards and Technology (NIST), Gaithersburg, USA

  Anoop Singhal

• The MITRE Corporation, McLean, USA

  Vipin Swarup

• Computing and Information Science Division, Information Sciences Directorate, Triangle Park, USA

  Cliff Wang

Policies and ethics