Automated verification of virtualized infrastructures
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
SPICE: simple privacy-preserving identity-management for cloud environment
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
A framework for preservation of cloud users' data privacy using dynamic reconstruction of metadata
Journal of Network and Computer Applications
Secure cloud maintenance: protecting workloads against insider attacks
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Verifying cloud services: present and future
ACM SIGOPS Operating Systems Review
Client-controlled cryptography-as-a-service in the cloud
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Hi-index | 0.00 |
Cloud Computing is a recent paradigm that is creating high expectations about benefits such as the pay-per-use model and elasticity of resources. However, with this optimism come also concerns about security. In a public cloud, the user's data storage and processing is no longer done inside its premises, but in data centers owned and administrated by the cloud provider. This may be a concern for organizations that deal with critical data, such as medical records. We show that a malicious insider can steal confidential data of the cloud user, so the user is mostly left with trusting the cloud provider. The paper achieves this goal by showing a set of attacks that demonstrate how a malicious insider can easily obtain passwords, cryptographic keys, files and other confidential data. Additionally, the paper shows that recent research results that might be useful to protect data in the cloud, are still not enough to deal with the problem. The paper is a call to arms for research in the topic.