This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Threat as a Service?: Virtualization's Impact on Cloud Security
January/February 2012 (vol. 14 no. 1)
pp. 32-37
Hsin-Yi Tsai, National Chiao Tung University
Melanie Siebenhaar, Technische Universität Darmstadt
André Miede, Technische Universität Darmstadt
Yu-Lun Huang, National Chiao Tung University
Ralf Steinmetz, Technische Universität Darmstadt

Virtualization is essential to cloud computing, yet its security vulnerabilities in the cloud environment haven't been sufficiently studied. This analysis of cloud security focuses on how virtualization attacks affect different cloud service models.

1. P. Mell and T. Grance, The NIST Definition of Cloud Computing, tech. report, Information Technology Laboratory, National Institute of Standards and Technology, 2009.
2. M. Christodoresch et al., "Cloud Security Is Not (Just) Virtualization Security: A Short Paper," Proc. 2009 ACM Workshop on Cloud Computing Security (CCSW 09), ACM Press, 2009, pp. 97–102.
3. B. Grobauer, T. Walloschek, and E. Stöcker, "Understanding Cloud-Computing Vulnerabilities," IEEE Security and Privacy, vol. 9, no. 2, 2011, pp. 50–57.
4. T. Garfinkel and M. Rosenblum, "When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments," Proc. 10th Workshop on Hot Topics in Operating Systems (HotOS 05), USENIX Assoc., 2005.
5. D. Hyde, A Survey on the Security of Virtual Machines, project report, Apr. 2009; http://www1.cse.wustl.edu/~jain/cse571-09/ ftp/vmsecindex.html.
6. K. Owens, "Securing Virtual Computer Infrastructure in the Cloud," white paper, Savvis Communications Corp., 2009.
7. A. Jasti et al., "Security in Multi-Tenancy Cloud," Proc. IEEE Int'l Carnahan Conf. Security Technology (ICCST 10), IEEE Press, 2010, pp. 35–41.
8. T. Ristenpart et al., "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds," Proc. 16th ACM Conf. Computer and Communications Security (CCS 09), ACM Press, 2009, pp. 199–212.
9. J. Oberheide, E. Cooke, and F. Jahanian, "Empirical Exploitation of Live Virtual Machine Migration," Proc. Black Hat DC 2008 Convention, 2008; www.net-security.org/dl/articlesmigration.pdf .
1. K. Popovic and Z. Hocenski, "Cloud Computing Security Issues and Challenges," Proc. 33rd Int'l Convention on Information and Comm. Technology, Electronics and Microelectronics (MIPRO 10), IEEE Press, 2010, pp. 344–349.
2. S. Ramgovind, M.M. Eloff, and E. Smith, "The Management of Security in Cloud Computing," Proc. Information Security for South Asia (ISSA 10), IEEE Press, 2010, pp. 1–7.
3. H. Takabi, J.B.D. Joshi, and G.-J. Ahn, "SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments," Proc. 2010 IEEE 34th Ann. Computer Software and Applications Conf. Workshops, IEEE Press, 2010, pp. 393–398.
4. S. Subashini and V. Kavitha, "A Survey on Security Issues in Service Delivery Models of Cloud Computing," J. Network and Computer Applications, vol. 34, no. 1, 2010, pp. 1– 11.
5. M. Zhou et al., "Security and Privacy in Cloud Computing: A Survey," Proc. 6th Int'l Conf. Semantics, Knowledge and Grids, IEEE Press, 2010, pp. 105–112.
6. T. Ristenpart et al., "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds," Proc. 16th ACM Conf. Computer and Communications Security (CCS09), ACM Press, 2009, pp. 199–212.
7. B. Grobauer, T. Walloschek, and E. Stöcker, "Understanding Cloud-Computing Vulnerabilities," IEEE Security and Privacy, vol. 9, no. 2, 2011, pp. 50–57.
8. M.A. Morsy, J. Grundy, and I. Müller, "An Analysis of the Cloud Computing Security Problem," Proc. 17th Asia Pacific Software Eng. Conf. 2010 Cloud Workshop (APSEC 10), IEEE Press, 2010.

Index Terms:
Internet, security, cloud computing, vulnerabilities, virtualization, information technology
Citation:
Hsin-Yi Tsai, Melanie Siebenhaar, André Miede, Yu-Lun Huang, Ralf Steinmetz, "Threat as a Service?: Virtualization's Impact on Cloud Security," IT Professional, vol. 14, no. 1, pp. 32-37, Jan.-Feb. 2012, doi:10.1109/MITP.2011.117
Usage of this product signifies your acceptance of the Terms of Use.