This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Security and Privacy Challenges in Cloud Computing Environments
November/December 2010 (vol. 8 no. 6)
pp. 24-31
Hassan Takabi, University of Pittsburgh
James B.D. Joshi, University of Pittsburgh
Gail-Joon Ahn, Arizona State University
The cloud computing paradigm is still evolving, but has recently gained tremendous momentum. However, security and privacy issues pose as the key roadblock to its fast adoption. In this article, the authors present security and privacy challenges that are exacerbated by the unique aspects of clouds and show how they're related to various delivery and deployment models. They discuss various approaches to address these challenges, existing solutions, and future work needed to provide a trustworthy cloud computing environment.

1. Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1," http://www.cloudsecurityalliance.orgcsaguide.pdf .
2. D. Catteddu and G. Hogben, "Cloud Computing: Benefits, Risks and Recommendations for Information Security," ENISA, 2009; www.enisa.europa.eu/act/rm/files/deliverables/ cloud-computing-risk-assessment/at_download fullReport.
3. P.J. Bruening and B.C. Treacy, "Cloud Computing: Privacy, Security Challenges," Bureau of Nat'l Affairs, 2009; www.hunton.com/files/tbl_s47Details/FileUpload265/ 2488CloudComputing_Bruening-Treacy.pdf .
4. H. Takabi, J.B.D. Joshi, and G.-J. Ahn, "SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments," Proc. 1st IEEE Int'l Workshop Emerging Applications for Cloud Computing (CloudApp 2010), IEEE CS Press, 2010, pp. 393–398.
5. Y. Chen, V. Paxson, and R.H. Katz, "What's New About Cloud Computing Security?" tech. report UCB/EECS-2010-5, EECS Dept., Univ. of California, Berkeley, 2010; www.eecs.berkeley.edu/Pubs/TechRpts/2010 EECS-2010-5.html.
6. E. Bertino, F. Paci, and R. Ferrini, "Privacy–Preserving Digital Identity Management for Cloud Computing," IEEE Computer Society Data Engineering Bulletin, Mar. 2009, pp. 1–4.
7. M. Ko, G.-J. Ahn, and M. Shehab, "Privacy-Enhanced User-Centric Identity Management," Proc. IEEE Int'l Conf. Communications, IEEE Press, 2009, pp. 998–1002.
8. J. Joshi et al., "Access Control Language for Multidomain Environments," IEEE Internet Computing, vol. 8, no. 6, 2004, pp. 40–50.
9. M. Blaze et al., "Dynamic Trust Management," Computer, vol. 42, no. 2, 2009, pp. 44–52.
10. Y. Zhang and J. Joshi, "Access Control and Trust Management for Emerging Multidomain Environments," Annals of Emerging Research in Information Assurance, Security and Privacy Services, S. Upadhyaya, and R.O. Rao eds., Emerald Group Publishing, 2009, pp. 421–452.
11. D. Shin, and G.-J. Ahn, "Role-Based Privilege and Trust Management," Computer Systems Science & Eng. J., vol. 20, no. 6, 2005, pp. 401–410.
12. H. Takabi and J. Joshi, "StateMiner: An Efficient Similarity-Based Approach for Optimal Mining of Role Hierarchy," Proc. 15th ACM Symp. Access Control Models and Technologies, ACM Press, 2010, pp. 55–64.
13. G.-J. Ahn, H. Hu, and J. Jin, "Security-Enhanced OSGi Service Environments," IEEE Trans. Systems, Man, and Cybernetics-Part C: Applications and Reviews, vol. 39, no. 5, 2009, pp. 562–571.
14. L. Teo and G.-J. Ahn, "Managing Heterogeneous Network Environments Using an Extensible Policy Framework," Proc. Asian ACM Symp. Information, Computer and Communications Security, ACM Press, 2007, pp. 362–364.
15. H. Takabi et al., "An Architecture for Specification and Enforcement of Temporal Access Control Constraints using OWL," Proc. 2009 ACM Workshop on Secure Web Services, ACM Press, 2009, pp. 21–28.

Index Terms:
security, privacy, cloud computing
Citation:
Hassan Takabi, James B.D. Joshi, Gail-Joon Ahn, "Security and Privacy Challenges in Cloud Computing Environments," IEEE Security & Privacy, vol. 8, no. 6, pp. 24-31, Nov.-Dec. 2010, doi:10.1109/MSP.2010.186
Usage of this product signifies your acceptance of the Terms of Use.