{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T10:22:59Z","timestamp":1770200579053,"version":"3.49.0"},"publisher-location":"Singapore","reference-count":22,"publisher":"Springer Singapore","isbn-type":[{"value":"9789811904677","type":"print"},{"value":"9789811904684","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-981-19-0468-4_13","type":"book-chapter","created":{"date-parts":[[2022,2,25]],"date-time":"2022-02-25T14:02:47Z","timestamp":1645797767000},"page":"171-188","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["A Large-Scale Study on the Security Vulnerabilities of Cloud Deployments"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1867-1542","authenticated-orcid":false,"given":"Andrei-Cristian","family":"Iosif","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1462-6701","authenticated-orcid":false,"given":"Tiago Espinha","family":"Gasiba","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1518-4730","authenticated-orcid":false,"given":"Tiange","family":"Zhao","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4286-3184","authenticated-orcid":false,"given":"Ulrike","family":"Lechner","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2725-7629","authenticated-orcid":false,"given":"Maria","family":"Pinto-Albuquerque","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,2,26]]},"reference":[{"key":"13_CR1","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1007\/978-3-319-67074-4_47","volume-title":"Computational Collective Intelligence","author":"AP Achilleos","year":"2017","unstructured":"Achilleos, A.P., Georgiou, K., Markides, C., Konstantinidis, A., Papadopoulos, G.A.: Adaptive runtime middleware: everything as a service. In: Nguyen, N.T., Papadopoulos, G.A., Trawi\u0144ski, B., Vossen, G. (eds.) ICCCI 2017. LNCS (LNAI), vol. 10448, pp. 484\u2013494. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-67074-4_47"},{"key":"13_CR2","unstructured":"Cloud Security Alliance: Cloud Controls Matrix (2021). https:\/\/cloudsecurityalliance.org\/artifacts\/cloud-controls-matrix-v4\/"},{"key":"13_CR3","unstructured":"Common Weakness Enumeration: Exposure of Sensitive Information to an Unauthorized Actor (2021). https:\/\/cwe.mitre.org\/data\/definitions\/200.html"},{"key":"13_CR4","doi-asserted-by":"publisher","unstructured":"Duan, Y., Fu, G., Zhou, N., Sun, X., Narendra, N.C., Hu, B.: Everything as a service (XaaS) on the cloud: origins, current and future trends. In: 2015 IEEE 8th International Conference on Cloud Computing, pp. 621\u2013628 (2015). https:\/\/doi.org\/10.1109\/CLOUD.2015.88","DOI":"10.1109\/CLOUD.2015.88"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Espinha Gasiba, T., Andrei-Cristian, I., Lechner, U., Pinto-Albuquerque, M.: Raising security awareness of cloud deployments using infrastructure as code through CyberSecurity challenges. In: The 16th International Conference on Availability, Reliability and Security, pp. 1\u20138 (2021)","DOI":"10.1145\/3465481.3470030"},{"key":"13_CR6","unstructured":"Federal Office for Information Security: Security Recommendations for Cloud Computing Providers - Minimum information security requirements. White Paper (2011). https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/CloudComputing\/SecurityRecommendationsCloudComputingProviders.html"},{"key":"13_CR7","unstructured":"Federal Office for Information Security: OPS.2: Cloud-Nutzung. White Paper (2021). https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Grundschutz\/Kompendium_Einzel_PDFs_2021\/04_OPS_Betrieb\/OPS_2_2_Cloud-Nutzung_Edition_2021.pdf?__blob=publicationFile&v=2"},{"key":"13_CR8","unstructured":"Federal Office for Information Security: Sichere Nutzung von Cloud-Diensten. White Paper (2021). https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Publikationen\/Broschueren\/Sichere_Nutzung_Cloud_Dienste.pdf?__blob=publicationFile&v=1"},{"key":"13_CR9","doi-asserted-by":"publisher","unstructured":"Gasiba, T., Lechner, U., Cuellar, J., Zouitni, A.: Ranking secure coding guidelines for software developer awareness training in the industry. In: First International Computer Programming Education Conference (ICPEC 2020). OpenAccess Series in Informatics (OASIcs), vol. 81, pp. 11:1\u201311:11. Schloss Dagstuhl-Leibniz-Zentrum f\u00fcr Informatik, Dagstuhl, Germany (2020). https:\/\/doi.org\/10.4230\/OASIcs.ICPEC.2020.11, https:\/\/drops.dagstuhl.de\/opus\/volltexte\/2020\/12298","DOI":"10.4230\/OASIcs.ICPEC.2020.11"},{"key":"13_CR10","unstructured":"Greyhat Warfare: Public S3 Buckets (2021). https:\/\/buckets.grayhatwarfare.com\/"},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Guerriero, M., Garriga, M., Tamburri, D.A., Palomba, F.: Adoption, support, and challenges of infrastructure-as-code: insights from industry. In: 2019 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 580\u2013589. IEEE, Cleveland (2019)","DOI":"10.1109\/ICSME.2019.00092"},{"key":"13_CR12","unstructured":"International Standard Organization: Industrial communication networks - Network and system security. Standard, International Electrical Commission (2009\u20132021)"},{"key":"13_CR13","doi-asserted-by":"publisher","unstructured":"Iosif, A.C.: Open-Source Terraform Repositories - SAST (tfsec, terrascan, checkov) vulnerability snapshot, December 2021. https:\/\/doi.org\/10.5281\/zenodo.5760482","DOI":"10.5281\/zenodo.5760482"},{"key":"13_CR14","doi-asserted-by":"publisher","unstructured":"Mell, P., Grance, T.: The NIST Definition of Cloud Computing, 28 Sept 2011. https:\/\/doi.org\/10.6028\/NIST.SP.800-145","DOI":"10.6028\/NIST.SP.800-145"},{"key":"13_CR15","unstructured":"Nag Media: List of AWS S3 Leaks (2021). https:\/\/github.com\/nagwww\/s3-leaks"},{"key":"13_CR16","unstructured":"Open Web Application Security Project: OWASP Top 10 (2017). https:\/\/owasp.org\/Top10\/A01_2021-Broken_Access_Control\/"},{"key":"13_CR17","doi-asserted-by":"publisher","unstructured":"Rahman, A., Parnin, C., Williams, L.: The seven sins: security smells in infrastructure as code scripts. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE), pp. 164\u2013175. ACM, Montreal (2019). https:\/\/doi.org\/10.1109\/ICSE.2019.00033","DOI":"10.1109\/ICSE.2019.00033"},{"key":"13_CR18","unstructured":"Samani, R.: Critical Infrastructure and the Cloud (2013). https:\/\/cloudsecurityalliance.org\/blog\/2013\/02\/01\/critical-infrastructure-and-the-cloud\/"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"S\u00e1nchez-Gord\u00f3n, M., Colomo-Palacios, R.: Security as culture: a systematic literature review of DevSecOps. In: Proceedings of the IEEE\/ACM 42nd International Conference on Software Engineering Workshops, pp. 266\u2013269. IEEE, Seoul Republic of Korea (2020)","DOI":"10.1145\/3387940.3392233"},{"issue":"12","key":"13_CR20","doi-asserted-by":"publisher","first-page":"9493","DOI":"10.1007\/s11227-020-03213-1","volume":"76","author":"H Tabrizchi","year":"2020","unstructured":"Tabrizchi, H., Rafsanjani, M.K.: A survey on security challenges in cloud computing: issues, threats, and solutions. J. Supercomputing 76(12), 9493\u20139532 (2020). https:\/\/doi.org\/10.1007\/s11227-020-03213-1","journal-title":"J. Supercomputing"},{"key":"13_CR21","unstructured":"UpGuard Team: Black Box, Red Disk: How Top Secret NSA and Army Data Leaked Online (2017). https:\/\/www.upguard.com\/breaches\/cloud-leak-inscom"},{"key":"13_CR22","doi-asserted-by":"publisher","unstructured":"Zhao, T., Gasiba, T.E., Lechner, U., Pinto-Albuquerque, M.: Exploring a board game to improve cloud security training in industry. In: Henriques, P.R., Portela, F., Queir\u00f3s, R., Sim\u00f5es, A. (eds.) Second International Computer Programming Education Conference (ICPEC 2021). Open Access Series in Informatics (OASIcs), vol. 91, pp. 11:1\u201311:8. Schloss Dagstuhl - Leibniz-Zentrum f\u00fcr Informatik, Dagstuhl, Germany (2021). https:\/\/doi.org\/10.4230\/OASIcs.ICPEC.2021.11, https:\/\/drops.dagstuhl.de\/opus\/volltexte\/2021\/14227","DOI":"10.4230\/OASIcs.ICPEC.2021.11"}],"container-title":["Communications in Computer and Information Science","Ubiquitous Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-19-0468-4_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,25]],"date-time":"2022-02-25T14:16:19Z","timestamp":1645798579000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-19-0468-4_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9789811904677","9789811904684"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-981-19-0468-4_13","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"26 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"UbiSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Inernational Conference on Ubiquitous Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 December 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 December 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ubisec2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/ubisecurity.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"96","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}