{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T16:04:12Z","timestamp":1780761852793,"version":"3.54.1"},"reference-count":72,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2015,2,17]],"date-time":"2015-02-17T00:00:00Z","timestamp":1424131200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Infosys Limited, India"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2015,4,16]]},"abstract":"<jats:p>In response to the revival of virtualized technology by Rosenblum and Garfinkel [2005], NIST defined cloud computing, a new paradigm in service computing infrastructures. In cloud environments, the basic security mechanism is ingrained in virtualization\u2014that is, the execution of instructions at different privilege levels. Despite its obvious benefits, the caveat is that a crashed virtual machine (VM) is much harder to recover than a crashed workstation. When crashed, a VM is nothing but a giant corrupt binary file and quite unrecoverable by standard disk-based forensics. Therefore, VM crashes should be avoided at all costs. Security is one of the major contributors to such VM crashes. This includes compromising the hypervisor, cloud storage, images of VMs used infrequently, and remote cloud client used by the customer as well as threat from malicious insiders. Although using secure infrastructures such as private clouds alleviate several of these security problems, most cloud users end up using cheaper options such as third-party infrastructures (i.e., private clouds), thus a thorough discussion of all known security issues is pertinent. Hence, in this article, we discuss ongoing research in cloud security in order of the attack scenarios exploited most often in the cloud environment. We explore attack scenarios that call for securing the hypervisor, exploiting co-residency of VMs, VM image management, mitigating insider threats, securing storage in clouds, abusing lightweight software-as-a-service clients, and protecting data propagation in clouds. Wearing a practitioner's glasses, we explore the relevance of each attack scenario to a service company like Infosys. At the same time, we draw parallels between cloud security research and implementation of security solutions in the form of enterprise security suites for the cloud. We discuss the state of practice in the form of enterprise security suites that include cryptographic solutions, access control policies in the cloud, new techniques for attack detection, and security quality assurance in clouds.<\/jats:p>","DOI":"10.1145\/2693841","type":"journal-article","created":{"date-parts":[[2015,2,18]],"date-time":"2015-02-18T13:24:05Z","timestamp":1424265845000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["Secure the Cloud"],"prefix":"10.1145","volume":"47","author":[{"given":"Arpan","family":"Roy","sequence":"first","affiliation":[{"name":"Infosys Labs, Dependability Center of Excellence, Infosys Ltd., Electronic City, Bangalore 560100, India"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Santonu","family":"Sarkar","sequence":"additional","affiliation":[{"name":"Dept. of Computer Science and Information Systems, BITS Pilani K.K. Birla Goa Campus, Goa India"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rajeshwari","family":"Ganesan","sequence":"additional","affiliation":[{"name":"Edgeverve Systems Limited, Systems Engineering Group, Electronic City, Bangalore 560100, India"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Geetika","family":"Goel","sequence":"additional","affiliation":[{"name":"Jigsaw Academy, Bangalore 560038, India"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2015,2,17]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2011.9"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866313"},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of OSDI. 267--283","author":"Baumann Andrew","year":"2014"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381913.2381916"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653686"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382226"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.194"},{"key":"e_1_2_1_8_1","volume-title":"Villela","author":"Campbell Andrew T.","year":"1999"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_2"},{"key":"e_1_2_1_10_1","volume-title":"Katz","author":"Chen Yanpei","year":"2010"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655022"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2012.113"},{"key":"e_1_2_1_13_1","volume-title":"Retrieved","author":"EMC Corporation","year":"2014"},{"key":"e_1_2_1_14_1","first-page":"2007","volume-title":"Retrieved","author":"Essers Loek","year":"2012"},{"key":"e_1_2_1_15_1","volume-title":"Felten","author":"Feldman Ariel J.","year":"2010"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.3724\/SP.J.1001.2011.03958"},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of HotCloud. 2--7.","author":"Ford Bryan","year":"2012"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSNW.2012.6264695"},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of NDSS. 191--206","author":"Garfinkel Tal","year":"2003"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2012.23"},{"key":"e_1_2_1_22_1","volume-title":"Retrieved","author":"Limited Infosys","year":"2014"},{"key":"e_1_2_1_23_1","series-title":"Lecture Notes in Computer Science","volume-title":"Financial Cryptography and Data Security","author":"Kamara Seny"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/775152.775242"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.120"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2012.64"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the USENIX Security Symposium. 11--27","author":"Kim Taesoo","year":"2012"},{"key":"e_1_2_1_29_1","unstructured":"Ryan Ko Stephen Lee and Veerappa Rajan. 2013. Cloud computing vulnerability incidents: A statistical overview.  Ryan Ko Stephen Lee and Veerappa Rajan. 2013. Cloud computing vulnerability incidents: A statistical overview."},{"key":"e_1_2_1_30_1","volume-title":"Krutz and Russell Dean Vines","author":"Ronald","year":"2010"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of USENIX ATC. 14--25","author":"Martignoni Lorenzo","year":"2012"},{"key":"e_1_2_1_32_1","volume-title":"Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance","author":"Mather Tim"},{"key":"e_1_2_1_33_1","first-page":"145","article-title":"The NIST definition of cloud computing (draft)","volume":"800","author":"Mell Peter","year":"2011","journal-title":"NIST Special Publication"},{"key":"e_1_2_1_34_1","volume-title":"Retrieved","year":"2014"},{"key":"e_1_2_1_35_1","volume-title":"Proceedings of HPCS. IEEE","author":"Naruchitparames Jeffrey"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCGrid.2011.35"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2168836.2168851"},{"key":"e_1_2_1_38_1","first-page":"397","article-title":"Security architecture for cloud computing. Fujitsu Sci","volume":"46","author":"Okuhara Masayuki","year":"2010","journal-title":"Tech. J."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381913.2381931"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/50202.50214"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2484402.2484406"},{"key":"e_1_2_1_42_1","volume-title":"Proceedings of USENIX ATC. 31--44","author":"Popa Raluca Ada","year":"2011"},{"key":"e_1_2_1_43_1","volume-title":"Retrieved","author":"Prince Brian","year":"2014"},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of HotCloud. 8--13","author":"Raiciu Costin","year":"2012"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSA.2010.5588290"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653687"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2005.176"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2012.12.025"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2010.22"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSN.2011.6014715"},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of HotCloud. 3.","author":"Santos Nuno","year":"2009"},{"key":"e_1_2_1_52_1","volume-title":"Proceedings of the USENIX Security Symposium. 10--23","author":"Santos Nuno","year":"2012"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.18"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2011.5958263"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_1"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420985"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38323-6_7"},{"key":"e_1_2_1_58_1","volume-title":"Proceedings of NDSS.","author":"Tian Donghai","year":"2012"},{"key":"e_1_2_1_59_1","volume-title":"Proceedings of HotSec. 1--8.","author":"Dijk Marten Van","year":"2010"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382227"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00607-010-0140-x"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382228"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOCS.2012.24"},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655021"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2013.04.028"},{"key":"e_1_2_1_66_1","volume-title":"Proceedings of the USENIX Security Symposium. 9--25","author":"Wu Zhenyu","year":"2012"},{"key":"e_1_2_1_67_1","volume-title":"Chiachih Wu and Xuxian Jiang","author":"Zhi","year":"2013"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046660.2046670"},{"key":"e_1_2_1_69_1","unstructured":"Sara Yin. 2011. Google wallet aims to take mobile payments mainstream. PCMag. com 1--2.  Sara Yin. 2011. Google wallet aims to take mobile payments mainstream. PCMag. com 1--2."},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043576"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655026"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920317"},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/1871929.1871934"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2009.58"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2693841","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2693841","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:13:32Z","timestamp":1750227212000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2693841"}},"subtitle":["From the Perspective of a Service-Oriented Organization"],"short-title":[],"issued":{"date-parts":[[2015,2,17]]},"references-count":72,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2015,4,16]]}},"alternative-id":["10.1145\/2693841"],"URL":"https:\/\/doi.org\/10.1145\/2693841","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,2,17]]},"assertion":[{"value":"2014-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2014-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2015-02-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}