{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:11:11Z","timestamp":1750306271443,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,3,22]],"date-time":"2017-03-22T00:00:00Z","timestamp":1490140800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,3,22]]},"DOI":"10.1145\/3018896.3025169","type":"proceedings-article","created":{"date-parts":[[2018,2,23]],"date-time":"2018-02-23T16:12:59Z","timestamp":1519402379000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Cloud security certifications"],"prefix":"10.1145","author":[{"given":"Carlo","family":"Di Giulio","sequence":"first","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"Read","family":"Sprabery","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"Charles","family":"Kamhoua","sequence":"additional","affiliation":[{"name":"Air force Research Laboratory"}]},{"given":"Kevin","family":"Kwiat","sequence":"additional","affiliation":[{"name":"Air Force Research Laboratory"}]},{"given":"Roy H.","family":"Campbell","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]},{"given":"Masooda N.","family":"Bashir","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]}],"member":"320","published-online":{"date-parts":[[2017,3,22]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Accessed","author":"Accredited PAOs","year":"2016","unstructured":"Accredited 3 PAOs . Web page . Accessed May 26, 2016 . https:\/\/www.fedramp.gov\/marketplace\/accredited-3paos\/ Accredited 3PAOs. Web page. Accessed May 26, 2016. https:\/\/www.fedramp.gov\/marketplace\/accredited-3paos\/"},{"key":"e_1_3_2_1_2_1","volume-title":"Accessed","author":"Adobe","year":"2016","unstructured":"Adobe . 2015. Adobe Security and Privacy Certifications. White Paper. Adobe Systems Incorporated. Accessed June 1, 2016 . http:\/\/www.adobe.com\/security.html Adobe. 2015. Adobe Security and Privacy Certifications. White Paper. Adobe Systems Incorporated. Accessed June 1, 2016. http:\/\/www.adobe.com\/security.html"},{"key":"e_1_3_2_1_3_1","volume-title":"Product Details. Webpage. Accessed","author":"Amazon Web Services","year":"2016","unstructured":"Amazon Web Services . 2016 . AWS Lambda . Product Details. Webpage. Accessed October 15, 2016. https:\/\/aws.amazon.com\/lambda\/details\/ Amazon Web Services. 2016. AWS Lambda. Product Details. Webpage. Accessed October 15, 2016. https:\/\/aws.amazon.com\/lambda\/details\/"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2767005"},{"key":"e_1_3_2_1_5_1","volume-title":"The Utility of Security Standards. IEEE International Carnahan Conference on Security Technology (ICCST)","author":"Bayuk J.","year":"2011","unstructured":"Bayuk , J. ( 2011 ). The Utility of Security Standards. IEEE International Carnahan Conference on Security Technology (ICCST) , 2010. 341--345 Bayuk, J. (2011). The Utility of Security Standards. IEEE International Carnahan Conference on Security Technology (ICCST), 2010. 341--345"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.41"},{"key":"e_1_3_2_1_7_1","volume-title":"Proc. of the 2011 6th International Conference on System of Systems Engineering","author":"Bayuk J.","year":"2015","unstructured":"Bayuk , J. ( 2015 ). Cloud Security Metrics . Proc. of the 2011 6th International Conference on System of Systems Engineering , Albuquerque, New Mexico, USA. Bayuk, J. (2015). Cloud Security Metrics. Proc. of the 2011 6th International Conference on System of Systems Engineering, Albuquerque, New Mexico, USA."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-013-0174-7"},{"key":"e_1_3_2_1_9_1","volume-title":"Regulating the Clouds: Policy for Computing Infrastructure. edited by Christopher S. Yoo and Jean-Fran\u00e7ois Blanchette","author":"Blumenthal M. S.","year":"2015","unstructured":"Blumenthal , M. S. ( 2015 ). Finding Security in the Clouds . In Regulating the Clouds: Policy for Computing Infrastructure. edited by Christopher S. Yoo and Jean-Fran\u00e7ois Blanchette . The MIT Press Blumenthal, M. S. (2015). Finding Security in the Clouds. In Regulating the Clouds: Policy for Computing Infrastructure. edited by Christopher S. Yoo and Jean-Fran\u00e7ois Blanchette. The MIT Press"},{"key":"e_1_3_2_1_10_1","volume-title":"Accessed","author":"CIO Council","year":"2012","unstructured":"CIO Council , Chief Acquisition Office Council . 2012 . Creating Effective Cloud Computing Contracts for the Federal Government Best Practices for Acquiring IT as a Service . Accessed May 31, 2016. https:\/\/cio.gov\/resources\/document-library\/ CIO Council, Chief Acquisition Office Council. 2012. Creating Effective Cloud Computing Contracts for the Federal Government Best Practices for Acquiring IT as a Service. Accessed May 31, 2016. https:\/\/cio.gov\/resources\/document-library\/"},{"key":"e_1_3_2_1_11_1","volume-title":"Accessed","author":"Cloud Security Alliance","year":"2010","unstructured":"Cloud Security Alliance (CSA). 2010 . Top Threats to Cloud Computing V1.0 . Accessed May 23, 2016. https:\/\/cloudsecurityalliance.org\/topthreats\/csathreats.v1.0.pdf Cloud Security Alliance (CSA). 2010. Top Threats to Cloud Computing V1.0. Accessed May 23, 2016. https:\/\/cloudsecurityalliance.org\/topthreats\/csathreats.v1.0.pdf"},{"key":"e_1_3_2_1_12_1","volume-title":"Accessed","author":"Cloud Security Alliance","year":"2013","unstructured":"Cloud Security Alliance (CSA). 2013 . The Notorious Nine Cloud Computing Top Threats in 2013 . Accessed May 24, 2016. https:\/\/downloads.cloudsecurityalliance.org\/initiatives\/top_threats\/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf Cloud Security Alliance (CSA). 2013. The Notorious Nine Cloud Computing Top Threats in 2013. Accessed May 24, 2016. https:\/\/downloads.cloudsecurityalliance.org\/initiatives\/top_threats\/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf"},{"key":"e_1_3_2_1_13_1","volume-title":"Accessed","author":"Cloud Security Alliance","year":"2016","unstructured":"Cloud Security Alliance (CSA). 2016 . `The Treacherous Twelve' Cloud Computing Top Threats in 2016 . Accessed May 23, 2016. https:\/\/cloudsecurityalliance.org\/download\/the-treacherous-twelve-cloud-computing-top-threats-in-2016\/ Cloud Security Alliance (CSA). 2016. `The Treacherous Twelve' Cloud Computing Top Threats in 2016. Accessed May 23, 2016. https:\/\/cloudsecurityalliance.org\/download\/the-treacherous-twelve-cloud-computing-top-threats-in-2016\/"},{"key":"e_1_3_2_1_14_1","volume-title":"Accessed","author":"Cloud Security Alliance CSA STAR","year":"2016","unstructured":"Cloud Security Alliance (CSA). CSA STAR : The Future of Cloud Trust and Assurance. Web page . Accessed May 31, 2016 . https:\/\/cloudsecurityalliance.org\/star\/ Cloud Security Alliance (CSA). CSA STAR: The Future of Cloud Trust and Assurance. Web page. Accessed May 31, 2016. https:\/\/cloudsecurityalliance.org\/star\/"},{"key":"e_1_3_2_1_15_1","volume-title":"FedRAMP Cloud Controls Matrix v3.0.1 Candidate Mapping. Accessed","author":"Cloud Security Alliance","year":"2016","unstructured":"Cloud Security Alliance (CSA). FedRAMP Cloud Controls Matrix v3.0.1 Candidate Mapping. Accessed June 1, 2016 . https:\/\/cloudsecurityalliance.org\/download\/fedramp-cloud-controls-matrix-v3-0--1-candidate-mapping\/ Cloud Security Alliance (CSA). FedRAMP Cloud Controls Matrix v3.0.1 Candidate Mapping. Accessed June 1, 2016. https:\/\/cloudsecurityalliance.org\/download\/fedramp-cloud-controls-matrix-v3-0--1-candidate-mapping\/"},{"key":"e_1_3_2_1_16_1","volume-title":"Accessed","author":"Cloud Security Alliance","year":"2016","unstructured":"Cloud Security Alliance (CSA). Introduction to the Cloud Control Matrix Working Group. Web page . Accessed May 21, 2016 . https:\/\/cloudsecurityalliance.org\/group\/cloud-controls-matrix\/ Cloud Security Alliance (CSA). Introduction to the Cloud Control Matrix Working Group. Web page. Accessed May 21, 2016. https:\/\/cloudsecurityalliance.org\/group\/cloud-controls-matrix\/"},{"key":"e_1_3_2_1_17_1","volume-title":"Accessed","author":"Cloud Standards Customer Council","year":"2013","unstructured":"Cloud Standards Customer Council . 2013 . Cloud Security Standards: What to Expect & What to Negotiate . Accessed May 23, 2016. http:\/\/www.cloud-council.org\/resource-hub.htm Cloud Standards Customer Council. 2013. Cloud Security Standards: What to Expect & What to Negotiate. Accessed May 23, 2016. http:\/\/www.cloud-council.org\/resource-hub.htm"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/280277.280280"},{"key":"e_1_3_2_1_19_1","volume-title":"Accessed","author":"Creating Effective Cloud Computing","year":"2016","unstructured":"Creating Effective Cloud Computing Contracts for the Federal Government. Best Practices for Acquiring IT as a Service. 2012 . Accessed May 23, 2016 . https:\/\/cio.gov\/wp-content\/uploads\/downloads\/2012\/09\/cloudbestpractices.pdf Creating Effective Cloud Computing Contracts for the Federal Government. Best Practices for Acquiring IT as a Service. 2012. Accessed May 23, 2016. https:\/\/cio.gov\/wp-content\/uploads\/downloads\/2012\/09\/cloudbestpractices.pdf"},{"volume-title":"Privacy and Security for Cloud Computing","author":"Creese S.","key":"e_1_3_2_1_20_1","unstructured":"Creese , S. , Goldsmith , M. , Hopkins , P. 2013. Inadequacies of Current Risk Controls for the Cloud . In Privacy and Security for Cloud Computing . Springer . P. 235--255 Creese, S., Goldsmith, M., Hopkins, P. 2013. Inadequacies of Current Risk Controls for the Cloud. In Privacy and Security for Cloud Computing. Springer. P. 235--255"},{"key":"e_1_3_2_1_21_1","volume-title":"Researching Android Multimedia Framework Security. PPT Presentation. Black Hat USA, 2015","author":"Drake J.","year":"2015","unstructured":"Drake , J. 2015 . Stagefright: Scary Code in the Heart of Android . Researching Android Multimedia Framework Security. PPT Presentation. Black Hat USA, 2015 . Accessed October 15, 2016. https:\/\/www.blackhat.com\/docs\/us-15\/materials\/us-15-Drake-Stagefright-Scary-Code-In-The-Heart-Of-Android.pdf Drake, J. 2015. Stagefright: Scary Code in the Heart of Android. Researching Android Multimedia Framework Security. PPT Presentation. Black Hat USA, 2015. Accessed October 15, 2016. https:\/\/www.blackhat.com\/docs\/us-15\/materials\/us-15-Drake-Stagefright-Scary-Code-In-The-Heart-Of-Android.pdf"},{"key":"e_1_3_2_1_22_1","first-page":"09","article-title":"Unleashing the Potential of Cloud Computing in Europe. COM (2012) 529 final","volume":"27","author":"European Commission","year":"2012","unstructured":"European Commission . 2012 . Unleashing the Potential of Cloud Computing in Europe. COM (2012) 529 final , Brussels , 27 . 09 .2012 European Commission. 2012. Unleashing the Potential of Cloud Computing in Europe. COM (2012) 529 final, Brussels, 27.09.2012","journal-title":"Brussels"},{"key":"e_1_3_2_1_23_1","volume-title":"Accessed","author":"European Telecommunications Standard Institute (ETSI).","year":"2013","unstructured":"European Telecommunications Standard Institute (ETSI). 2013 . Cloud Standards Coordination Final Report . Accessed May 25, 2016 http:\/\/csc.etsi.org\/resources\/CSC-Phase-1\/CSC-Deliverable-008-Final_Report-V1_0.pdf European Telecommunications Standard Institute (ETSI). 2013. Cloud Standards Coordination Final Report. Accessed May 25, 2016 http:\/\/csc.etsi.org\/resources\/CSC-Phase-1\/CSC-Deliverable-008-Final_Report-V1_0.pdf"},{"key":"e_1_3_2_1_24_1","volume-title":"Accessed","author":"Fed RAMP","year":"2016","unstructured":"Fed RAMP . Marketplace . Web page . Accessed November 21, 2016 . https:\/\/marketplace.fedramp.gov\/index.html#\/products?sort=productName FedRAMP. Marketplace. Web page. Accessed November 21, 2016. https:\/\/marketplace.fedramp.gov\/index.html#\/products?sort=productName"},{"key":"e_1_3_2_1_25_1","unstructured":"FedRAMP. FedRAMP Forward (Part 2). Accessed May 30 2016. https:\/\/www.fedramp.gov\/files\/2016\/03\/FedRAMP-Infographic-3.16.pdf FedRAMP. FedRAMP Forward (Part 2). Accessed May 30 2016. https:\/\/www.fedramp.gov\/files\/2016\/03\/FedRAMP-Infographic-3.16.pdf"},{"key":"e_1_3_2_1_26_1","unstructured":"FedRAMP. FedRAMP PMO. 2014. Guide to Understanding FedRAMP Version 2.0. Accessed May 26. https:\/\/www.fedramp.gov\/resources\/documents\/ FedRAMP. FedRAMP PMO. 2014. Guide to Understanding FedRAMP Version 2.0. Accessed May 26. https:\/\/www.fedramp.gov\/resources\/documents\/"},{"key":"e_1_3_2_1_27_1","volume-title":"Accessed","author":"Fed RAMP","year":"2016","unstructured":"Fed RAMP . Fed RAMP . Program Overview . Web page . Accessed May 26, 2016 . https:\/\/www.fedramp.gov\/about-us\/about\/ FedRAMP. FedRAMP. Program Overview. Web page. Accessed May 26, 2016. https:\/\/www.fedramp.gov\/about-us\/about\/"},{"key":"e_1_3_2_1_28_1","volume-title":"Accessed","author":"Fed RAMP","year":"2016","unstructured":"Fed RAMP . FedRAMP Security Assessment Framework Version 2.0. 2014 . Accessed May 29, 2016 . https:\/\/www.fedramp.gov\/resources\/documents\/ FedRAMP. FedRAMP Security Assessment Framework Version 2.0. 2014. Accessed May 29, 2016. https:\/\/www.fedramp.gov\/resources\/documents\/"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-013-0208-7"},{"volume-title":"Journal of Current Issues in Media Telecommunications. 5:1","author":"Fischer E.A.","key":"e_1_3_2_1_30_1","unstructured":"Fischer , E.A. , Figliola , P.M. Overview and Issues for Implementation of the Federal Cloud Computing Initiative: Implications for Federal Information Technology Reform Management . In Journal of Current Issues in Media Telecommunications. 5:1 . Nova Science Publishers . 1--27. Fischer, E.A., Figliola, P.M. Overview and Issues for Implementation of the Federal Cloud Computing Initiative: Implications for Federal Information Technology Reform Management. In Journal of Current Issues in Media Telecommunications. 5:1. Nova Science Publishers. 1--27."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Gantz S.D. 2013. The Basics of IT Audit. Syngress. ISBN 9780124171596 Gantz S.D. 2013. The Basics of IT Audit. Syngress. ISBN 9780124171596","DOI":"10.1016\/B978-0-12-417159-6.00008-0"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1080\/19393551003657019"},{"key":"e_1_3_2_1_33_1","first-page":"2","article-title":"It's a jungle out there'?: Cloud computing, standards and the law","volume":"5","author":"Gleeson N.","year":"2014","unstructured":"Gleeson , N. , Walden , I. 2014 . ` It's a jungle out there'?: Cloud computing, standards and the law . European Journal of Law and Technology. 5 : 2 . 1--22. Gleeson, N., Walden, I. 2014. `It's a jungle out there'?: Cloud computing, standards and the law. European Journal of Law and Technology. 5:2. 1--22.","journal-title":"European Journal of Law and Technology."},{"key":"e_1_3_2_1_34_1","volume-title":"Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist","author":"Goodin D.","year":"2013","unstructured":"Goodin , D. Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist . 2013 . Accessed June 8, 2016. http:\/\/arstechnica.com\/security\/2013\/08\/google-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist\/ Goodin, D. Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist. 2013. Accessed June 8, 2016. http:\/\/arstechnica.com\/security\/2013\/08\/google-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist\/"},{"key":"e_1_3_2_1_35_1","volume-title":"Xen Patches 7-Year-Old Bug That Shattered Hypervisor Security","author":"Goodin D.","year":"2015","unstructured":"Goodin , D. Xen Patches 7-Year-Old Bug That Shattered Hypervisor Security . 2015 . Accessed October 9, 2016. http:\/\/arstechnica.com\/security\/2015\/10\/xen-patches-7-year-old-bug-that-shattered-hypervisor-security\/ Goodin, D. Xen Patches 7-Year-Old Bug That Shattered Hypervisor Security. 2015. Accessed October 9, 2016. http:\/\/arstechnica.com\/security\/2015\/10\/xen-patches-7-year-old-bug-that-shattered-hypervisor-security\/"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2015.157"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2767181"},{"key":"e_1_3_2_1_39_1","volume-title":"Accessed","author":"ISO.","year":"2013","unstructured":"ISO. 2013 . New version of ISO\/IEC 27001 to better tackle IT security risks . Accessed May 29, 2016. http:\/\/www.iso.org\/iso\/news.htm?refid=Ref1767 ISO. 2013. New version of ISO\/IEC 27001 to better tackle IT security risks. Accessed May 29, 2016. http:\/\/www.iso.org\/iso\/news.htm?refid=Ref1767"},{"key":"e_1_3_2_1_40_1","unstructured":"ISO Survey. 2014. Accessed May 26 2016. http:\/\/www.iso.org\/iso\/iso-survey ISO Survey. 2014. Accessed May 26 2016. http:\/\/www.iso.org\/iso\/iso-survey"},{"key":"e_1_3_2_1_41_1","volume-title":"Web page. Accessed","author":"Survey ISO","year":"2016","unstructured":"ISO Survey .. About ISO . Web page. Accessed June 1, 2016 . http:\/\/www.iso.org\/iso\/home\/about.htm ISO Survey.. About ISO. Web page. Accessed June 1, 2016. http:\/\/www.iso.org\/iso\/home\/about.htm"},{"key":"e_1_3_2_1_42_1","volume-title":"Web page. Accessed","author":"Survey","year":"2016","unstructured":"ISO Survey .. ISO\/IEC 27001 - Information security management. Web page. Accessed June 1, 2016 . http:\/\/www.iso.org\/iso\/home\/standards\/management-standards\/iso27001.htm+ ISO Survey.. ISO\/IEC 27001 - Information security management. Web page. Accessed June 1, 2016. http:\/\/www.iso.org\/iso\/home\/standards\/management-standards\/iso27001.htm+"},{"key":"e_1_3_2_1_43_1","volume-title":"Web page. Accessed","author":"Survey","year":"2016","unstructured":"ISO Survey .. ISO\/IEC JTC 1. Web page. Accessed June 1, 2016 . http:\/\/www.iso.org\/iso\/jtc1_home.html ISO Survey.. ISO\/IEC JTC 1. Web page. Accessed June 1, 2016. http:\/\/www.iso.org\/iso\/jtc1_home.html"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_45_1","volume-title":"Proceedings of the annual conference on USENIX '06 Annual Technical Conference (ATEC '06)","author":"Jones S.T.","year":"2006","unstructured":"Jones , S.T. , Arpaci-Dusseau , A.C. , Arpaci-Dusseau , R.H. 2006 . Antfarm: tracking processes in a virtual machine environment . In Proceedings of the annual conference on USENIX '06 Annual Technical Conference (ATEC '06) Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H. 2006. Antfarm: tracking processes in a virtual machine environment. In Proceedings of the annual conference on USENIX '06 Annual Technical Conference (ATEC '06)"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346269"},{"key":"e_1_3_2_1_47_1","volume-title":"Accessed","author":"Kundra V.","year":"2010","unstructured":"Kundra , V. 2010 . 25 Point Implementation Plan to Reform Federal Information Technology Management . Accessed May 23, 2016. https:\/\/www.dhs.gov\/sites\/default\/files\/publications\/digital-strategy\/25-point-implementation-plan-to-reform-federal-it.pdf Kundra, V. 2010. 25 Point Implementation Plan to Reform Federal Information Technology Management. Accessed May 23, 2016. https:\/\/www.dhs.gov\/sites\/default\/files\/publications\/digital-strategy\/25-point-implementation-plan-to-reform-federal-it.pdf"},{"key":"e_1_3_2_1_48_1","volume-title":"Accessed","author":"Kundra V.","year":"2011","unstructured":"Kundra , V. 2011 . Federal Cloud Computing Strategy . Accessed May 27, 2016. https:\/\/www.whitehouse.gov\/sites\/default\/files\/omb\/assets\/egov_docs\/federal-cloud-computing-strategy.pdf Kundra, V. 2011. Federal Cloud Computing Strategy. Accessed May 27, 2016. https:\/\/www.whitehouse.gov\/sites\/default\/files\/omb\/assets\/egov_docs\/federal-cloud-computing-strategy.pdf"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2014.117"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.43"},{"key":"e_1_3_2_1_51_1","volume-title":"The Role of Certification and Standards for Trusted Cloud Solutions. Last accessed","author":"Lorga M.","year":"2016","unstructured":"Lorga , M. 2014. Webinar . In The Role of Certification and Standards for Trusted Cloud Solutions. Last accessed June 1, 2016 . http:\/\/www.cloudwatchhub.eu\/webinar-security1 Lorga, M. 2014. Webinar. In The Role of Certification and Standards for Trusted Cloud Solutions. Last accessed June 1, 2016. http:\/\/www.cloudwatchhub.eu\/webinar-security1"},{"key":"e_1_3_2_1_52_1","first-page":"2015","volume-title":"Accessed","author":"MITRE.","year":"2015","unstructured":"MITRE. 2015 . CVE-2015-1538. Common Vulnerabilities and Exposures. Online database . Accessed October 15, 2016. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve- 2015 - 1538 MITRE. 2015.CVE-2015-1538. Common Vulnerabilities and Exposures. Online database. Accessed October 15, 2016. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve-2015-1538"},{"key":"e_1_3_2_1_53_1","volume-title":"Accessed","author":"NIST.","year":"2004","unstructured":"NIST. 2004 . Standards for Security Categorization of Federal Information and Information Systems. FIPS PUB 199 . Accessed May 31, 2016. http:\/\/csrc.nist.gov\/publications\/PubsFIPS.html NIST. 2004. Standards for Security Categorization of Federal Information and Information Systems. FIPS PUB 199. Accessed May 31, 2016. http:\/\/csrc.nist.gov\/publications\/PubsFIPS.html"},{"key":"e_1_3_2_1_54_1","volume-title":"Accessed","author":"NIST.","year":"2013","unstructured":"NIST. 2013 . Security and Privacy Controls for Federal Information Systems and Organizations. Special Publication 800-53 Revision 4 . Accessed May 31, 2016. http:\/\/csrc.nist.gov\/publications\/PubsSPs.html NIST. 2013. Security and Privacy Controls for Federal Information Systems and Organizations. Special Publication 800-53 Revision 4. Accessed May 31, 2016. http:\/\/csrc.nist.gov\/publications\/PubsSPs.html"},{"key":"e_1_3_2_1_55_1","first-page":"500","article-title":"US Government Cloud Computing Technology Roadmap Volume I","author":"NIST.","year":"2014","unstructured":"NIST. 2014 . US Government Cloud Computing Technology Roadmap Volume I . Special Publication 500 - 293 . Accessed June 1, 2016. http:\/\/www.nist.gov\/manuscript-publication-search.cfm?pub_id=915112 NIST. 2014. US Government Cloud Computing Technology Roadmap Volume I. Special Publication 500-293. Accessed June 1, 2016. http:\/\/www.nist.gov\/manuscript-publication-search.cfm?pub_id=915112","journal-title":"Special Publication"},{"key":"e_1_3_2_1_56_1","volume-title":"Strengthening Federal Cybersecurity. Meeting Our Greatest Challenges: The President's Fiscal Year 2017 Budget. Fact Sheet. Last accessed","author":"Office","year":"2016","unstructured":"Office of Management and Budget. 2016 . Strengthening Federal Cybersecurity. Meeting Our Greatest Challenges: The President's Fiscal Year 2017 Budget. Fact Sheet. Last accessed May 31, 2016. https:\/\/www.whitehouse.gov\/omb\/budget\/key-issue-fact-sheets Office of Management and Budget. 2016. Strengthening Federal Cybersecurity. Meeting Our Greatest Challenges: The President's Fiscal Year 2017 Budget. Fact Sheet. Last accessed May 31, 2016. https:\/\/www.whitehouse.gov\/omb\/budget\/key-issue-fact-sheets"},{"key":"e_1_3_2_1_57_1","unstructured":"Ormandy T. 2007. An Empirical Study into the Security Exposure to Host of Hostile Virtualized Environments. http:\/\/taviso.decsystem.org\/virtsec.pdf Ormandy T. 2007. An Empirical Study into the Security Exposure to Host of Hostile Virtualized Environments. http:\/\/taviso.decsystem.org\/virtsec.pdf"},{"key":"e_1_3_2_1_58_1","volume-title":"Lenovo slipped `Superfish' malware into laptops. CNN Money. Web Article. Last accessed","author":"Pagliery J.","year":"2015","unstructured":"Pagliery , J. ( 2015 ). Lenovo slipped `Superfish' malware into laptops. CNN Money. Web Article. Last accessed October 10, 2016. http:\/\/money.cnn.com\/2015\/02\/19\/technology\/security\/lenovo-superfish\/ Pagliery, J. (2015). Lenovo slipped `Superfish' malware into laptops. CNN Money. Web Article. Last accessed October 10, 2016. http:\/\/money.cnn.com\/2015\/02\/19\/technology\/security\/lenovo-superfish\/"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"e_1_3_2_1_60_1","volume-title":"Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728). Accessed","author":"Perception Point","year":"2016","unstructured":"Perception Point . Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728). Accessed June 8, 2016 . http:\/\/perception-point.io\/2016\/01\/14\/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016--0728\/ Perception Point. Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728). Accessed June 8, 2016. http:\/\/perception-point.io\/2016\/01\/14\/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016--0728\/"},{"key":"e_1_3_2_1_61_1","unstructured":"Pianta D. 2016. Navigating the Cloud Through FedRAMP. Webinar. Bloomberg Government. Accessed May 21 2106. http:\/\/about.bgov.com\/event\/navigating-cloud-fedramp\/ Pianta D. 2016. Navigating the Cloud Through FedRAMP. Webinar. Bloomberg Government. Accessed May 21 2106. http:\/\/about.bgov.com\/event\/navigating-cloud-fedramp\/"},{"volume-title":"International Journal of Information Management. 34","author":"Rasheed H.","key":"e_1_3_2_1_62_1","unstructured":"Rasheed , H. 2014. Data and Infrastructure Security Auditing in Cloud Computing Environments . In International Journal of Information Management. 34 . Elsevier . P. 364--368 Rasheed, H. 2014. Data and Infrastructure Security Auditing in Cloud Computing Environments. In International Journal of Information Management. 34. Elsevier. P. 364--368"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.5555\/776816.776870"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/2408776.2408789"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815400.2815401"},{"key":"e_1_3_2_1_66_1","volume-title":"Memorandum. Accessed","author":"VanRoekel S.","year":"2011","unstructured":"VanRoekel . S. 2011 . Security Authorization of Information Systems in Cloud Computing Environments . Memorandum. Accessed May 28, 2016. https:\/\/www.whitehouse.gov\/sites\/default\/files\/omb\/assets\/egov_docs\/fedrampmemo.pdf VanRoekel. S. 2011. Security Authorization of Information Systems in Cloud Computing Environments. Memorandum. Accessed May 28, 2016. https:\/\/www.whitehouse.gov\/sites\/default\/files\/omb\/assets\/egov_docs\/fedrampmemo.pdf"},{"volume-title":"A Pocket Guide","author":"Watkins S.","key":"e_1_3_2_1_67_1","unstructured":"Watkins , S. 2013. An Introduction to Information Security and ISO27001:2013 , A Pocket Guide , Second Edition. IT Governance Ltd . ISBN-13: 978-1-84928-526-1 Watkins, S. 2013. An Introduction to Information Security and ISO27001:2013, A Pocket Guide, Second Edition. IT Governance Ltd. ISBN-13: 978-1-84928-526-1"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382230"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660356"}],"event":{"name":"ICC '17: Second International Conference on Internet of Things, Data and Cloud Computing","acronym":"ICC '17","location":"Cambridge United Kingdom"},"container-title":["Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3018896.3025169","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3018896.3025169","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:38:41Z","timestamp":1750221521000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3018896.3025169"}},"subtitle":["a comparison to improve cloud service provider security"],"short-title":[],"issued":{"date-parts":[[2017,3,22]]},"references-count":68,"alternative-id":["10.1145\/3018896.3025169","10.1145\/3018896"],"URL":"https:\/\/doi.org\/10.1145\/3018896.3025169","relation":{},"subject":[],"published":{"date-parts":[[2017,3,22]]},"assertion":[{"value":"2017-03-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}