Difference between revisions of "Journal:Virtualization-based security techniques on mobile cloud computing: Research gaps and challenges"

From LIMSWiki
Jump to navigationJump to search
(Saving and adding more.)
(Saving and adding more.)
Line 71: Line 71:




[[File:Fig2 Annane IntJInterMobileTech2019 13-4.png|770px]]
[[File:Fig2 Annane IntJInterMobileTech2019 13-4.png|600px]]
{{clear}}
{{clear}}
{|  
{|  
  | STYLE="vertical-align:top;"|
  | STYLE="vertical-align:top;"|
{| border="0" cellpadding="5" cellspacing="0" width="770px"
{| border="0" cellpadding="5" cellspacing="0" width="600px"
  |-
  |-
   | style="background-color:white; padding-left:10px; padding-right:10px;"| <blockquote>'''Fig. 2''' PSSF Algorithm<ref name="HanVirtual14" /></blockquote>
   | style="background-color:white; padding-left:10px; padding-right:10px;"| <blockquote>'''Fig. 2''' PSSF Algorithm<ref name="HanVirtual14" /></blockquote>
Line 103: Line 103:
   | style="background-color:white; padding-left:10px; padding-right:10px;"|- The security of the mobile device operating system is ensured even when the latter is attacked.<br />- Free to execute the mobile application on both the mobile device or in the cloud.
   | style="background-color:white; padding-left:10px; padding-right:10px;"|- The security of the mobile device operating system is ensured even when the latter is attacked.<br />- Free to execute the mobile application on both the mobile device or in the cloud.
   | style="background-color:white; padding-left:10px; padding-right:10px;"|- The proposed work assumes that both hypervisor and cloud are always secure, so if the adversary succeeds in penetrating them, the data of the user would be at risk<br />- The mobile application dynamically migrates within VMs on the cloud.
   | style="background-color:white; padding-left:10px; padding-right:10px;"|- The proposed work assumes that both hypervisor and cloud are always secure, so if the adversary succeeds in penetrating them, the data of the user would be at risk<br />- The mobile application dynamically migrates within VMs on the cloud.
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Paladi ''et al.''<ref name="PaladiProvid17" />
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Protocol for the trusted lunch of a VM-encryption-based technique to protect the stored data using a trusted third-party entity
  | style="background-color:white; padding-left:10px; padding-right:10px;"|- Ensures the confidentiality of sensitive data and information of the user.
  | style="background-color:white; padding-left:10px; padding-right:10px;"|- The framework handles specified attacks on an IaaS platform, though not guaranteed to protect against other security threats such as attacks on network communication and data geo-localization.
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Han ''et al.''<ref name="HanVirtual14" />
  | style="background-color:white; padding-left:10px; padding-right:10px;"|VM allocation policy
  | style="background-color:white; padding-left:10px; padding-right:10px;"|- The policy protects the VMs allocated on the same host to be co-located from malicious users.
  | style="background-color:white; padding-left:10px; padding-right:10px;"|- -The policy does not secure the interaction between VMs that are allocated on a different host.<br />- The policy does not secure the mobile user data while moving from the mobile device to the cloud.<br />- The policy has an absence of data isolation while VMs communicate between each other.<br />- The policy only decreases the efficiency and coverage attacks on the host.
|-
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Yu ''et al.''<ref name="YuDetect13" />
  | style="background-color:white; padding-left:10px; padding-right:10px;"|Mechanism -based network measurement
  | style="background-color:white; padding-left:10px; padding-right:10px;"|- Increases the difficulty for malicious users to determine co-location on the user VMS.
  | style="background-color:white; padding-left:10px; padding-right:10px;"|- Simple hiding of the hypervisor IP address is not sufficient, and the adversary can use another way to steal information from VMs.
  |-  
  |-  
|}
|}
|}
|}
===Virtualization-based load balancing security techniques on VM===
====Dynamic allocation and migration for phone clones for preventing covert channel attacks====





Revision as of 01:26, 4 September 2019

Full article title Virtualization-based security techniques on mobile cloud computing: Research gaps and challenges
Journal International Journal of Interactive Mobile Technologies
Author(s) Annane, Boubakeur; Ghazali, Osman
Author affiliation(s) Universiti Utara Malaysia
Primary contact Email: jakhar256 at yahoo dot com
Year published 2019
Volume and issue 13(4)
Page(s) 20–32
DOI 10.3991/ijim.v13i04.10515
ISSN 1865-7923
Distribution license Creative Commons Attribution 3.0 Austria
Website https://online-journals.org/index.php/i-jim/article/view/10515
Download https://online-journals.org/index.php/i-jim/article/download/10515/5587 (PDF)

Abstract

The principle constraints of mobile devices are their limited resources, including processing capability, storage space, and battery life. However, cloud computing offers a means of vast computing resources and services. With it a new idea emerged, the inclusion of cloud computing into mobile devices such as smartphones, tablet, and other personal digital assistants (PDA) to augment their capacities, providing a robust technology called mobile cloud computing (MCC). Although MCC has brought many advantages to mobile users, it also still suffers from the security and privacy issues of data while hosted on virtual machines (VM) on remote cloud’s servers. Currently, the eyes of security experts are turned towards the virtualization-based security techniques used either on the cloud or on mobile devices. The new challenge is to develop secure methods in order to authenticate highly sensitive digital content. This paper investigates the main challenges regarding the security and privacy issues inherent to the mobile cloud, focusing on the virtualization issue layer and giving clear strengths and weaknesses of recent relevant virtualization security techniques existing in the literature. Hence, the paper provides perspectives for researchers to adapt in order to achieve progress with future work.

Keywords: mobile cloud computing; virtualization; security and privacy of information; user virtual machines

Introduction

Nowadays, cloud computing is an attractive technology that is known to have an increasing importance for users by delivering services over the internet. It is defined as an information technology (IT) paradigm that allows the user to exploit cloud services in an on-demand way.[1] Three main services are provided: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). In IaaS, virtualization relies on sharing computing resources rather than having personal mobile devices to handle and to perform applications and tasks simultaneously and efficiently.[2]

Mobile cloud computing (MCC) has quickly grown in popularity among individuals and user communities. It combines the cloud computing paradigm with mobile devices through wireless technology in order to avoid the devices’ capacity restrictions and leverage the resources offered by cloud computing services.[3] Mobile devices such as smartphone and tablets have several limitations in their resource capacities (CPU, memory, and storage space) which inhibit application developers from providing powerful software solutions and hinder users in enjoying those solutions in their daily life.[2] Integrating cloud computing services with mobile computing is an interesting solution towards solving these issues. MCC allows users to upload and move their applications, services, and data on shared cloud servers, taking advantage of their large remote storage capacity and significant computing resources when running intensive applications, taking the strain off the battery life of mobile devices. Recently, the use of mobile devices has moved beyond simple applications and into more complex and crucial applications which deal with sensitive data in various multimedia formats (text, images, audio, and video), including banking, health, and transport applications. The moving of clients’ data and services to the cloud raises many security challenges, particularly involving the major concerns of data security and privacy protection due to data being located in different distributed places.

Security is considered a major challenge with MCC environments. Mobile cloud security's issues are inherited from cloud computing, so we are at least familiar with those issues; however, those issues are more critical with MCC because of devices’ limited resource capacity (e.g., lack of CPU capability) to handle CPU-intensive malware detection applications that protect sensitive data, at least when compared to personal computers. The tenants’ worries are concentrated on the migration to the cloud of their data, which might face more risks once they share the same cloud resources with other tenants.[4] With MCC, cloud service providers offer the sharing of their resources to mobile users through the popular technique of virtualization, which increases the efficiency and effectiveness of hardware utilization.[5] Various users’ virtual machines are running on the same cloud host when they share the same cloud resources, which leads to additional security risks like violating data use terms once the data shares the same memory or CPU.[6][7] Consequently, an important question must be raised whether the other cloud virtual machines’ clients are trusted or not. Several robust security techniques have been proposed in this decade, and a number of new techniques or improved versions of the latest approaches have been developed. However, most of the solutions proposed are not practical due to the critical change—eliminating side channels and clocks, as well as the hypervisor—that comes with the cloud platform.[5] In this work, we aim to collect and present some relevant virtualization-based security techniques currently available in the field and review in detail the topic of various newly emerged security challenges.

The rest of this paper is organized as follows. Firstly, we present basic requirements of the virtualization techniques on MCC. We detail malicious attacks and briefly review quality measures. Then, we discuss the recent virtualization security techniques, with comparison and evaluation of different approaches also presented. Then, we present discussion, research gaps, and challenges concerning a security-based virtualization layer. Finally, in the last section, we conclude and present plans for future work.

Virtualization-based security preliminaries

In MCC, cloud services are provided for mobile users using virtualization technologies. Virtualization is defined as a middle layer between the software and hardware layers in a cloud server that allows the cloud provider to efficiently exploit their services and computing resources.[8] These resources can be shared among multiple virtual machines in order to run services simultaneously while also sharing benefits from available servers’ resources (e.g., CPU, network bandwidth, memory, etc.).[9] The virtualization process can reportedly increase hardware utilization (efficiency) between 60% and 80%.[10] The use of remote servers and other hardware utilization techniques also improves mobile device battery life by saving energy.[11][12]

The execution of mobile applications is considered a computationally intensive task that requires significant resource consumption on mobile devices. However, this kind of challenge has been defeated by the offloading technique. The computationally intensive application is divided into many tasks, which are migrated to the cloud (remote servers) for fast processing, with the results returned back to the mobile terminal afterwards.[13] On the cloud end, once the mobile task is offloaded, a virtual machine image of the mobile device (also called a "phone clone") is pre-installed for processing the mobile user’s application data, which increases the efficiency of the cloud environment and decreases the maintenance overhead on the mobile device.[4][14] Therefore, running the phone clone of the mobile device on the same server and isolating them is the main role of the virtualization technology. However, multiple works[5][6][15][16][17][18][19] have shown that virtualization has brought with it several security concerns[8] that affect virtualized systems, including denial-of-service (DOS) attacks. This kind of attack hits insipid information like workload statistics to know whether the system is vulnerable or not. Moreover, virtualization techniques on MCC brings new security risks such as unauthorized access from malicious virtual machines (VMs), VM-to-VM attacks, breaches of confidential mobile user data, VM monitoring challenges (e.g., the hypervisor), and communication challenges in a virtualized environment.[4][8] Thus, ensuring security mechanisms that prevent leakage of sensitive data and information from legitimate phone clones is not an easy task.

In terms of security, virtualization-based techniques are regrouped into two main categories: hardware-based techniques and software-based techniques. For the first class, we distinguish secure application cloning on VM[15] and the protection of VMs from a malicious hypervisor[20] as two useful techniques. For the second, we also consider two techniques: VM-based security techniques[16][17][18][21] and security techniques based on load balancing the VM.[5][19] Fig. 1 summarizes the important classes of virtualization-based security approaches.


Fig1 Annane IntJInterMobileTech2019 13-4.png

Fig. 1 Classification of virtualization-based security techniques

Virtualization-based security techniques have five important proprieties[17][22]: efficiency, coverage, complexity, security, and robustness. Roughly speaking, efficiency represents the number of malicious VMs that succeed to co-locate with a target (victim VM), divided by the total number of VMs lunched by the attacker. Coverage represents the number of malicious VMs that succeed to co-locate with a target, divided by the number of targets lunched by a legitimate user. Complexity in security is defined as any secure complex technique that needs high execution time, high computation complexity, and high energy consumption from the cloud server. Security refers to the privacy of the VMs and their sensitive data, meaning that optimally no one would be able to remove or extract the data without knowing the secure key. Similarly, robustness refers to the degree of resistance against any kind of manipulation. Any new approach must negotiate a trade-off among these five proprieties.

Many researchers have begun developing frameworks, policies, and approaches against these kinds of challenges to ensure security for mobile users. These methods are mainly focused on how to ignore the side channel attacks between VMs while the malicious VMs access the cloud servers.[23][24][25][26] However, all the methods proposed require fundamental changes to the current commercial platform, and they are neither practical nor immediately deployable.[17] Additionally, while also strong candidates, hardware-based techniques lead to a high cost barrier.[15]

Virtualization-based security techniques

How to protect virtual machines (VM) and sensitive data is undoubtedly one of the most important topics regarding MCC. Recent security techniques have been used largely to tackle the security issues related to the virtualized environment in either cloud or mobile cloud computing.[5][15][16][17][18][19][20][21] This section discusses recent techniques described in the literature.

Virtualization-based security VM techniques

Hardware virtualization-based technique for securing application cloning on VM

Hao et al.[15] have presented a platform called Secure Mobile Cloud Platform (SMOC) for securing the mobile cloud environment. The platform allows the user to run their applications whether on the cloud or directly on the mobile device itself. In contrast, their proposed platform includes two concepts. The first one is sharing resources, which means that a mobile application can freely change the run-from location for providing a better user experience, i.e., not running explicitly on the cloud. This design provides more flexibility compared to other proposed approaches and techniques. The second concept is ensuring security even though the operating system of the mobile device has been attacked. A thin virtual machine shares its information and files with the mobile device once the mobile application is running in the cloud. Conversely, the mobile device shares its files and information (device inputs and outputs) with the VM-cloud for running the application. Despite the benefits of this platform towards security concerns, many assumptions are made by the researchers, who fail to consider issues with an untrusted hypervisor and untrusted public cloud provider. The proposed platform ensures data security and privacy only when both assumptions (hypervisor and cloud provider) are assured. Thus, this platform ensures security towards an untrusted guest operating system which also runs unsecure applications.

Encryption protocol-based virualization technique for trusting launch of VM

Paladi et al.[16] proposed a framework for data and transaction security of infrastructure services. The proposed framework contains various protocols for trust and the storage protection operation called Domain-Based Storage Protection (DBSP), as well as another protocol for trusting virtual machine deployment called TrustLunching. Trust VMs made a more suitable method when the virtual machines were running inside a trusted host using secure computing techniques. Their proposed solutions completed several attack-based security analyses, and the obtained results improved the robustness and the efficiency of their framework. Before the deployment of guest VMs, the protocol of trust VMs is performed. The second protocol used cryptography techniques outside the IaaS domain for ensuring the data confidentiality stored in the cloud. As such, a list of malicious host attacks against IaaS environments are demonstrated to produce both secure protocols. The proposed framework can be integrated into the existing cloud platform thanks to numerous successful experiments and tests run on tenants’ sensitive data (e.g., public healthcare patients’ data). However, this work focused specifically on attacks of IaaS platforms, which doesn't guarantee security for other threats such as hypervisor attacks, co-resident attacks, and so on.

VM allocation policy for defending co-residency attack

Frequently, VMs of different mobile users executed on the same physical host are logically isolated from each other. However, malevolent users can escape this logical isolation while sharing the same resources (CPU, memory, and cache) and capture sensitive and private information like crypto keys from co-resident virtual machines.[6][7] Han et al.[17] have proposed a new secure VM allocation policy called Previous Selected Servers First Policy (PSSF). (The algorithm is shown in Fig.2.) The aim of this policy is to defend against co-resident attack. However, the proposed algorithm lacks various security enhancements such as securing the mobile device VMs residing on it, live migration, and securing the communication data between the VMs while located on mobile devices and in the cloud. The algorithm also lacks a distributed application security algorithm deployment for mobile and the cloud. Finally, this algorithm only targets co-resident attacks and does not target other types of attacks like distributed VM communication attacks, hypervisor attacks, and mobile device data attacks.


Fig2 Annane IntJInterMobileTech2019 13-4.png

Fig. 2 PSSF Algorithm[17]

Mechanism-based network measurement for detecting VMs co-residency

Yu et al.[18] have presented a new schema for detecting the VMs co-residency attacks by getting the location of the particular VM. The covert side channel is a kind of attack that breaks the isolation between the VMs, leading to the theft of sensitive information from users. To clarify more, the simple way to know whether two VMs are on the host is to rely on network metrics by performing TCP "traceroute" steps to get the IP address of the hypervisor. If two hypervisor IP addresses are the same, that means corresponding VMs are on the same host (co-resident). The advantage of this solution is that it increases the difficulty of establishing co-location. However, the attacker can still use other techniques to steal information from legitimate user VMs. As such, a simple hiding of the IP address of the hypervisor isn't sufficient to solve the co-residency issue.

Comparing the virtualization-based security techniques on VM

In Table 1, the above virtualization-based security techniques on VM are compared in terms of strengths and drawbacks.

Table 1. Comparison of different virtualization-based security techniques on VM
Authors Technique Strengths Drawbacks
Hao et al.[15] Hardware virtualization-based technique - The security of the mobile device operating system is ensured even when the latter is attacked.
- Free to execute the mobile application on both the mobile device or in the cloud.
- The proposed work assumes that both hypervisor and cloud are always secure, so if the adversary succeeds in penetrating them, the data of the user would be at risk
- The mobile application dynamically migrates within VMs on the cloud.
Paladi et al.[16] Protocol for the trusted lunch of a VM-encryption-based technique to protect the stored data using a trusted third-party entity - Ensures the confidentiality of sensitive data and information of the user. - The framework handles specified attacks on an IaaS platform, though not guaranteed to protect against other security threats such as attacks on network communication and data geo-localization.
Han et al.[17] VM allocation policy - The policy protects the VMs allocated on the same host to be co-located from malicious users. - -The policy does not secure the interaction between VMs that are allocated on a different host.
- The policy does not secure the mobile user data while moving from the mobile device to the cloud.
- The policy has an absence of data isolation while VMs communicate between each other.
- The policy only decreases the efficiency and coverage attacks on the host.
Yu et al.[18] Mechanism -based network measurement - Increases the difficulty for malicious users to determine co-location on the user VMS. - Simple hiding of the hypervisor IP address is not sufficient, and the adversary can use another way to steal information from VMs.

Virtualization-based load balancing security techniques on VM

Dynamic allocation and migration for phone clones for preventing covert channel attacks

References

  1. Deng, M.; Petkovic, M.; Nalin, M. et al. (2011). "A Home Healthcare System in the Cloud--Addressing Security and Privacy Challenges". IEEE 4th International Conference on Cloud Computing: 549-556. doi:10.1109/CLOUD.2011.108. 
  2. 2.0 2.1 Rahimi, M.R.; Rn, J.; Liu, C.H. et al. (2014). "Mobile Cloud Computing: A Survey, State of Art and Future Directions". Mobile Networks and Applications 19 (2): 133–43. doi:10.1007/s11036-013-0477-4. 
  3. Zhang, Y.; Chen, X.; Li, J. et al. (2017). "Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing". Information Sciences 379: 42–61. doi:10.1016/j.ins.2016.04.015. 
  4. 4.0 4.1 4.2 Mollah, M.B.; Azad, M.A.K.; Vasilakos, A. (2017). "Security and privacy challenges in mobile cloud computing: Survey and way ahead". Journal of Network and Computer Applications 84: 38–54. doi:10.1016/j.jnca.2017.02.001. 
  5. 5.0 5.1 5.2 5.3 5.4 Han, Y.; Chan, J.; Alpcan, T. et al. (2015). "Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing". IEEE Transactions on Dependable and Secure Computing 14 (1): 95–108. doi:10.1109/TDSC.2015.2429132. 
  6. 6.0 6.1 6.2 Ristenpart, T.; Tromer, E.; Shacham, H. et al. (2009). "Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds". Proceedings of the 16th ACM Conference on Computer and Communications Security: 199–212. doi:10.1145/1653662.1653687. 
  7. 7.0 7.1 Zhang, Y.; Juels, A.; Reiter, M.K. et al. (2012). "Cross-VM side channels and their use to extract private keys". Proceedings of the 2012 ACM Conference on Computer and Communications Security: 305–316. doi:10.1145/2382196.2382230. 
  8. 8.0 8.1 8.2 Sgandurra, D.; Lupu, E. (2016). "Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems". ACM Computing Surveys (CSUR) 48 (3): 46. doi:10.1145/2856126. 
  9. Islam, M.; Rzzaque, A.; Hassan, M.H. et al. (2017). "Mobile Cloud-Based Big Healthcare Data Processing in Smart Cities". IEEE Access 5: 11887–11899. doi:10.1109/ACCESS.2017.2707439. 
  10. Hu, F.; Qiu, M.; Li, J. et al. (2011). "A Review on Cloud Computing: Design Challenges in Architecture and Security". Journal of Computing and Information Technology 19 (1): 25–55. doi:10.2498/cit.1001864. 
  11. Ellouze, A.; Gagnaire, M.; Haddad, A. (2015). "A Mobile Application Offloading Algorithm for Mobile Cloud Computing". Proceedings of the 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering: 34–40. doi:10.1109/MobileCloud.2015.11. 
  12. Dhanya, N.M.; Kousalya, G. (2015). "Adaptive and Secure Application Partitioning for Offloading in Mobile Cloud Computing". SSCC 2015: International Symposium on Security in Computing and Communication: 45–53. doi:10.1007/978-3-319-22915-7_5. 
  13. Shiraz, M.; Gani, A.; Jhokhar, R. et al. (2013). "A Review on Distributed Application Processing Frameworks in Smart Mobile Devices for Mobile Cloud Computing". IEEE Communications Surveys & Tutorials 15 (3): 1294–1313. doi:10.1109/SURV.2012.111412.00045. 
  14. Sahoo, J.; Mohapatra, S.; Lath, R. (2010). "Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues". Second International Conference on Computer and Network Technology: 222–226. doi:10.1109/ICCNT.2010.49. 
  15. 15.0 15.1 15.2 15.3 15.4 15.5 Hao, Z.; Tang, Y.; Zhang, Y. et al. (2015). "SMOC: A secure mobile cloud computing platform". 2015 IEEE Conference on Computer Communications: 2668-2676. doi:10.1109/INFOCOM.2015.7218658. 
  16. 16.0 16.1 16.2 16.3 16.4 Paladi, N.; Gehrmann, C.; Michalas, A. (2017). "Providing User Security Guarantees in Public Infrastructure Clouds". IEEE Transactions on Cloud Computing 5: 405-419. doi:10.1109/TCC.2016.2525991. 
  17. 17.0 17.1 17.2 17.3 17.4 17.5 17.6 17.7 Han, Y.; Chan, J.; Alpcan, T. et al. (2014). "Virtual machine allocation policies against co-resident attacks in cloud computing". 2014 IEEE International Conference on Communications: 786-792. doi:10.1109/ICC.2014.6883415. 
  18. 18.0 18.1 18.2 18.3 18.4 Yu, S.; Xiaolin, G.; Jiancai, L. et al. (2013). "Detecting VMs Co-residency in Cloud: Using Cache-based Side Channel Attacks". Elektronika ir Elektrotechnika 19 (5): 73–78. doi:10.5755/j01.eee.19.5.2422. 
  19. 19.0 19.1 19.2 Vaezpour, S.Y.; Zhang, R.; Wi, K. et al. (2016). "A new approach to mitigating security risks of phone clone co-location over mobile clouds". Journal of Network and Computer Applications 62: 171–184. doi:10.1016/j.jnca.2016.01.005. 
  20. 20.0 20.1 Jin, S.; Ahn, J.; Seol, J. et al. (2015). "H-SVM: Hardware-Assisted Secure Virtual Machines under a Vulnerable Hypervisor". IEEE Transactions on Computers 64 (10): 2833–2846. doi:10.1109/TC.2015.2389792. 
  21. 21.0 21.1 Liang, H.; Han, C.; Zhang, D. et al. (2015). "A Lightweight Security Isolation Approach for Virtual Machines Deployment". Inscrypt 2014: International Conference on Information Security and Cryptology: 516–529. doi:10.1007/978-3-319-16745-9_28. 
  22. Suo, H.; Liu, Z.; Wan, J. et al. (2013). "Security and privacy in mobile cloud computing". Proceedings from the 9th International Wireless Communications and Mobile Computing Conference: 655–659. doi:10.1109/IWCMC.2013.6583635. 
  23. Vattikonda, B.C.; Das, S.; Shacham, H. (2011). "Eliminating fine grained timers in Xen". Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop: 41–46. doi:10.1145/2046660.2046671. 
  24. Wu, J.; Ding, L.; Lin, Y. et al. (2012). "XenPump: A New Method to Mitigate Timing Channel in Cloud Computing". IEEE Fifth International Conference on Cloud Computing: 678–685. doi:10.1109/CLOUD.2012.28. 
  25. Aviram, A.; Hu, S.; Ford, B. et al. (2010). "Determinating timing channels in compute clouds". Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop: 103–108. doi:10.1145/1866835.1866854. 
  26. Shi, J.; Song, X.; Chen, H. et al. (2011). "Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring". IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops: 194–199. doi:10.1109/DSNW.2011.5958812. 

Notes

This presentation attempts to remain faithful to the original, with only a few minor changes to presentation. Grammar and punctuation has been updated reasonably to improve readability. In some cases important information was missing from the references, and that information was added. References appear in the order of the inline citations, by design.