J-STAGE Home  >  Publications - Top  > Bibliographic Information

Journal of Information Processing
Vol. 23 (2015) No. 4 pp. 465-475



  • [1] Mell, P. and Grance, T.: The NIST definition of cloud computing, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, United States Department of Commerce (2011).
  • [2] Takabi, H., Joshi, J.B. and Ahn, G.: Security and Privacy Challenges in Cloud Computing Environments, IEEE Security & Privacy, Vol.8, No.6, pp.24-31 (2010).
  • [3] Vaquero, L.M., Rodero-Merino, L. and Morán, D.: Locking the sky: A survey on IaaS cloud security, Computing, Vol.91, No.1, pp.93-118 (2011).
  • [4] Almorsy, M., Grundy, J. and Muller, I.: An analysis of the cloud computing security problem, Proc. APSEC 2010 Cloud Workshop, Sydney, Australia (Nov. 2010).
  • [5] Catteddu, D.: Cloud Computing: Benefits, risks and recommendations for information security, Springer (2010).
  • [6] Zhou, M., Zhang, R., Xie, W., Qian, W. and Zhou, A.: Security and privacy in cloud computing: A survey, 2010 6th International Conference on Semantics Knowledge and Grid (SKG), pp.105-112, IEEE (2010).
  • [7] Pearson, S. and Benameur, A.: Privacy, security and trust issues arising from cloud computing, 2010 IEEE 2nd International Conference on Cloud Computing Technology and Science (CloudCom), pp.693-702, IEEE (2010).
  • [8] Ristenpart, T., Tromer, E., Shacham, H. and Savage, S.: Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds, Proc. 16th ACM Conference on Computer and Communications Security, pp.199-212, ACM (2009).
  • [9] Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R. and Molina, J.: Controlling data in the cloud: Outsourcing computation without outsourcing control, Proc. 2009 ACM Workshop on Cloud Computing Security, pp.85-90, ACM (2009).
  • [10] OpenStack Community: OpenStack Cloud software, OpenStack Foundation (online), available from <http://www.openstack.org> (accessed 2014-09-10).
  • [11] OpenNebula Community: OpenNebula Cloud, OpenNebula (online), available from <http://www.opennebula.org> (accessed 2014-09-10).
  • [12] CloudStack Community: Apache CloudStack Software, Apache Foundation (online), available from <http://www.cloudstack.apache.org> (accessed 2014-09-10).
  • [13] Eucalyptus Community: Eucalyptus Cloud, Eucalyptus Systems (online), available from <http://www.eucalyptus.com> (accessed 2014-09-10).
  • [14] Computer Security Division: National Vulnerability Database, US National Institute of Standards and Technology (online), available from <http://www.nvd.nist.gov> (accessed 2014-09-10).
  • [15] Mell, P., Scarfone, K. and Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0, Published by FIRST-Forum of Incident Response and Security Teams, pp.1-23 (2007).
  • [16] OpenStack Community: OpenStack Logical Architecture, OpenStack Foundation (online), available from <http://goo.gl/SemROL> (accessed 2014-09-11).
  • [17] Fall, D., Chaisamran, N., Okuda, T., Kadobayashi, Y. and Yamaguchi, S.: Security Quantification of Complex Attacks In Infrastructure as a Service Cloud Computing, Proc. 3rd International Conference on Cloud Computing and Services Science (2013).
  • [18] Zhai, E., Wolinsky, D.I., Xiao, H., Liu, H., Su, X. and Ford, B.: Auditing the structural reliability of the clouds, Technical Report, Technical Report YALEU/DCS/TR-1479, Department of Computer Science, Yale University (2013), available from <http://www.cs.yale.edu/homes/zhai-ennan/sra.pdf>.
  • [19] Xiao, H., Ford, B. and Feigenbaum, J.: Structural cloud audits that protect private information, Proc. 2013 ACM Workshop on Cloud Computing Security Workshop, pp.101-112, ACM (2013).
  • [20] Khan, R.H., Ylitalo, J. and Ahmed, A.S.: OpenID authentication as a service in OpenStack, 2011 7th International Conference on Information Assurance and Security (IAS), pp.372-377, IEEE (2011).
  • [21] Ristov, S., Gusev, M. and Donevski, A.: OpenStack cloud security vulnerabilities from inside and outside, CLOUD COMPUTING 2013, The 4th International Conference on Cloud Computing, GRIDs, and Virtualization, pp.101-107 (2013).
  • [22] Donevski, A., Ristov, S. and Gusev, M.: Security assessment of virtual machines in open source clouds, 2013 36th International Convention on Information & Communication Technology Electronics & Microelectronics (MIPRO), pp.1094-1099, IEEE (2013).
  • [23] TaheriMonfared, A. and Jaatun, M.G.: As Strong as the Weakest Link: Handling compromised compoenents in OpenStack, Proc. 3rd IEEE International Conference on Cloud Computing Technology and Science (CloudCom) (2011).
  • [24] Ou, X., Boyer, W.F. and McQueen, M.A.: A scalable approach to attack graph generation, Proc. 13th ACM Conference on Computer and Communications Security, pp.336-345, ACM (2006).
  • [25] Ou, X., Govindavajhala, S. and Appel, A.W.: MulVAL: A Logic-based Network Security Analyzer (2005).
  • [26] Artz, M.L.: Netspa: A network security planning architecture, PhD Thesis, Massachusetts Institute of Technology (2002).
  • [27] Jajodia, S., Noel, S. and O'Berry, B.: Topological analysis of network attack vulnerability, Managing Cyber Threats, Springer, pp.247-266 (2005).
  • [28] Tenable Network Security: NESSUS vulnerability scanner, Tenable network security (online), available from <http://www.tenable.com/products/nessus> (accessed 2015-01-01).
  • [29] BeyondTrust Corporation: Retina network security scanner, BeyondTrust (online), available from <http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/> (accessed 2015-01-01).
  • [30] Tripwire Company: Tripwire IP360 Vulnerability & Risk management, Tripwire (online), available from <http://www.tripwire.com/it-security-software/enterprise-vulnerability-management/tripwire-ip360/> (accessed 2015-01-01).
  • [31] Skybox Corp: Risk analytics for cyber security, Skybox security (online), available from <http://www.skyboxsecurity.com/> (accessed 2015-01-01).
  • [32] ReadSeal Inc.: Read Seal systems, ReadSeal (online), available from <https://www.readseal.co/> (accessed 2015-01-01).
  • [33] Ben-Daya, M.: Failure Mode and Effect Analysis, Springer (2009).
  • [34] Rooney, J.J. and Heuvel, L.N.V.: Root cause analysis for beginners, Quality progress, Vol.37, No.7, pp.45-56 (2004).
  • [35] Vesely, W.E., Goldberg, F.F., Roberts, N.H. and Haasl, D.F.: Fault tree handbook, Technical report, DTIC Document (1981).
  • [36] Sandra, M.E. Wint: An Overview of Risk, RSA Risk Commission (online), available from <http://www.thersa.org/__data/assets/pdf_file/0005/286790/Risk-Commission-An-Overview-of-Risk.pdf> (accessed 2014-09-10).
  • [37] Ellis, L.: Reliability of systems, equipment and components - Guide to fault tree analysis, British Standard (online), available from <http://www.sre.org/At_Large/News/61025%20FTA.pdf> (accessed 2014-09-10).
  • [38] Stoneburner, G., Goguen, A. and Feringa, A.: Risk management guide for information technology systems, Nist special publication, Vol.800, No.30, pp.800-30 (2002).
  • [39] Bedford, T. and Cooke, R.: Probabilistic risk analysis: Foundations and methods, Cambridge University Press (2001).
  • [40] Li, A., Yang, X., Kandula, S. and Zhang, M.: CloudCmp: Comparing public cloud providers, Proc. 10th ACM SIGCOMM Conference on Internet Measurement, pp.1-14, ACM (2010).
  • [41] Garg, S.K., Versteeg, S. and Buyya, R.: Smicloud: A framework for comparing and ranking cloud services, 2011 4th IEEE International Conference on Utility and Cloud Computing (UCC), pp.210-218, IEEE (2011).
  • [42] Qian, H., Zu, H., Cao, C. and Wang, Q.: CSS: Facilitate the cloud service selection in IaaS platforms, 2013 International Conference on Collaboration Technologies and Systems (CTS), pp.347-354, IEEE (2013).
  • [43] Repschlaeger, J., Wind, S., Zarnekow, R. and Turowski, K.: A reference guide to Cloud Computing dimensions: Infrastructure as a service classification framework, 2012 45th Hawaii International Conference on System Science (HICSS), pp.2178-2188, IEEE (2012).
  • [44] Ovide, S.: A Price War Erupts in Cloud Services, The Wall Street Journal (online), available from <http://goo.gl/7g5fK3> (accessed 2014-09-10).
  • [45] Cheikes, B.A., Waltermire, D. and Scarfone, K.: Common Platform Enumeration: Naming Specification Version 2.3, NIST Interagency Report 7695, NIST-IR, Vol.7695 (2011).
  • [46] Buttner, A. and Ziring, N.: Common Platform Enumeration (CPE) - Specification Version 2.2, The MITRE Corporation - National Security Agency (2009).
Copyright © 2015 by the Information Processing Society of Japan

Article Tools

Share this Article