Guest Editorial: Cloud Security

CLOUD computing is the future but it will not be if users’ security concerns remain unaddressed. Cloud security issues include data privacy, data integrity, and service availability, among others. Due to the extra computing involved, security controls often incur a certain amount of performance degradation in cloud computing where performance is crucial and its computation and communication complexities are already high. This poses challenges to system developers with regards to preventing privacy leaks, performing data auditing, and guaranteeing high availability in the face of various security attacks. On the other hand, should the task of addressing these security issues be solely placed on the shoulders of the cloud service providers, or indeed should both the service providers and the service users be responsible for this task? A number of studies have been carried out that investigate the fundamental properties of cloud security issues, including data auditing, searchable data encryption, hypervisor protection, cloud forensics, and disaster recovery, to name but a few. In fact, cloud security is driving how we define and develop cloud computing solutions. The objective of this special issue is to provide a forum for researchers working on cloud security to present their recent research results. This special issue attracted 58 submissions of high quality research from around the world. Through a rigorous review process, the following 10 paperswere selected for publication. These papers present results of analysis, experimentation, simulation, advanced theories, and system implementation. More specifically, they cover the topics of Operating System (OS) Fingerprinting, Side-Channel Attacks, Attribute-Based Signatures (ABSs), Fuzzy Authorization for Cloud Storage, Secure Software-Defined Network (SDN) Architecture for Cloud, Self-Destructing Data, Secure Group Data Sharing, Data Access Control for Peer-to-Peer Storage Cloud, SQL Operations on Encrypted Data, and Linear Regression Outsourcing.We now summarize these papers in the order of the listed topics above. In the paper “Multi-Aspect, Robust, and Memory Exclusive Guest OS Fingerprinting,” Z. Lin et al. propose a multiaspect and memory exclusive approach for precise and robust guest operating system fingerprinting in cloud. Their implemented prototype system was evaluated and experimental results with 27 OS kernels show that code signature of their design can precisely fingerprint all known OSs in a fast fashion. In the paper “Preventing Cache-Based Side-Channel Attacks in a Cloud Environment,” M. Godfrey et al. investigate the usage of central processing unit (CPU)-cache based side-channels in the cloud and how they compare to traditional side-channel attacks. The authors show that new techniques are necessary to mitigate these sorts of attacks in a cloud environment, and specify the requirements for such solutions. They also design and implement two new cachebased side-channel mitigation techniques. They implement their proposed techniques, and test them against traditional cloud technology, and show that the two techniques are able to prevent cache-based side-channels in a cloud environment without interferingwith the cloudmodel. In the paper “Efficient Attribute-Based Signatures for Non-Monotone Predicates in the Standard Model,” K. Takashima et al. present a fully secure attribute-based signature (ABS) scheme in the standard model. The proposed ABS scheme is the first to support general non-monotone predicates, which can be expressed using NOT gates as well as AND, OR, and Threshold gates, while the existing ABS schemes only support monotone predicates. In the paper “Fuzzy Authorization for Cloud Storage,” S. Zhu et al. propose a new authorization scheme, called fuzzy authorization, to facilitate an application registered with one cloud party to access data residing in another cloud party. Their scheme enables the fuzziness of authorization to enhance the scalability and flexibility of file sharing by taking advantage of the one-to-one correspondence between the Linear Secret-Sharing Scheme (LSSS) and generalized Reed Solomon (GRS) code. In the paper “Byzantine-Resilient Secure SoftwareDefined Networks with Multiple Controllers in Cloud,” S. Guo et al. present a secure software-defined network (SDN) structure for the cloud system, in which each device is managed by multiple controllers, instead of using only a single one as in a traditional manner. The proposed structure can resist Byzantine attacks on controllers and the communication links between controllers and SDN switches. The authors also study a controller minimization problem with security requirement and propose a cost-efficient controller assignment algorithmwith a constant approximation ratio. D.S.L. Wei is with the Computer and Information Science Department, Fordham University, Bronx, NY 10458. E-mail: wei@cis.fordham.edu. Dr. Siani is with Pearson Principal Research Scientist Secur ...