The development of cloud computing has facilitate the organizations with its services. This makes the security and privacy of the cloud even more significant. Diversification and obfuscation approaches are of the most promising proactive techniques that protect computers from harmful malware, by preventing them to take advantage of the security vulnerabilities. There is a large body of research on the use of diversification and obfuscation techniques for improving the security in various domains, including cloud computing. Cloud computing provides an excellent setting for applying diversification/obfuscation, as the computing platforms (virtual machines) are implemented in software. The main objective of this study is to determine in what ways obfuscation and diversification techniques are used to enhance the security and privacy of the cloud computing, and discover the potential avenues for the further research. To achieve this goal, we systematically review and report the papers that discuss/propose a technique to enhance the security and privacy of the cloud, using diversification and obfuscation techniques. As the result of the search we collected 43 papers published on the topic. In this report we present the process of data collection, analysis of the results, and classification of the related studies. The classification is done based on how the diversification/obfuscation techniques are used to enhance the security in cloud computing environment. The presented study gives a clear view of the state of the art of the existing works in the field, and sheds light on the areas remained intact which could be avenues for further research. The existing works cover surprisingly a small set of the wealth of opportunities for diversification/obfuscation.
Shohreh Hosseinzadeh, Sami Hyrynsalmi, Mauro Conti, Ville Leppänen (University of Turku): Security and Privacy in Cloud Computing via Obfuscation and Diversification: A Survey
Presented at CLOUDCOM ’15 Proceedings of the 2015 IEEE 7th International Conference on Cloud Computing Technology and Science