COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
The Cloud Security Ecosystem - 1st Edition - ISBN: 9780128015957, 9780128017807

The Cloud Security Ecosystem

1st Edition

Technical, Legal, Business and Management Issues

Authors: Ryan Ko Raymond Choo
eBook ISBN: 9780128017807
Paperback ISBN: 9780128015957
Imprint: Syngress
Published Date: 1st June 2015
Page Count: 570
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Drawing upon the expertise of world-renowned researchers and experts, The Cloud Security Ecosystem comprehensively discusses a range of cloud security topics from multi-disciplinary and international perspectives, aligning technical security implementations with the most recent developments in business, legal, and international environments. The book holistically discusses key research and policy advances in cloud security – putting technical and management issues together with an in-depth treaties on a multi-disciplinary and international subject. The book features contributions from key thought leaders and top researchers in the technical, legal, and business and management aspects of cloud security. The authors present the leading edge of cloud security research, covering the relationships between differing disciplines and discussing implementation and legal challenges in planning, executing, and using cloud security.

Key Features

  • Presents the most current and leading-edge research on cloud security from a multi-disciplinary standpoint, featuring a panel of top experts in the field
  • Focuses on the technical, legal, and business management issues involved in implementing effective cloud security, including case examples
  • Covers key technical topics, including cloud trust protocols, cryptographic deployment and key management, mobile devices and BYOD security management, auditability and accountability, emergency and incident response, as well as cloud forensics
  • Includes coverage of management and legal issues such as cloud data governance, mitigation and liability of international cloud deployment, legal boundaries, risk management, cloud information security management plans, economics of cloud security, and standardization efforts


cloud security engineers and managers; information security researchers, practitioners, analysts, auditors, and decision-makers; business and management researchers and policy-makers

Table of Contents

  • Dedication
  • Foreword
  • Preface
    • How to Read This Book
  • About the Authors
  • List of Reviewers
  • Acknowledgments
  • Chapter 1: Cloud security ecosystem
    • Abstract
    • 1 How it all started—the story of an online bookstore
    • 2 Consolidation of terminologies and perspectives
    • 3 The achilles’ heel—depending on a trust relationship
    • 4 Top threats and vulnerabilities of cloud security
    • 5 Managing cloud security risks with the deming cycle
    • 6 Plan—threats, risk, and requirements landscape
    • 7 Do—cloud security approaches and challenges
    • 8 Check—forensics and incident response
    • 9 Act—governance and auditing
    • 10 Summary
  • Part 1: Plan: Threats, Risk, and Requirements Landscape
    • Chapter 2: Cybercrime in cloud: Risks and responses in Hong Kong, Singapore
      • Abstract
      • 1 Introduction
      • 2 Key factors shaping “response”: hong kong, singapore
      • 3 Discussion
    • Chapter 3: CATRA: Conceptual cloud attack taxonomy and risk assessment framework
      • Abstract
      • 1 Introduction
      • 2 Taxonomies: a literature survey
      • 3 Cloud attacks literature review
      • 4 Conceptual cloud attack taxonomy and risk assessment framework
      • 5 Example scenario: extortion by DDoS and account hijacking
      • 6 Conclusion and future work
    • Chapter 4: Multitiered cloud security model
      • Abstract
      • Acknowledgments
      • 1 Introduction
      • 2 The problem
      • 3 Holistic approach
      • 4 Why develop cloud security standards and guidelines
      • 5 Related work
      • 6 Design considerations of multitiered cloud security
      • 7 Benefits to stakeholders
      • 8 MTCS standards
      • 9 Self-disclosure
      • 10 Certification scheme
      • 11 Status
      • 12 Deployment
      • 13 Harmonization
      • 14 Future work
      • 15 Conclusion
  • Part 2: Do: Cloud Security Approaches and Challenges
    • Chapter 5: A guide to homomorphic encryption
      • Abstract
      • 1 Introduction
      • 2 Current industry work-arounds and their gaps
      • 3 History and related work
      • 4 Overview of partial homomorphic encryption schemes
      • 5 Fully homomorphic encryption
      • 6 Homomorphic encryption in the cloud
      • 7 Future of homomorphic encryption and open issues
      • 8 Alternatives to homomorphic encryption
      • 9 Summary
    • Chapter 6: Protection through isolation: Virtues and pitfalls
      • Abstract
      • 1 Introduction
      • 2 Hypervisors
      • 3 Shared networking architecture
      • 4 Isolation-based attack surface
      • 5 Inventory of known attacks
      • 6 Protection strategies
      • 7 Conclusion
    • Chapter 7: Protecting digital identity in the cloud
      • Abstract
      • 1 Introduction
      • 2 The rise of digital identity
      • 3 The rise of cloud computing
      • 4 Protecting digital identity in the era of cloud computing
      • 5 Conclusion
    • Chapter 8: Provenance for cloud data accountability
      • Abstract
      • 1 Introduction
      • 2 Related work
      • 3 Data provenance model for data accountability
      • 4 Reconstructing the data provenance
      • 5 Challenges
      • 6 Future work and concluding remarks
    • Chapter 9: Security as a service (SecaaS)—An overview
      • Abstract
      • 1 Introduction
      • 2 Background
      • 3 Traditional security
      • 4 Secaas categories of service
      • 5 Gaps identified after secaas classification
      • 6 Future work
      • 7 Concluding remarks
    • Chapter 10: Secure migration to the cloud—In and out
      • Abstract
      • 1 Introduction
      • 2 Who are cloud consumer and CSP?
      • 3 IT-Service of a small lawyer office migrates into the cloud
      • 4 Requirements for cloud migration
      • 5 Rollback scenarios
      • 6 Legal aspects
      • 7 Challenges in cloud migration
      • 8 Migration phases
      • 9 Auditing
      • 10 Summary
    • Chapter 11: Keeping users empowered in a cloudy Internet of Things
      • Abstract
      • 1 Introduction
      • 2 Problem space assumptions
      • 3 Delegated authenticated authorization
      • 4 Usage example
      • 5 Conclusion
    • Chapter 12: Cloud as infrastructure for managing complex scalable business networks, privacy perspective
      • Abstract
      • 1 Introduction
      • 2 Knowledge management
      • 3 Cloud computing overview
      • 4 Strategies toward successful KM system
      • 5 Modeling scalability and privacy
      • 6 Concluding summary
    • Chapter 13: Psychology and security: Utilizing psychological and communication theories to promote safer cloud security behaviors
      • Abstract
      • 1 Introduction
      • 2 Communication theories
      • 3 Cognitive psychology
      • 4 Other relevant theories
      • 5 Overcoming inhibitions to safer security behaviors
      • 6 Conclusion
      • Suggested further readings
  • Part 3: Check: Forensics and Incident Response
    • Chapter 14: Conceptual evidence collection and analysis methodology for Android devices
      • Abstract
      • 1 Introduction
      • 2 Related work
      • 3 An evidence collection and analysis methodology for android devices
      • 4 Conclusion
    • Chapter 15: Mobile cloud forensics: An analysis of seven popular Android apps
      • Abstract
      • 1 Introduction
      • 2 Android cloud apps
      • 3 Conclusion
    • Chapter 16: Recovering residual forensic data from smartphone interactions with cloud storage providers
      • Abstract
      • 1 Introduction
      • 2 Related work
      • 3 Experiment design
      • 4 Findings
      • 5 Discussion
      • 6 Conclusions and future work
      • Appendix A Metadata artifacts recovered dropbox service
      • Appendix B Metadata artifacts recovered box service
      • Appendix C Metadata artifacts recovered syncplicity service
    • Chapter 17: Integrating digital forensic practices in cloud incident handling: A conceptual Cloud Incident Handling Model
      • Abstract
      • 1 Introduction
      • 2 Background
      • 3 Cloud incident handling model: a snapshot
      • 4 Case study simulation: ownCloud
      • 5 Concluding remarks
    • Chapter 18: Cloud security and forensic readiness: The current state of an IaaS provider
      • Abstract
      • 1 Introduction
      • 2 Review of the private IaaS provider
      • 3 Conclusions
    • Chapter 19: Ubuntu One investigation: Detecting evidences on client machines
      • Abstract
      • 1 Introduction
      • 2 Related work
      • 3 Methodology
      • 4 Experiment setup
      • 5 Discussion and analysis
      • 6 Conclusion
  • Part 4: Act: Governance and Auditing
    • Chapter 20: Governance in the Cloud
      • Abstract
      • 1 Why is governance important?
      • 2 What are the questions that boards should be asking?
      • 3 Calculating ROI
      • 4 Auditing the cloud
      • 5 Conclusion
    • Chapter 21: Computational trust methods for security quantification in the cloud ecosystem
      • Abstract
      • 1 Introduction
      • 2 Computational trust: preliminaries
      • 3 State-of-the-art approaches tackling cloud security
      • 4 Computational trust methods for quantifying security capabilities
      • 5 Case studies
      • 6 Conclusion
      • Acknowledgment
      • Appendix. proof for theorem 1
    • Chapter 22: Tool-based risk assessment of cloud infrastructures as socio-technical systems
      • Abstract
      • Acknowledgments
      • 1 Introduction
      • 2 Structure of a typical cloud infrastructure scenario
      • 3 The TRESPASS project
      • 4 Modeling the scenario for analysis
      • 5 Identifying attacks
      • 6 Risk assessment
      • 7 Conclusion
  • Index


No. of pages:
© Syngress 2015
1st June 2015
eBook ISBN:
Paperback ISBN:

About the Authors

Ryan Ko

Dr. Ryan Ko is a Senior Lecturer with the University of Waikato, New Zealand. He established New Zealand's first Masters degree in Cyber Security and first dedicated Cyber Security Lab at the University of Waikato. His main research areas are Cyber Security, Cloud Data Provenance and Cloud Computing Security and Trust. Prior to joining the faculty, he was a lead computer scientist with Hewlett-Packard (HP) Labs’ Cloud and Security Lab and achieved first-in-the-world scientific breakthroughs in the area of cloud data provenance. Recipient of the Cloud Security Alliance (CSA) Ron Knode Service Award, he is active as Research Advisor for CSA Asia Pacific, and serves as chair and board member of several cyber security industry consortia and chapters. He is also the co-founder and co-chair of the CSA Cloud Data Governance Working Group, the first CSA research group led by a chapter in Asia Pacific. Dr. Ko is currently the co-chair of the IEEE TSCloud (2011-2014), IEEE TSP 2013, IEEE UbiSafe 2012, CSA APAC Congress, and Associate Editor of Wiley's Security and Communication Networks, International Journal of Cloud Applications and Computing, Editor of ACM XRDS from 2009 to 2011, and Technical Program Committee member and reviewer for several academic conferences and journals (e.g. Elsevier Information Systems, IEEE Spectrum, IEEE Trans. in Services Computing, etc). Prior to HP Labs and his Ph.D., Ko was an entrepreneur with two startups, and was with Micron Technology, Inc. Ko has spoken on Cloud Security at several locations in USA and Asia Pacific. He holds 3 international patents and is a member of the IEEE, ACM and AAAI. Most recently, he was one of 14 international subject matter experts selected by (ISC)2 to develop a new international certification like the CISSP for cloud security professionals

Affiliations and Expertise

Senior Lecturer, University of Waikato, New Zealand

Raymond Choo

Dr Kim-Kwang Raymond Choo is a Fulbright Scholar and Senior Lecturer at the University of South Australia. He has (co)authored a number of publications in the areas of anti-money laundering, cyber and information security, and digital forensics including a book published in Springer’s “Advances in Information Security” book series and six Australian Government Australian Institute of Criminology refereed monographs. He has been an invited speaker for a number of events (e.g. 2011 UNODC-ITU Asia-Pacific Regional Workshop on Fighting Cybercrime and 2011 KANZ Broadband Summit 2011), and delivered Keynote/Plenary Speeches at ECPAT Taiwan 2008 Conference on Criminal Problems and Intervention Strategy, 2010 International Conference on Applied Linguistics and 2011 Economic Crime Asia Conference, and Invited Lecture at the Bangladesh Institute of International and Strategic Studies. He was one of over 20 international (and one of two Australian) experts consulted by the research team preparing McAfee's commissioned report entitled “Virtual Criminology Report 2009: Virtually Here: The Age of Cyber Warfare”; and his opinions on cyber crime and cyber security are regularly published in the media. In 2009, he was named one of 10 Emerging Leaders in the Innovation category of The Weekend Australian Magazine / Microsoft's Next 100 series. He is also the recipient of several awards including the 2010 Australian Capital Territory (ACT) Pearcey Award for “Taking a risk and making a difference in the development of the Australian ICT industry”, 2008 Australia Day Achievement Medallion in recognition of my dedication and contribution to the Australian Institute of Criminology, and through it to the public service of the nation, British Computer Society’s Wilkes Award for the best paper published in the 2007 volume of the Computer Journal, and the Best Student Paper Award by the 2005 Australasian Conference on Information Security and Privacy.

Affiliations and Expertise

Fulbright Scholar and Senior Lecturer, University of South Australia, Research Director, Cloud Security Alliance, Australia Chapter


"... it is also likely at least one of the topics is of interest...If not, try a few that got my attention, even if outside of your domain." --Computing Reviews

"This book fills a large vacuum by providing in-depth knowledge of the security issues related to cloud computing…To defend hackers, we will have to arm ourselves with knowledge and defense weapons. This book is a good starting point." --Computing Reviews

Ratings and Reviews