MSc.

Web and Cloud Computing

Cloud
Security
Buffer Overflow & NIDPS

Sankha Palihawadana

Table of Contents
Introduction...........................................................................................2
Cloud Services & Security.......................................................................3
Infrastructure as a Service (IAAS).........................................................4
Platform as a Service (PAAS)................................................................4
Software as a Service (SAAS)...............................................................4
Security Concerns when obtaining Cloud Services....................................5
Privacy Issues.....................................................................................5
Operational Trust Mode.....................................................................5
Resource Sharing..............................................................................6
Legal Issues........................................................................................6
Digital Forensics...............................................................................6
Jurisdictional Issues..........................................................................6
Security Attacks..................................................................................7
Buffer Overflow Attacks.....................................................................7
Denial of Service Attacks and Distributed Denial of Service Attacks.....8
Man in the Middle Attack...................................................................9
Authentication Attacks......................................................................9
New Attack Strategies.......................................................................9
Mitigating the Risks of Using Cloud Services..........................................10
Buffer Overflow Protection Mechanisms..............................................10
Canary Method................................................................................10
Data Execution Prevention (DEP) Method.........................................11
Address Space Layout Randomization (ASLR)...................................12
Intrusion Detection & Prevention Systems (IDPS)................................13
Signature Based Intrusion Detection Systems...................................13
Anomaly Based Intrusion Detection Systems....................................13
Intrusion Detection Systems in the Cloud.........................................13
Firewall.............................................................................................14
Firewalls in the Cloud......................................................................14
Firewalls and IDS............................................................................14
Virtual Private Network (VPN)............................................................15
ISO 27001.........................................................................................15
Conclusion...........................................................................................15
References...........................................................................................16

Introduction
1

With the introduction to high speed network and internet the traditional
computing paradigm started to shift. As a result the world was introduced to
the next generation of computing also known as Cloud computing. Cloud
computing means a collection of high powered, resourceful computers in the
same or different locations, connected through a network providing
infrastructures, platforms and software, as services also through a network
[1]. So this basically means a cloud user can buy a computer infrastructure,
platform or software which is created and maintained at a remote location
and the user can operate it over a network, usually the internet. With cloud
computing, businesses can create world class e-commerce platforms which
are much cheaper, quicker, up-to-date, scalable and mobile. As a result more
and more companies tend to move to the cloud [2].
Security for computer systems has been a major concern ever since the
computers were built. This concern increased with the introduction of
networked computers. When the internet came in to the picture, the
computers became even more vulnerable. These security issues are still
there in traditional computing even for today [3]. As mentioned earlier cloud
computing is, using computers through a network or through the internet. So
if the security issues in traditional computing increased with the use of
internet, security of computers accessed over the internet is going to
become a major issue in the computer industry.
This document will contain a detailed insight to the security issues in the
cloud based on infrastructure, platform and software, service categories.
Additionally the document will provide the ways of mitigating those
mentioned risks form cloud computing.

Cloud Services & Security

When moving to the cloud there are three different services which a
company can obtain. Based on the situation all three services or one service
only can be obtained. When considering the given scenario, all three services
should be obtained in order to transfer most of the businesss services to the
cloud.

Figure 1 shown below, shows the architecture of the three service

models (IAAS, PAAS and SAAS), with the bottom most virtualization layer and
top most end user layer.

Figure 1

Infrastructure as a Service (IAAS)

This is basically accessing a complete computer infrastructure through a
network. In other words, it means basically buying a computer but controlling
3

it through a network. When going for this service level, the user has the
facility to manage the operating system, applications, storage and network
connectivity [4] [5].
When obtaining infrastructure as a service the client has the major
responsibility

towards

security.

The

cloud

provider

also

has

some

responsibility when it comes to the underlying infrastructure. The cloud

provider should make sure that there are no vulnerabilities in the
virtualization layer and the physical infrastructure [6].

Platform as a Service (PAAS)

Unlike infrastructure as a service, this service restricts the user in accessing
the infrastructure controls such as managing the operating system. When
this service is obtained the users are given a pre-defined platform based on a
pre-installed operating system where the user can build the software. A
development environment and a runtime are also provided with the service.
So the user can develop and use a software through the network [4] [5].
When obtaining platform as a service, both the client as well as the provider
share an equal amount of responsibility towards security. The cloud provider
will be responsible to the security up to the platform level, including the
infrastructure while the client is responsible for the security of the
application. The clients should make sure that there are no vulnerabilities in
the application they made [7].

Software as a Service (SAAS)

As the name implies, software as a service is basically obtaining and using
software through a network. The user will get a pre-designed application
which is sometimes customizable, which can be used through a network [4]
[5].

When obtaining software as a service, the application is developed and

maintained by the cloud provider. So the cloud provider has a major
responsibility to secure the data. Since the cloud provider has a greater
control over the underlying technology, we should be able to make sure that
the selected cloud provider is capable of providing necessary security
measures [8].

Security Concerns when obtaining Cloud

Services
Whether it is cloud computing or traditional computing, both run on physical
hardware. Both have physical network connections and physical access.
Therefore all the issues which existed in traditional computing will apply to
cloud computing. Apart from that there is additional security concerns
emerged, due to the cloud computer architecture. Overall there are lot of
security threats and issues needed to be considered when moving to the
cloud [9]. Illustrated below are some of the issues needed to be considered
when moving to the cloud.

Privacy Issues
Operational Trust Mode
The data used and stored in a cloud environment will always be in a remote
location own by the cloud provider regardless of the cloud service the client
selects. So basically it means the cloud provider has access to all the clients
operations and business sensitive information [10]. So the client should be
able to trust the cloud provider. The responsibility of the two parties should
be mentioned in the SLA agreement before obtaining a cloud service due to
the trust issue [11].

Resource Sharing
In traditional computing, physical in-house resources such as storage and
servers were only used by one single organization or corporation. But in
cloud computing environment, all the resources provided to the client will be
virtual, running on an actual physical machine. So it is more likely that, there
will be more than one virtual machine sharing the same physical resources.
Sometimes two virtual machines in the same host might be used by two
competitive corporations. So there is a possibility in a data leakage of one
competitive corporation to the other and this might generate problems in
their business activities [10] [12].

Legal Issues
Digital Forensics
Unlike in traditional computing, investigations on hosts cannot be carried out
in cloud computing. After the allocated resources are used, the cloud
provider will allocate the resources to some other client. If something worth
investigating

occurs,

there

is

no

way

of

performing

post

mortem

investigations on resources as they are likely to be used by someone else at

that time [10].
Jurisdictional Issues
When moving in to the cloud, regardless of the cloud service selected, the
client will always manipulate data and information which is at a remote
location. These remote servers are owned by the cloud provider. Depending
on the cloud providers server architecture, the geographical location of the
servers may be different. For example there may be two servers of the same
cloud provider located at two different countries in the world. As a result the
data and its operations carried out by the client, may store and process at
any server, located at any part of the world. The cloud provider cannot
guarantee that it will always be in specific server in a specific location. That
6

is decided on number of factors such as load balancing, availability and faulttolerance [10]. As a result the data and information in the cloud may be
located in two or more different jurisdictions which may have dissimilar or
disagreeing rules on security and data protection.
Additionally the legal laws based on the jurisdiction may change as well.
Hence some governments might have access to your data based on the
location they are in [13].

Security Attacks
Cloud computing is nothing other than a normal client to server architecture
because the client is using services available on a remote server. Therefore
all cloud computers are vulnerable to normal client server architecture
attacks, such as buffer overflow attacks, sql injection attacks, man in the
middle attacks etc. [14].
Buffer Overflow Attacks
Buffer overflow attacks can be considered as one of the most common and
most serious attacks ever existed on computers. It has been one of the major
internet security issues in web based features like web services, cloud
services etc. So far buffer overflow attacks have been the source of web
attacks including server breaking-in, worms, zombies, and bonnets [15].
According to the CWE/SANS top twenty five most dangerous software errors,
buffer overflow attacks ranks in third place [16].
Buffer overflow attacks are carried out during the execution of a program by
overflowing the execution stack frames local variables. The figure 2 below
shows the stack frame of a function.
Data written on the buffer

Local Variables

EBP

Return Address

Attributes
7

Figure 2

Local Variables section holds the values of variables which the functions hold.
EPB section contains a pointer to the previous frame of the stack. Return
address contains the memory address of the next line to be executed while
attributes hold the attribute variables of the function.
When a particular function is executing, a stack as shown in figure 2 is
created and only the left most space is allocated to store variables and it also
known as the buffer. Even though the frame is created from right to left, the
local variables are written from left to right as shown. But this becomes
vulnerable if there are no bounds checking placed on the local variable
section.

Then the EBP and the return address could be overwritten by

overflowing the buffer. Since the return address contains the next line of
code to be executed, if this is changed to point to some other programs code
(malicious code), unauthorized access is possible by opening a shell [17].
Denial of Service Attacks and Distributed Denial of Service Attacks
When cloud security is concerned, denial of service attacks can also be
considered as a major security issue. The main goals of these kinds of
attacks are to flood the server with a large number of useless traffic and use
the maximum bandwidth of the host, so that the host will deny the service to
user. In cloud computing these types of attacks are different as there are no
fixed maximum hardware boundaries. This means that a server in the cloud,
will always handle these types of attacks by allocating more resources as the
useless traffic increases [14].
In a way this can be seen as a solution for denial of service attacks. But this
can also be helpful for the attacker as the attack does not need to perform
attacks to all the servers. A single attack on a single server will automatically
spread on all hosts consuming all the resources [14].
8

Distributed denial of service attack is also similar to denial of service attack

but it is carried out using a number of computers and internet network
connections, simultaneously, commonly from different parts of the world. So
the impact of the attack is much greater and faster [18].
Man in the Middle Attack
As the name implies, man in the middle attack is a basically an attacker
sniffing the communication between two parties. The attacker places himself
as a middle man between the communication stream and he participates
both as the client and the server. All the messages sent from the client will
be sent to the attacker and the attacker will send a message to the server as
the client. So the attacker has the opportunity to listen to the data while
forwarding or to change the data before sending it to the server [19] [20].
If the connection between the two parties is encrypted, still the attacker can
decrypt them as he can obtain the key when the key is generated initially
[20].
Authentication Attacks
Authentication is a common process in almost all web and software related
systems. When it comes to cloud, it is always used since all the cloud
services are access remotely. Proper authentication and authorization should
be carried out in order to offer secured services in cloud computing. As a
result any attack which targets the authentication process such as phishing
attacks can occur in the cloud environment especially when providing
services as software and platform [14].
New Attack Strategies
With the cloud new type of attack strategies were emerged. Since there are
number of virtual machines in a single host it may be possible for the
attacker to position himself accordingly and attack on a VM in the host.

Additionally if the attacker can attack on a VM, it is likely that he can attack
other VMs on the same host [10].
Apart from that since there are more than one VM in a single host, an attack
to the host can affect all the VMs in the host [10].

Mitigating the Risks of Using Cloud Services

Some of the security issues which exist in the cloud were mentioned earlier
in the document. However even though there are security issues in the
cloud, research shows that some solutions had been found in order to
mitigate the risks from the issues mentioned above. Shown below are some
of the possible solutions which are used to reduce the risks of using cloud
computers.

Buffer Overflow Protection Mechanisms

The best possible solution to prevent buffer overflow attacks is to do bounds
checking on the code. If the buffer cannot be overflowed beyond the bounds
then the program will not be vulnerable. Normally this would not occur if the
program is written using type-safe programming languages such as java and
C#, as they have automatic bounds checking mechanisms. But when using
programming languages like C and C++, the programmer has to manually
perform bounds checking. It is also recommended to use low risk functions
such as strccpy() and fgets() instead of functions like strcpy() and gets() as
they check if the buffer size is correct [21].
However programmers are human beings and even the best programmers
tend to make mistakes. So there should be some other mechanism to avoid
these kinds of vulnerabilities. Shown below are three types of buffer overflow
protection mechanisms.

10

Canary Method
This is a compiler modification protection mechanism against buffer overflow
attacks. If the source code of the program is available, the developer can recompile it using a modified compiler for automatic buffer overflow detection.
One of the commonly used such compiler is StackGuard [22] [23] [24].
As explained before and shown in figure 2, buffer overflow attacks, basically
overwrites the EBP and the return address by overflowing the buffer. To
prevent this, a known marker is added to the stack frame in-between the
local variables and EBP [22] [23] [24]. This marker is known as a canary and
figures 3 shows how this marker is added in-between the two segments.
Data written on the buffer

Canary
Local Variables

EBP

Return Address

Attributes

Figure 3

Before the function is returned, the program reads the value of the canary
and if the value is changed the program will know that there was an attempt
to overflow the buffer because in the process of overwriting the return
address, the canary will also be overwritten [22] [23] [24].
Apart from StackGuard there are some other compiler modification
protection methods available such as ProPolice and StackShield. StackShield
is another protection mechanism which is from Linux and it maintains a
separate stack to store return addresses in a different data segment. It is not
likely for an attacker to change both the stack frame and the stack with
return address using a buffer overflow. So the program validates the two
return addresses before returning, to make sure that there has been no
attempt on buffer overflow attacks [22].

11

Data Execution Prevention (DEP) Method

Unlike canary method, this is a host based intrusion detection system. This
basically prevents an attacker from placing executable code on the stack.
Shown below is a normal stack frame. When the attacker overrides the return
address, it is normally changed to a memory location of a malicious code. For
that an attacker has to have a malicious code in the memory. In order to do
that, the attacker can insert some NOP commands and the malicious code in
to the local variables segment before overriding it. Now the attacker can use
that memory address as the return address. Since there are some NOP
commands at the beginning it will not be a problem even if the guessed
memory location is before the actual malicious code. To prevent this DEP is
used. In DEP the local variable section of the stack will be marked as nonexecutable. So even if the attacker places the malicious code on the stack it
will not be executed as it is marked as non-executable [25]. Figure 4 shows
the stack frame with malicious code in the section which is marked as nonexecutable.
Data written on the buffer

Malicious
Code

NOP

NOP

NOP

Local Variables

EBP

Return Address

Attributes

Figure 4
Marked as Non-Executable

However when this attack was not possible, attackers were able to find
another approach by changing the return address to an existing code rather
than an injected code. This was known as return to Libc exploit [26].
Address Space Layout Randomization (ASLR)
As mentioned earlier, when DEP prevented buffer overflow attacks, attackers
tend to use existing codes instead of injected codes. Address Space Layout
12

Randomization is a protection mechanism against return to libc attacks. In

order to perform such an attack, the attacker should change the return
address of the stack frame to an existing library call such as the system()
functions. Using the system function the attacker can communicate with the
environments command processor. So for this attack to be successful the
attacker must know the exact memory location of the system function [26].
Address space layout randomization will basically change the memory
address of each memory regions such as libraries, stack, heap etc. So if they
are randomized each time, the attacker will not be able to guess the correct
memory address of the library function to return [26].

Intrusion Detection & Prevention Systems (IDPS)

As the name implies, an intrusion detection and prevention system is a
system which is used to detect and prevent unauthorized and harmful
intrusions to the host. There are different types of IDPSs available. Host IDPS
is a systems which monitors the incoming and outgoing packets of a host
while network IDPS monitors the packets entering and leaving the network
[27].
Signature Based Intrusion Detection Systems
This intrusion detection system will detect intrusions by matching incoming
packets with a set of predefined signatures. These predefined signatures will
hold information about known malicious threats and it will match them with
the incoming packets. The problem is that the IDS might not be updated with
the latest set of signatures of latest threats in time to detect them [27].
Anomaly Based Intrusion Detection Systems
Unlike signature based

intrusion detection, anomaly based

intrusion

detection works, by comparing the in-bound and out-bound traffic against an

established baseline which principally classifies regular communication of

13

the system. It mainly contains most common ports, bandwidth, devices and
protocols used. If a significant change occurs in the network traffic compared
to the baseline, an alert will be given [27].
Intrusion Detection Systems in the Cloud
In traditional server architecture, an IDS is deployed within the dedicated
hardware near the gateway of the infrastructure. But this changes in the
cloud. There may be more than one virtual host running on a physical cloud
environment. So it is likely for an attack to come from inside the cloud as
well as outside the cloud. In order to overcome this, intrusion detection
systems should be deployed to secure separate virtual hosts as well as the
complete cloud infrastructure, and both the cloud provider and the client
should maintain these intrusion detection systems separately [27] [28].

Firewall
Firewall in a network acts as a barrier in-between the private network and
the public network (internet). Basically a firewall will restrict packets to pass
through if a certain criteria is met or not met. For example, there can be
firewalls with whitelists, where every packet is denied by default and allowed
only if certain criterion is met. Similarly there are firewalls with blacklists
which are the opposite of whitelist firewalls [29].
Firewalls in the Cloud
Cloud environment is basically a collection of virtual machines. So we cannot
deploy a firewall between the cloud and the internet because it will not
protect each VM against each other in the cloud. One solution for this is
make the network traffic from all the VM flow out of the cloud using VLANs
and makes them go through a firewall. But this increases latency and
decreases performance. Another solution is to use software based firewalls in
each VM, but it may have performance issues and maintenance issues [30].

14

To overcome these issues, virtual firewalls can be used in the cloud

environment. There are two types of virtual firewalls such as Bridge-mode
virtual firewalls and hypervisor-mode virtual firewalls [30].
Firewalls and IDS
Firewalls are responsible of restricting access to the server or the network
while IDS is to monitor for suspicious activity. Both firewalls and IDSs should
be deployed in clouds for better security and firewalls should be at the
border of the VMs network as a barrier while the IDS is alongside overseen
the packets [30] [31].

Virtual Private Network (VPN)

VPN is a secured network connection virtually made over unsecured public
network such as the internet. VPN is one of the most secure ways to transmit
data over the internet and since there is no dedicated line, relatively it can
be considered as a cheap secured connection [32].

ISO 27001
ISO 27001 is a set of standards published by the international organization
for standards, which defines the requirements for information security
management systems. This is more of a generic list of standards, but could
also be applied to cloud computing. In the standard document there are a set
of standards related to information security and data privacy, which can be
directly applied to the cloud. So if a cloud provider is met with these
standards, we can assume that our data in their cloud is safe [33].
Additionally if the cloud provider is met with the standards, they bound to
protect the business data in the cloud and to meet the legal requirements of
nations in which you seek to do business [33].
Apart

from

ISO

27001,

there

are

some

other

information

security

management standards such as NISTs 800-53 R3 which provides guidelines

15

for specifying security controls, HIPAA for privacy of health data, PCI DSS
V2.0 for cardholder data security [34].

Conclusion
Cloud computing is a recently emerged phenomena which provides
cooperate server and e-commerce solutions, virtually over a network. With
the hype of cloud computing and its benefits more and more businesses start
to move to the cloud. Even though there are number of advantages in
moving to the cloud, it raises a question when it comes to cloud security.
Any virtual machine running in the cloud normally acts as actual physical
machines. So all the vulnerabilities which existed in computing will continue
to cloud computing. But with the multi tenancy architecture of the cloud,
these security issues may become a bigger threat. Another major security
issue in the cloud is the ownership and locality of the data stored in the
cloud. With the dynamic and global architecture of the cloud, business
sensitive data stored may be vulnerable.
Although there are number of security concerns mentioned with cloud
computing, there are number of steps which could be taken in order to
mitigate the risks. If necessary security steps are taken, and if the cloud
provider can be trusted, moving to the cloud can save a lot of money for a
business. Ultimately it comes to whether the amount of money a business is
going to save on moving to the cloud, is more than the amount of money
needed to secure the data in the cloud.

16

References
[1] Xu Wang, Beizhan Wang, and Jing Huang, "Cloud computing and its key
techniques," in Computer Science and Automation Engineering (CSAE), 2011
IEEE International Conference, Shanghai, 2011, pp. 404 - 410.
[2] Tim Weber. (2010, May) BBC News. [Online].
http://www.bbc.co.uk/news/10097450
[3] L.J. Bottino, "Security Measures in a Secure Computer Communications
Architecture," in 25th Digital Avionics Systems Conference, Portland, 2006, pp.
1 - 18.
[4] J. Gibson, R. Rondeau, D. Eveleigh, and Qing Tan, "Benefits and challenges of
three cloud computing service models," in Computational Aspects of Social
Networks (CASoN), 2012 Fourth International Conference, Sao Carlos, 2012, pp.
198 - 205.
[5] F.B. Shaikh and S. Haider, "Security threats in cloud computing," in Internet
Technology and Secured Transactions (ICITST), 2011 International Conference,
Abu Dhabi, 2011, pp. 214 - 219.
[6] A.S. Ibrahim, J. Hamlyn-Harris, John Grundy, and M. Almorsy, "CloudSec: A
security monitoring appliance for Virtual Machines in the IaaS cloud model," in
Network and System Security (NSS), 2011 5th International Conference, Milan,
2011, pp. 113 - 120.
[7] Gansen Zhao, Ziliu Li, Wenjun Li, and Keywords, "Privacy Enhancing Framework
on PaaS," in Cloud and Service Computing (CSC), 2012 International
Conference, Shanghai, 2012, pp. 131 - 137.
[8] Yu-Hui Wang, "The role of SaaS privacy and security compliance for continued
SaaS use," in Networked Computing and Advanced Information Management
(NCM), 2011 7th International Conference, Gyeongju, 2011, pp. 303 - 306.
[9] M. Hamdi, "Security of cloud computing, storage, and networking," in
Collaboration Technologies and Systems (CTS), 2012 International Conference,
Denver, 2012, pp. 1 - 5.
[10 Brian Hay, K. Nance, and M. Bishop, "Storm Clouds Rising: Security Challenges
] for IaaS Cloud Computing," in System Sciences (HICSS), 2011 44th Hawaii
17

International Conference, Kauai, 2011, pp. 1 - 7.

[11 S.A. de Chaves, C.B. Westphall, and F.R. Lamin, "SLA Perspective in Security
] Management for Cloud Computing," in Networking and Services (ICNS), 2010
Sixth International Conference, Cancun, 2010, pp. 212 - 217.
[12 T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, You, Get Off of My
] Cloud: Exploring Information Leakage in Third-Party Compute Clouds," in 16th
ACM conference on Computer and communications security, Chicago, 2009, pp.
199-212.
[13 Bill Thompson. (2008, May) BBC News. [Online].
] http://news.bbc.co.uk/1/hi/7421099.stm
[14 Ajey Singh and Maneesh Shrivastava, "Overview of Attacks on Cloud
] Computing," International Journal of Engineering and Innovative Technology,
vol. I, no. 4, pp. 321-323, Apr. 2012.
[15 Kotha Jothsna and. R.V. Krishniah, "A Signature-Free Buffer Overflow Attack
] Blocker Using Genetic Programming ," International Journal of Emerging
Technology and Advanced Engineering, vol. III, no. 2, pp. 640-647, February
2013.
[16 Common Weakness Enumeration. (2011) 2011 CWE/SANS Top 25 Most
] Dangerous Software Errors. [Online]. http://cwe.mitre.org/top25/
[17 Desheng Fu and Feiyue Shi, "Buffer Overflow Exploit and Defensive Techniques,"
] in Multimedia Information Networking and Security (MINES), 2012 Fourth
International Conference, Nanjing, 2012, pp. 87 - 90.
[18 Chin-Ling Chen, "Detecting distributed denial-of-service attack traffic by
] statistical test," in Communications and Networking in China, 2008. ChinaCom
2008. Third International Conference, Hangzhou, 2008, pp. 1253 - 1257.
[19 R.K. Guha, Zeeshan Furqan, and Shahabuddin Muhammad, "Discovering Man-in] the-Middle Attacks in Authentication Protocols," in Military Communications
Conference, Orlando, 2007, pp. 1 - 7.
[20 Wang Yong, Wang Huadeng, Li Zhaohong, and Huang Jinxiang, "Man-in-the] middle attack on BB84 protocol and its defence," in Computer Science and
Information Technology, 2009. ICCSIT 2009. 2nd IEEE International Conference ,
Beijing, 2009, pp. 438 - 439.
[21 Gary McGraw and John Viega. (2000, Mar.) IBM - Make your software behave:
] Preventing buffer overflows. [Online].
http://www.ibm.com/developerworks/library/s-buffer-defend.html
[22 Benjamin A. Kuperman, Carla E. Brodley, Hilmi Ozdoganoglu, T. N. Vijaykumar,
18

] and Ankit Jalote, "Detection and prevention of stack buffer overflow attacks,"
Communications of the ACM, vol. 48, no. 11, pp. 50-56 , Nov. 2005.
[23 C. Cowan, P. Wagle, C. Pu, and S. Beattie, "Buffer overflows: attacks and
] defenses for the vulnerability of the decade," in DARPA Information Survivability
Conference and Exposition, vol. II, Hilton Head, SC, 2000, pp. 119 - 129.
[24 roosh. (2014, Jan.) StackGuard: Automatic Adaptive Detection and Prevention of
] Buffer-Overflow Attacks. [Online].
http://www.roosh.org/summaries/StackGuard.html
[25 N. Stojanovski, M. Gusev, D. Gligoroski, and S.J. Knapskog, "Bypassing Data
] Execution Prevention on MicrosoftWindows XP SP2," in Availability, Reliability
and Security, 2007. ARES 2007. The Second International Conference, 1222 1226, 2007, pp. 1222 - 1226.
[26 Michael Dalton, Hari Kannan, and Christos Kozyrakis, "Real-world buffer overflow
] protection for userspace & kernelspace," in SS'08 Proceedings of the 17th
conference on Security symposium, Berkeley, CA, USA, 2008, pp. 395-410.
[27 Sudhir N. Dhage, "International Journal of Cloud Computing," Int. Journal. Cloud
] Computing, vol. I, no. 2/3, pp. 261-282, 2012.
[28 S. Roschke, Feng Cheng, and C. Meinel, "Intrusion Detection in the Cloud," in
] Dependable, Autonomic and Secure Computing, 2009. DASC '09. Eighth IEEE
International Conference , Chengdu, 2009, pp. 729 - 734.
[29 Shui Yu, R. Doss, Wanlei Zhou, and Song Guo, "A general cloud firewall
] framework with dynamic resource allocation," in Communications (ICC), 2013
IEEE International Conference, Budapest, 2013, pp. 1941 - 1945.
[30 Clement Berthelot, "Evaluation of a Virtual Firewall in a Cloud Environment ,"
] Edinburgh Napier University, Edinburgh, MSc 2011.
[31 Infosec Institute. (2014, january) Infosec Institute. [Online].
] http://resources.infosecinstitute.com/network-design-firewall-idsips/
[32 infosec. (2008, February) VPN SECURITY. [Online].
] http://www.infosec.gov.hk/english/technical/files/vpn.pdf
[33 IT Governance. (2013, February) INFORMATION SECURITY & ISO 27001. [Online].
] http://www.itgovernance.co.uk/files/Infosec_101v1.1.pdf
[34 S. Ristov, M. Gusev, and M. Kostoska, "A new methodology for security
] evaluation in cloud computing," in MIPRO, 2012 Proceedings of the 35th
International Convention, Opatija, 2012, pp. 1484 - 1489.

19

20