Cloud vs malicious insider

Um artigo do Francisco Rocha e meu recentemente apresentado:

- explicação: http://www.cmuportugal.org/tiercontent.aspx?id=3634

- artigo: http://homepages.gsd.inesc-id.pt/~mpc/pubs/diamonds-final.pdf

"The paper “Lucy in the Sky without Diamonds: Stealing Confidential Data in the Cloud” that Francisco Rocha will present at the First International Workshop on Dependability of Clouds, Data Centers and Virtual Computing Environments, shows that a malicious insider can steal confidential data of the cloud user, so the user is mostly left with trusting the cloud provider. In the author’s opinion, “the paper achieves this goal by showing a set of attacks that demonstrate how a malicious insider can easily obtain passwords, cryptographic keys, files and other confidential data.” Additionally, the paper shows that recent research results that might be useful to protect data in the cloud, are still not enough to deal with the problem."