Cloud computing holds the promise of simplifying the creation, management, and deployment of scalable services on the Internet, but it raises significant security and privacy concerns related to moving sensitive computation and sensitive data to a cloud provider's computers. In addition to all of the security problems that come with Internet-facing systems, cloud computing has challenges uniquely of its own, primarily due to the policy of resource sharing that allows cloud computing to be cost effective. Recent work has shown that such resource sharing can be exploited by a cloud user to extract confidential information from the cloud workloads of other users, leading to solutions that trade off performance for security. There have been recent advances towards verifying that cloud providers do provide the contracted quality of service, in particular for storage clouds where verification schemes are available to establish that data stored in the cloud can actually be retrieved. Verifying that a computation was done in the cloud as contracted is still an open problem, with new results showing that such verification is theoretically possible. Cloud computing services can also be used as launchpads for attacks against other Internet systems.
The purpose of this workshop is to advance the current state of the art in secure cloud computing with experts from academia and industry. Questions of interest to this workshop include: How do well-established approaches to system security (e.g., isolation) apply to cloud computing when the cloud runtime stack is controlled in part by the cloud provider and in part by the cloud user? Are there cost-effective secure mechanisms for protecting the confidentiality and integrity of user computation and data in resource-sharing clouds? How do we balance the need of users to establish the security of the cloud infrastructure with the need of the cloud provider to hide and protect the proprietary details of that same infrastructure? What security challenges will we face when the cloud becomes the primary approach to computing?