Skip to main content
SpringerLink
Log in
Book cover

Elements of Cloud Computing Security pp 25–39Cite as

Security Threats in Cloud Computing

  • Chapter
  • First Online:

Part of the book series: SpringerBriefs in Computer Science ((BRIEFSCOMPUTER))

Abstract

This chapter discusses the most common threats in cloud computing. It starts with discussing data breaches and data loss. It also discusses the dangers of account and service hijacking in addition to the use of insecure APIs. The chapter also explains different threats to availability in the cloud and the dangers of malicious insiders. The chapter ends with the explanation of insufficient due diligence along with a few other minor threats.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. R. Shirey, Rfc 2828: Internet security glossary, in The Internet Society, p. 13 (2000)

    Google Scholar 

  2. T.T.W. Group et al., The notorious nine: cloud computing top threats in 2013, in Cloud Security Alliance (2013)

    Google Scholar 

  3. F. Chong, G. Carraro, R. Wolter, Multi-tenant data architecture, in MSDN Library, Microsoft Corporation, pp. 14–30 (2006)

    Google Scholar 

  4. Y. Zhang, A. Juels, A. Oprea, M.K. Reiter, Homealone: co-residency detection in the cloud via side-channel analysis, in 2011 IEEE Symposium on Security and Privacy (SP) (IEEE, 2011), pp. 313–328

    Google Scholar 

  5. R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, J. Molina, Controlling data in the cloud: outsourcing computation without outsourcing control, in Proceedings of the 2009 ACM Workshop on Cloud Computing Security (ACM, 2009), pp. 85–90

    Google Scholar 

  6. H. Takabi, J.B. Joshi, G.-J. Ahn, Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 6, 24–31 (2010)

    Article  Google Scholar 

  7. D. Koo, J. Hur, H. Yoon, Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage. Comput. Electr. Eng. 39(1), 34–46 (2013)

    Article  Google Scholar 

  8. S. Yu, C. Wang, K. Ren, W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing, in Proceedings of the IEEE Infocom, 2010 (IEEE, 2010), pp. 1–9

    Google Scholar 

  9. N. Park, Secure data access control scheme using type-based re-encryption in cloud environment, in Semantic Methods for Knowledge Management and Communication (Springer, Berlin, 2011), pp. 319–327

    Google Scholar 

  10. C.-I. Fan, S.-Y. Huang, Controllable privacy preserving search based on symmetric predicate encryption in cloud storage. Future Gener. Comput. Syst. 29(7), 1716–1724 (2013)

    Article  MathSciNet  Google Scholar 

  11. F. Fatemi Moghaddam, O. Karimi, M.T. Alrashdan, A comparative study of applying real-time encryption in cloud computing environments, in 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet) (IEEE, 2013), pp. 185–189

    Google Scholar 

  12. U. Somani, K. Lakhani, M. Mundra, Implementing digital signature with RSA encryption algorithm to enhance the data security of cloud in cloud computing, in 2010 1st International Conference on Parallel Distributed and Grid Computing (PDGC) (IEEE, 2010), pp. 211–216

    Google Scholar 

  13. M. Li, S. Yu, Y. Zheng, K. Ren, W. Lou, Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)

    Google Scholar 

  14. K. Liang, M.H. Au, J.K. Liu, W. Susilo, D.S. Wong, G. Yang, Y. Yu, A. Yang, A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener. Comput. Syst. 52, 95–108 (2015)

    Article  Google Scholar 

  15. A. Rahumed, H.C. Chen, Y. Tang, P.P. Lee, J. Lui, A secure cloud backup system with assured deletion and version control, in 2011 40th International Conference on Parallel Processing Workshops (ICPPW) (IEEE, 2011), pp. 160–167

    Google Scholar 

  16. J.D. Mehr, E.E. Murphy, N. Virk, L.M. Sosnosky, Hybrid distributed and cloud backup architecture. US Patent 8,935,366, 13 Jan 2015

    Google Scholar 

  17. V. Javaraiah, Backup for cloud and disaster recovery for consumers and smbs, in 2011 IEEE 5th International Conference on Advanced Networks and Telecommunication Systems (ANTS) (IEEE, 2011), pp. 1–3

    Google Scholar 

  18. D. Harnik, B. Pinkas, A. Shulman-Peleg, Side channels in cloud services: deduplication in cloud storage. IEEE Secur. Priv. 8(6), 40–47 (2010)

    Article  Google Scholar 

  19. Y. Fu, H. Jian, N. Xiao, L. Tian, F. Liu, Aa-dedupe: an application-aware source deduplication approach for cloud backup services in the personal computing environment, in 2011 IEEE International Conference on Cluster Computing (CLUSTER) (IEEE, 2011), pp. 112–120

    Google Scholar 

  20. Y. Tan, H. Jiang, D. Feng, L. Tian, Z. Yan, Cabdedupe: a causality-based deduplication performance booster for cloud backup services, in 2011 IEEE International Parallel and Distributed Processing Symposium (IPDPS) (IEEE, 2011), pp. 1266–1277

    Google Scholar 

  21. Y. Tan, H. Jiang, D. Feng, L. Tian, Z. Yan, G. Zhou, Sam: a semantic-aware multi-tiered source de-duplication framework for cloud backup, in 2010 39th International Conference on Parallel Processing (ICPP) (IEEE, 2010), pp. 614–623

    Google Scholar 

  22. J. Stanek, A. Sorniotti, E. Androulaki, L. Kencl, A secure data deduplication scheme for cloud storage, in Financial Cryptography and Data Security (Springer, Berlin, 2014), pp. 99–118

    Google Scholar 

  23. M. Bellare, S. Keelveedhi, T. Ristenpart, Message-locked encryption and secure deduplication, in Advances in Cryptology-EUROCRYPT (Springer, Berlin, 2013), pp. 296–312

    MATH  Google Scholar 

  24. Zeus bot found using Amazons EC2 as C and C server, http://goo.gl/g9PCtQ. Accessed 30 March 2016

  25. Amazon purges account hijacking threat from site, http://goo.gl/JJqxtd. Accessed 30 March 2016

  26. A. McIlwraith, Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness (Gower Publishing Ltd, UK, 2006)

    Google Scholar 

  27. A. Sirisha, G.G. Kumari, API access control in cloud using the role based access control model. Trendz Inf. Sci. Comput. (TISC) 2010, 135–137 (2010)

    Article  Google Scholar 

  28. L. Tang, L. Ouyang, W.T. Tsai, Multi-factor web api security for securing mobile cloud, in 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD) (2015), pp. 2163–2168

    Google Scholar 

  29. H.K. Lu, Keeping your api keys in a safe, in 2014 IEEE 7th International Conference on Cloud Computing (CLOUD) (2014), pp. 962–965

    Google Scholar 

  30. M. Alani, Securing the cloud against distributed denial of service attacks: a review, in 2nd International Conference of Applied Information and Communications Technologies (Elsevier, 2014)

    Google Scholar 

  31. Veriato, Insider threat spotlight report, http://goo.gl/rcGKcQ. Accessed 30 March 2016

  32. Y. Zhang, A. Juels, M.K. Reiter, T. Ristenpart, Cross-vm side channels and their use to extract private keys, in Proceedings of the 2012 ACM Conference on Computer and Communications Security (ACM, 2012), pp. 305–316

    Google Scholar 

  33. T.H. Noor, Q.Z. Sheng, S. Zeadally, J. Yu, Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. (CSUR) 46(1), 12 (2013)

    Article  Google Scholar 

  34. S. Bleikertz, A. Kurmus, Z.A. Nagy, M. Schunter, Secure cloud maintenance: protecting workloads against insider attacks, in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ACM, 2012), pp. 83–84

    Google Scholar 

  35. A. Nappa, M.Z. Rafique, J. Caballero, Driving in the cloud: an analysis of drive-by download operations and abuse reporting, in Detection of Intrusions and Malware, and Vulnerability Assessment (Springer, Berlin, 2013), pp. 1–20

    Google Scholar 

  36. S.K. Nair, S. Porwal, T. Dimitrakos, A.J. Ferrer, J. Tordsson, T. Sharif, C. Sheridan, M. Rajarajan, A.U. Khan, Towards secure cloud bursting, brokerage and aggregation, in 2010 IEEE 8th European Conference on Web Services (ECOWS) (2010), pp. 189–196

    Google Scholar 

  37. B.P. Rimal, A. Jukan, D. Katsaros, Y. Goeleven, Architectural requirements for cloud computing systems: an enterprise cloud approach. J. Grid Comput. 9(1), 3–26 (2011)

    Article  Google Scholar 

  38. M. Amini, N. Sadat Safavi, D. Khavidak, S. Mojtaba, A. Abdollahzadegan, Types of cloud computing (public and private) that transform the organization more effectively. Int. J. Eng. Res. Technol. (IJERT) 2(5), pp. 1263–1269 (2013)

    Google Scholar 

  39. D. Perez-Botero, J. Szefer, R.B. Lee, Characterizing hypervisor vulnerabilities in cloud computing servers, in Proceedings of the 2013 International Workshop on Security in Cloud Computing (Cloud Computing’13) (ACM, 2013), pp. 3–10

    Google Scholar 

  40. K. Hashizume, N. Yoshioka, E.B. Fernandez, Three misuse patterns for cloud computing, in Security Engineering for Cloud Computing: Approaches and Tools (Pennsylvania, IGI Global, 2012), pp. 36–53

    Google Scholar 

  41. E. Network, I.S. Agency, Cloud Computing: Benefits, Risks and Recommendations for Information Security (ENISA, Heraklion, 2009)

    Google Scholar 

  42. D. Zissis, D. Lekkas, Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)

    Article  Google Scholar 

  43. A. Nagarajan, V. Varadharajan, Dynamic trust enhanced security model for trusted platform based services. Future Gener. Comput. Syst. 27(5), 564–573 (2011)

    Article  Google Scholar 

  44. G. Grispos, T. Storer, W.B. Glisson, Calm before the storm: the challenges of cloud. Emerg. Dig. Forensics Appl. Crime Detect. Prev. Secur. 4(1), 28–48 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, Al-Khawarizmi International College, Abu Dhabi, United Arab Emirates

    Mohammed M. Alani

Authors
  1. Mohammed M. Alani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammed M. Alani .

Rights and permissions

Reprints and permissions

Copyright information

© 2016 The Author(s)

About this chapter

Cite this chapter

Alani, M.M. (2016). Security Threats in Cloud Computing. In: Elements of Cloud Computing Security. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-41411-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-41411-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-41410-2

  • Online ISBN: 978-3-319-41411-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation