Abstract
This chapter discusses the most common threats in cloud computing. It starts with discussing data breaches and data loss. It also discusses the dangers of account and service hijacking in addition to the use of insecure APIs. The chapter also explains different threats to availability in the cloud and the dangers of malicious insiders. The chapter ends with the explanation of insufficient due diligence along with a few other minor threats.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
R. Shirey, Rfc 2828: Internet security glossary, in The Internet Society, p. 13 (2000)
T.T.W. Group et al., The notorious nine: cloud computing top threats in 2013, in Cloud Security Alliance (2013)
F. Chong, G. Carraro, R. Wolter, Multi-tenant data architecture, in MSDN Library, Microsoft Corporation, pp. 14–30 (2006)
Y. Zhang, A. Juels, A. Oprea, M.K. Reiter, Homealone: co-residency detection in the cloud via side-channel analysis, in 2011 IEEE Symposium on Security and Privacy (SP) (IEEE, 2011), pp. 313–328
R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, J. Molina, Controlling data in the cloud: outsourcing computation without outsourcing control, in Proceedings of the 2009 ACM Workshop on Cloud Computing Security (ACM, 2009), pp. 85–90
H. Takabi, J.B. Joshi, G.-J. Ahn, Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 6, 24–31 (2010)
D. Koo, J. Hur, H. Yoon, Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage. Comput. Electr. Eng. 39(1), 34–46 (2013)
S. Yu, C. Wang, K. Ren, W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing, in Proceedings of the IEEE Infocom, 2010 (IEEE, 2010), pp. 1–9
N. Park, Secure data access control scheme using type-based re-encryption in cloud environment, in Semantic Methods for Knowledge Management and Communication (Springer, Berlin, 2011), pp. 319–327
C.-I. Fan, S.-Y. Huang, Controllable privacy preserving search based on symmetric predicate encryption in cloud storage. Future Gener. Comput. Syst. 29(7), 1716–1724 (2013)
F. Fatemi Moghaddam, O. Karimi, M.T. Alrashdan, A comparative study of applying real-time encryption in cloud computing environments, in 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet) (IEEE, 2013), pp. 185–189
U. Somani, K. Lakhani, M. Mundra, Implementing digital signature with RSA encryption algorithm to enhance the data security of cloud in cloud computing, in 2010 1st International Conference on Parallel Distributed and Grid Computing (PDGC) (IEEE, 2010), pp. 211–216
M. Li, S. Yu, Y. Zheng, K. Ren, W. Lou, Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)
K. Liang, M.H. Au, J.K. Liu, W. Susilo, D.S. Wong, G. Yang, Y. Yu, A. Yang, A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener. Comput. Syst. 52, 95–108 (2015)
A. Rahumed, H.C. Chen, Y. Tang, P.P. Lee, J. Lui, A secure cloud backup system with assured deletion and version control, in 2011 40th International Conference on Parallel Processing Workshops (ICPPW) (IEEE, 2011), pp. 160–167
J.D. Mehr, E.E. Murphy, N. Virk, L.M. Sosnosky, Hybrid distributed and cloud backup architecture. US Patent 8,935,366, 13 Jan 2015
V. Javaraiah, Backup for cloud and disaster recovery for consumers and smbs, in 2011 IEEE 5th International Conference on Advanced Networks and Telecommunication Systems (ANTS) (IEEE, 2011), pp. 1–3
D. Harnik, B. Pinkas, A. Shulman-Peleg, Side channels in cloud services: deduplication in cloud storage. IEEE Secur. Priv. 8(6), 40–47 (2010)
Y. Fu, H. Jian, N. Xiao, L. Tian, F. Liu, Aa-dedupe: an application-aware source deduplication approach for cloud backup services in the personal computing environment, in 2011 IEEE International Conference on Cluster Computing (CLUSTER) (IEEE, 2011), pp. 112–120
Y. Tan, H. Jiang, D. Feng, L. Tian, Z. Yan, Cabdedupe: a causality-based deduplication performance booster for cloud backup services, in 2011 IEEE International Parallel and Distributed Processing Symposium (IPDPS) (IEEE, 2011), pp. 1266–1277
Y. Tan, H. Jiang, D. Feng, L. Tian, Z. Yan, G. Zhou, Sam: a semantic-aware multi-tiered source de-duplication framework for cloud backup, in 2010 39th International Conference on Parallel Processing (ICPP) (IEEE, 2010), pp. 614–623
J. Stanek, A. Sorniotti, E. Androulaki, L. Kencl, A secure data deduplication scheme for cloud storage, in Financial Cryptography and Data Security (Springer, Berlin, 2014), pp. 99–118
M. Bellare, S. Keelveedhi, T. Ristenpart, Message-locked encryption and secure deduplication, in Advances in Cryptology-EUROCRYPT (Springer, Berlin, 2013), pp. 296–312
Zeus bot found using Amazons EC2 as C and C server, http://goo.gl/g9PCtQ. Accessed 30 March 2016
Amazon purges account hijacking threat from site, http://goo.gl/JJqxtd. Accessed 30 March 2016
A. McIlwraith, Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness (Gower Publishing Ltd, UK, 2006)
A. Sirisha, G.G. Kumari, API access control in cloud using the role based access control model. Trendz Inf. Sci. Comput. (TISC) 2010, 135–137 (2010)
L. Tang, L. Ouyang, W.T. Tsai, Multi-factor web api security for securing mobile cloud, in 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD) (2015), pp. 2163–2168
H.K. Lu, Keeping your api keys in a safe, in 2014 IEEE 7th International Conference on Cloud Computing (CLOUD) (2014), pp. 962–965
M. Alani, Securing the cloud against distributed denial of service attacks: a review, in 2nd International Conference of Applied Information and Communications Technologies (Elsevier, 2014)
Veriato, Insider threat spotlight report, http://goo.gl/rcGKcQ. Accessed 30 March 2016
Y. Zhang, A. Juels, M.K. Reiter, T. Ristenpart, Cross-vm side channels and their use to extract private keys, in Proceedings of the 2012 ACM Conference on Computer and Communications Security (ACM, 2012), pp. 305–316
T.H. Noor, Q.Z. Sheng, S. Zeadally, J. Yu, Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. (CSUR) 46(1), 12 (2013)
S. Bleikertz, A. Kurmus, Z.A. Nagy, M. Schunter, Secure cloud maintenance: protecting workloads against insider attacks, in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ACM, 2012), pp. 83–84
A. Nappa, M.Z. Rafique, J. Caballero, Driving in the cloud: an analysis of drive-by download operations and abuse reporting, in Detection of Intrusions and Malware, and Vulnerability Assessment (Springer, Berlin, 2013), pp. 1–20
S.K. Nair, S. Porwal, T. Dimitrakos, A.J. Ferrer, J. Tordsson, T. Sharif, C. Sheridan, M. Rajarajan, A.U. Khan, Towards secure cloud bursting, brokerage and aggregation, in 2010 IEEE 8th European Conference on Web Services (ECOWS) (2010), pp. 189–196
B.P. Rimal, A. Jukan, D. Katsaros, Y. Goeleven, Architectural requirements for cloud computing systems: an enterprise cloud approach. J. Grid Comput. 9(1), 3–26 (2011)
M. Amini, N. Sadat Safavi, D. Khavidak, S. Mojtaba, A. Abdollahzadegan, Types of cloud computing (public and private) that transform the organization more effectively. Int. J. Eng. Res. Technol. (IJERT) 2(5), pp. 1263–1269 (2013)
D. Perez-Botero, J. Szefer, R.B. Lee, Characterizing hypervisor vulnerabilities in cloud computing servers, in Proceedings of the 2013 International Workshop on Security in Cloud Computing (Cloud Computing’13) (ACM, 2013), pp. 3–10
K. Hashizume, N. Yoshioka, E.B. Fernandez, Three misuse patterns for cloud computing, in Security Engineering for Cloud Computing: Approaches and Tools (Pennsylvania, IGI Global, 2012), pp. 36–53
E. Network, I.S. Agency, Cloud Computing: Benefits, Risks and Recommendations for Information Security (ENISA, Heraklion, 2009)
D. Zissis, D. Lekkas, Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)
A. Nagarajan, V. Varadharajan, Dynamic trust enhanced security model for trusted platform based services. Future Gener. Comput. Syst. 27(5), 564–573 (2011)
G. Grispos, T. Storer, W.B. Glisson, Calm before the storm: the challenges of cloud. Emerg. Dig. Forensics Appl. Crime Detect. Prev. Secur. 4(1), 28–48 (2013)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2016 The Author(s)
About this chapter
Cite this chapter
Alani, M.M. (2016). Security Threats in Cloud Computing. In: Elements of Cloud Computing Security. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-41411-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-41411-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-41410-2
Online ISBN: 978-3-319-41411-9
eBook Packages: Computer ScienceComputer Science (R0)