Abstract
The emerging technology popularly referred to as Cloud computing offers dynamically scalable computing resources on a pay per use basis over the Internet. Companies avail hardware and software resources as service from the cloud service provider as opposed to obtaining physical assets. Cloud computing has the potential for significant cost reduction and increased operating efficiency in computing. To achieve these benefits, however, there are still some challenges to be solved. Security is one of the prime concerns in adopting Cloud computing, since the user’s data has to be released from the protection sphere of the data owner to the premises of cloud service provider. As more Cloud based applications keep evolving, the associated security threats are also growing. In this paper an attempt has been made to identify and categorize the security threats applicable to Cloud environment. Threats are classified into Cloud specific security issues and traditional security attacks on various service delivery models of Cloud. The work also briefly discusses the virtualization and authentication related issues in Cloud and tries to consolidate the various security threats in a classified manner.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Buyya, R., Broberg, J., Goscinski, A.: Cloud Computing: Principles and Paradigms. Wiley, Hoboken (2011)
Kahiyamo, T.: Cloud Computing Security: How Risks and Threats are Affecting Cloud Adopting Decisions. MBA Thesis (2012)
Takabi, H., Joshi, J.B.D., Ahn, G.: SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments. In: Proc. IEEE 34th Annual Computer Software and Application Conference Workshops, July 19-23, pp. 393–398 (2010)
http://csrc.nist.gov/groups/SNA/Cloud-computing-cloud-def-v15.doc (accessed on: December 27, 2012)
Jensen, M., Schwenk, J., Gruscka, N., Iacono, L.L.: On Technical Security Issues in Cloud Computing. In: Proc. IEEE International Conference on Cloud Computing, September 21-25, pp. 109–116 (2009)
Lv, H., Hu, Y.: Analysis and Research About Cloud Computing Security Protect Policy. In: Proc. IEEE Int. Conference on Intelligence Science and Information Engineering, August 20-21, pp. 214–216 (2011)
Bakshi, A., Yogesh, B.: Securing Cloud from DDOS Attacks Using Intrusion Detection System in VM. In: Proc. IEEE Second Int. Conference on Communication Software and Networks, February 26-28, pp. 260–264 (2010)
Kilari, N., Sridaran, R.: A Survey on Security Threats for Cloud Computing. Int. Journal of Engineering Research and Technology 1(7) (September 2012)
Ramgovind, S., Eloff, M.M., Smith, E.: The Management of Security in Cloud Computing. In: Proc. IEEE Conference Information Security for South Africa, August 2-4, pp. 1–7 (2010)
Chauhan, N.S., Saxena, A.: Energy Analysis of Security for Cloud Application. In: Proc. Annual IEEE India Conference, pp. 1–6 (December 2011)
Liu, W.: Research on Cloud Computing Security Problem and Strategy. In: Proc. IEEE 2nd Int. Conference on Consumer Electronics, Communications and Networks, April 21-23, pp. 1216–1219 (2012)
Yu, X., Wen, Q.: A View About Cloud Data Security from Data Life Cycle. In: Proc. IEEE Intl. Conference on Computational Intelligence and Software Engineering, December 10-12, pp. 1–4 (2010)
Kantarcioglu, M., Bensoussan, A., Ru, S.: Impact of Security Risks on Cloud Computing Adoption. In: Proc. IEEE 49th Annual Allerton Conference on Communication, Control and Computing, September 28-30, pp. 670–674 (2011)
Hsin-Yi, T., Siebenhaar, M., Miede, A., Yulun, H., Steinmetz, R.: Threat as a Service? The Impact of Virtualization on Cloud Security. IT Professional 14(1), 32–37 (2011)
Subashini, S., Kavitha, V.: A Survey on Security Issues in Service Delivery Models of Cloud Computing. Journal of Network and Computer Applications 34(1), 1–11 (2011)
Bhadauria, R., Sanyal, S.: Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques. International Journal of Computer Applications, 47–66 (June 2012)
Halpert, B.: Auditing Cloud Computing: A Security and Privacy Guide. John Wiley & Sons, Inc., Hoboken (2011)
Zhang, Y., Juels, A., Opera, A., Reiter, M.K.: HomeAlone: Co-Residency Detection in the Cloud Via side-Channel Analysis. In: Proc. IEEE Symposium on Security and Privacy, May 22-25, pp. 313–328 (2011)
Carlson, C.: Side-Channel Attacks Threaten Data in the Cloud (May 30, 2012), http://www.fiercecio.com/storey/side-channel-attacks-threaten-data-cloud/2012-05-30 (accessed on : January 25, 2013)
Krutz, R.L., Vine, R.D.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley Publishing, Inc., Indianapolis (2010)
Chen, Y., Pascon, V., Katz, R.H.: “What’s New about Cloud Computing Security?” Technical Report (January 2010), http://www.eecs.berkeley.edu/pubs/Techrpts/2010/EECS.2020-5.pdf (accessed on : January 25, 2013)
Zetter, K.: FBI defends Disruptive Raid on Texas data Centers. (April 2009), http://www.wired.com/threatlevel/2009/04/data-centers-ra/ (accessed on: February 4, 2013)
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing. Communications of ACM 53(4), 50–58 (2010)
Carlin, S., Curran, K.: Cloud Computing security. International Journal of Ambient Computing and Intelligence 3, 14–19 (2011)
Swinson, M.: Data Security and privacy Issues in Cloud Computing. (March 2012), http://WWW.mallesons.com/publications/marketAlerts/2012/information-technologyupdate-march-2012/pages/Data-Security-and-Privacy-Issues-in-Cloud-Computingaspx (accessed on: February 18, 2013)
SSL/TLS deployment best practices. Version 1.0/; Ivan Ristic, Qualys SSL Labs (February 24, 2012), https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf (accessed on : March 22, 2013)
Rane, P.: Enterprise Applications in the Cloud: A SaaS Security Perspective (September 2010), http://esj.com/Articles/2010/02/09/Cloud-saas-security.aspx?page=2&p=1 (accessed on : March 22, 2013)
Kevin, G.: Software As A Service Security Facts You Should Consider (January 29, 2013), http://SaaSaddict.walkme.com/software-as-a-service-security-facts-you-should-consider/ (accessed on : March 22, 2013)
Microsoft White Paper, MS Strategy for Lightweight Directory Access Protocol (2010) http://technet:microsoft.com/en-us/library/cc750824.aspx (accessed on: December 10, 2012)
Jasti, A., Shah, P., Nagaraj, R., Pendse, R.: Security in Multitenancy. In: Proc. IEEE Int. Carnahan Conference on Security Technology, October 5-8, pp. 35–41 (2010)
Owens, K.: Securing Virtual Compute Infrastructure in the Cloud. Hos-white-paper-securing virtual-computer-infrastructure in the cloud.pdf
Sabahi, F.: Virtualization-level Security in Cloud computing. In: Proc. IEEE Third Int. Conference on Communication Software and Networks, May 27-29, pp. 250–254 (2011)
Gul, I., Rehman, A., Islam, M.H.: Cloud Computing Security Auditing. In: Proc. IEEE the 2nd Int. Conference on Next Generation Information Technology, June 21-23, pp. 143–148 (2011)
Joshi, B., Vijayan, A.S., Joshi, B.K.: Securing Cloud Computing Environment Against DDOS Attacks. In: IEEE Int. Conference on Computer Communication and Information, January 10-12, pp. 1–5 (2012)
Rumor: Amazon Hit with Denial-of-Service-Attack, Again (June 6, 2008), http://www.appscout.com/2008/rumor-amazon-hit-with-denialof.php (accessed on: December 2, 2012)
Tupakula, U., Varadarajan, V.: TVDSEC: Trusted Virtual Domain Security. In: Proc. IEEE 4th Intl. Conference on Utility and Cloud Computing, December 5-8, pp. 57–63 (2011)
Trend Micro, “Making Virtual Machines Cloud-Ready,” A Trend Micro White paper (2009), http://www.WhiteStratus.con/docs/making-vms-cloudready.pdf (accessed on: December 2, 2012)
Lin, Z.: Virtualization Security for Cloud Computing Service. In: Proc. IEEE Intl. Conference on Cloud and Service Computing, December 12-14, pp. 174–178 (2011)
Decarlo, A.L.: Myth Vs. Reality: Controlling VM Sprawl in the Cloud (January 2012), http://searchcloudprovider.techtarget.com/tip/Myth-vs-reality-Controlling-VM-sprawl-in-the-cloud (accessed on: March 22, 2013)
Forrester Inc., Press Release “Top Corporate Software Priority is Modernizing Legacy Applications” (June 8, 2009), http://www.imakenews.com/avnet_bio/e_article001459482.cfm?x=bfQ4d5j,b817d1c4,w (accessed on: March 15, 2013)
Sandikkaya, M.T., Harmanci, A.E.: Security Problems of Platform as a Service. In: 31st International Symposium on Reliable Distributed Systems (2012)
Takabi, H., Joshi, J.B.D., Ahn, G.: Security and Privacy Challenges in Cloud Computing Environments. IEEE Security Privacy 8(6), 24–31 (2010)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You Get Off My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In: Proc. of 16th ACM Conference on Computer and Communication Security, November 9-13, pp. 199–212 (2009)
Saltzer, J.H., Schroeder, M.D.: The Protection of information in Computer Systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)
Rfc 3820: Internet X.509 Public Key Infrastructure, http://ietf.org/html/rfc3820
Lamport, L., Shostak, R., Pease, M.: The byzantine General Problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)
Grobauer, B., Walloschk, T., Stocker, E.: Understanding Cloud Computing Vulnerabilities. IEEE Trans. Security & Privacy 9(2), 50–57 (2011)
Sample, C.: Cloud Computing Security: Routing and DNS Security threats (June 2009), http://www.searchsecurity.techtarget.com/tip/DNS-attacks-compromising-DNS-in-the-cloud (accessed on: March 15, 2013)
Meena, B., Challa, K.A.: Cloud Computing Security Issues with Possible Solutions. Int, Journal of Computer Science and Technology 2(1) (January-March 2012)
Andree, Y.: Implications of SalesForce Phishing Incident (November 2007), http://www.ebizq.net/blogs/security_insider/2007/11/implications_of_salesforce_phi.php (accessed on: March 22, 2013)
Prince, B.: Spam Campaign Caused by Stolen Drop box Employee Password (August 2010), http://www.eweek.com/c/a/Security/Spam-Campaign-Caused-by-Stolen-Dropbox-Employee-Password-344694/ (accessed on: March 15, 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Binu, S., Misbahuddin, M. (2013). A Survey of Traditional and Cloud Specific Security Issues. In: Thampi, S.M., Atrey, P.K., Fan, CI., Perez, G.M. (eds) Security in Computing and Communications. SSCC 2013. Communications in Computer and Information Science, vol 377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40576-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-40576-1_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40575-4
Online ISBN: 978-3-642-40576-1
eBook Packages: Computer ScienceComputer Science (R0)