File Name: cloud computing and cyber security .zip
Skip to Main Content.
Cloud Computing is an emerging paradigm that is based on the concept of distributed computing. Its definition is related to the use of computer resources which are offered as a service. As with any novel technology, Cloud Computing is subject to security threats, vulnerabilities, and attacks.
Considering the significance of cloud security, this work is an attempt to identify the major threat factors to cloud security that may be critical in cloud environment. It also highlights the various methods employed by the attackers to cause the damage.
To accomplish our objective, we have reviewed the major publication related to cyber security. It is revealed that cyber-attacks are industry specific and vary significantly from one industry type to another. Finally, we have conducted the case study on cyber-attacks that are already occurred in cloud paradigm. Cyber-attacks were highlighted by categorizing them into phishing attacks and distributed denial of services.
This work will be profoundly helpful to the industry and researchers in understanding the various cloud specific cyber-attack and enable them to evolve the strategy to counter them more effectively. Keywords: Cyber security, cloud Attack, cybercrime, resource protection, cloud threat 1 Introduction Enterprises and individual users prefer outsourcing their services on the web, instead of maintaining the resources of their own.
Outsourcing of technical resources enables the organization to concentrate on business need instead of technical aspect that is managed by the experts in Information Technology IT area. To facilitate such users, a web based paradigm known as cloud computing has emerged and offering the services on utility model . The major goal of Cloud computing is to reduce the operating cost, increase throughput, increase the reliability and availability .
To cater the need of wide variety of users, cloud is offering three types of services. All these resources are offered on rent basis from the cloud instead of private services .
Users are also free from updating the operating system, installing the new patches that are frequently needed to plug the exploited vulnerabilities. In PaaS, development environment is offered as a service; whereas in SaaS, applications are offered as services. In SaaS environment, applications subscribed are available for use without any delay, while in legacy system user has to wait for months or sometimes for years to get the application developed.
Google docs, invoices, cloud ERP, etc. All these cloud deployment models have been classified depending upon the ownership held by the cloud user. If the cloud resources are under the control of cloud users, then it is known as private model aka on-premises model , whereas if the cloud resources are under the control of cloud provider in that case it is known as public cloud aka hosted model.
In public model, resources are accessed with the help of software known as clients that connect to the cloud server remotely. Desktop, Laptop, Smartphones, etc. Despite of the above advantages, Cloud computing has also lead to the emergence of various challenges.
Various factors need to be considered before the cloud adoption. Many of these issues are attributed due to the remote availability of resources, location of data center in other country, no control on data center, etc. All the above issues pave the fertile ground to the cyber attacker to determine the vulnerabilities and exploit the cloud resources. Understanding the criticality involved in cloud security, various working groups and standard organizations have been formed to take up cloud security.
Among all the above groups, Cloud security alliance is entirely committed for the cloud security. Many of the significant documents have already been published by CSA related to the cloud security. To identify the major contemporary threats, CSA has published the report on the top threats.
In this study, CSA has reviewed thousands of article related to cloud threat, asked from a number of experts and visited the different website. Correspondingly, the group has identified the major threats on cloud computing that have significant impact in cloud computing. In this most recent report, experts have identified the following nine critical threats to cloud security ranked in order of severity : 1. Data Breaches 2. Data Loss 3. Account Hijacking 4.
Insecure APIs 5. Denial of Service 6. Malicious Insiders 7. Abuse of Cloud Services 8. Insufficient Due Diligence 9. Shared Technology Issues. It is more critical in cloud computing where the data is under the control of third party and promotes the resource sharing among many users. Cloud computing has also opened the new avenue of attacks including side channel attack.
Multi-tenancy architecture of cloud computing also offers more vulnerability, if it is not properly designed. Data loss is the other key issue related to cloud security. In data loss users are losing the information stored, whereas in data breaches, information is stolen by the adversaries. For instance to secure the data, user may opt for data security.
But loss in encryption key may result in data loss. Similarly, to prevent the catastrophic loss if the user is storing the data in backup devices, it means data is more vulnerable to attack. It is believed that this threat is still relevant. In cloud paradigm it poses additional challenges. For instance, if credential is stolen by the adversary then he can eves drop, modify, information even worst can direct cloud users to illegitimate web site.
In the denial of services, illegitimate users are using the cloud resources and denying the legitimate users from accessing the resources. In cloud computing distributed denial of services DDoS attacks are frequently caused. This vulnerability has been observed due to third party usage of cloud APIs. Once the cloud users subscribe for the cloud resources they are passed under the control of subscribed users. This subscriber may be an adversary.
Consequently, huge resources come under the disposal of adversary that can be utilized by him in various analyses. In legacy system, to buy such resources required huge investment, consequently huge computation was not possible. However, it has been observed that these services are mis-utilized, particularly by the power user, for instance System administrator. The other major threat is malicious insider, in which someone from the inside only facilitates in external attacks.
These passages may be provided intentionally or un-intentionally. Opening of the mail that has received by the user and clicking the link provided aims of knowing more about the users organization falls under the category of un-intentional attack.
Considering the huge potential growth many new cloud provider have emerged and continue to emerge on daily basis.
Consequently, it is imperative to conduct the sufficient background check of the cloud provider, security offered, regulatory compliance, etc. Necessary contract related to data availability is also need to be placed to avoid any future disputes. Similarly, in SaaS environment, same application is shared among many users. In cloud, Hypervisor have significant role in isolation and resource provisioning.
Since, all the users are on the top layer of hypervisor, if the security of the hypervisor is compromised, security of the entire cloud may be breached at once.
Accessibility by anyone subscribing, and from anywhere is highly suitable for cyber criminals. Now, they can access the resources from any part of the world and any time, even the use of device is not restricting the usage of cloud resources.
Consequently, huge cloud resources under the disposal of adversary pose major threats to the cloud and web users. They are utilizing cloud resources in many of their cyber-attacks. McAfee and Guardian analytics have uncovered sophisticated attack that are targeting to financial services.
Before, it was considered that cyber-crime is confined to the Europe but the study revealed that it is reached to other parts of the world, including US and Columbia. These attacks are automated and targeting the account with huge balance. In addition, they have also targeted the credit union, large global bank, and regional bank. Twelve major threats have been identified by the . Identified threats have been denoted as T1 to T Abuse and nefarious use of cloud has been named as T1, insecure interfaces as T2, malicious insiders as T3, etc.
Other threats and their nomenclature have discussed in Table 1. Critically of these threats can be identified with the number of attacks that have already taken place. As per the study conducted by , T2 Insecure interfaces and APIs have been considered as the major threat, it is followed by T5 Data loss or leakage. Ranking of other threats can be determined by Figure 1 .
Number of incidents that took place in different cloud has been illustrated in Figure 2. From the total cyber-attack that took place The key objectives of these attacks were to harm the ICT users in one way or the other and the same has been illustrated in the Figure 3 .
In this study, cloud computing was categorized into hosted cloud and enterprise data center. Hosted model is similar to public model where the resources are under the control of cloud provider. The other model enterprise model is privately owned model where the resources are under the control of the owner.
Cloud computing security
Skip to search form Skip to main content You are currently offline. Some features of the site may not work correctly. DOI: Alzain and B. Soh and E.
This trend toward cloud computing has a direct impact on cyber security: rather than securing user machines, preventing malware access, and manag- ing.
Cyber-Attacks in Cloud Computing: A Case Study
Almost every business you can think of is using public cloud services for many of their critical business applications. Unfortunately as we head into , cyberattacks and breaches on cloud services are increasing. Here are 6 great tips that will help you secure your cloud apps and data! Cloud security is a set of policies, controls, procedures and technologies that should work together to protect your cloud-based applications and systems.
Skip to search form Skip to main content You are currently offline. Some features of the site may not work correctly. DOI: Chen and H. Zhang and Paul Moulema and X.
Viswanadham, Dr. Abstract:- The unique feature of Cloud Computing holds in its potential to eliminate the requirements for setting up of high- cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet from lightweight portable devices.
To browse Academia. Skip to main content.
CS 6393: Research Challenges in Cyber Security
Cloud computing security or, more simply, cloud security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security , network security , and, more broadly, information security. Cloud computing and storage provide users with capabilities to store and process their data in third-party data centers. When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. According to a Cloud Security Alliance report, insider attacks are one of the top seven biggest threats in cloud computing.
Девушка засмеялась: - Это же чудо-маркер. Я чуть кожу не содрала, пытаясь его стереть. Да и краска вонючая. Беккер посмотрел внимательнее. В свете ламп дневного света он сумел разглядеть под красноватой припухлостью смутные следы каких-то слов, нацарапанных на ее руке. - Но глаза… твои глаза, - сказал Беккер, чувствуя себя круглым дураком. - Почему они такие красные.
Будем охранять нашу крепость. Желаю веселого уик-энда. Чатрукьян заколебался. - Коммандер, мне действительно кажется, что нужно проверить… - Фил, - сказал Стратмор чуть более строго, - ТРАНСТЕКСТ в полном порядке. Если твоя проверка выявила нечто необычное, то лишь потому, что это сделали мы. А теперь, если не возражаешь… - Стратмор не договорил, но Чатрукьян понял его без слов.
- Нашу старую комнату в Стоун-Мэнор. - Я понимаю, но… - Сегодня у нас особый день - мы собирались отметить шесть месяцев. Надеюсь, ты помнишь, что мы помолвлены.
Человек в очках в тонкой металлической оправе стоял внизу, спиной к Беккеру, и смотрел в направлении площади. Беккер прижал лицо к прорези, чтобы лучше видеть. Иди на площадь, взмолился он мысленно.