Abstract
Cloud computing is a mixture of resources and services that are offered through the internet. Despite flexibility, efficiency, and lower costs, security worries and privacy issues make users skeptical of using cloud computing. In this paper, we discuss the most current security threats to cloud computing and how malicious users find a way to abuse cloud computing resources. Our work has helped security professionals and researchers understand real-life examples and trends surrounding security threats to cloud computing and how to mitigate them.
References
Almorsy, M., Grundy, J., Müller, I.: An analysis of the cloud computing security problem (2016). arXiv preprint arXiv:1609.01107
VMware vCloud Director. https://www.vmware.com/products/vcloud-director.html
OpenStack. https://www.openstack.org/software/
OMB announces ‘cloud first’ policy for agencies, Federal News Radio, 23 November 2010, and Jeffrey Zients, “Driving IT Reform: An Update,” Office of Management and Budget, 19 November 2010. http://www.federalnewsradio.com/?nid=249&sid=2129860
ENISA. https://www.enisa.europa.eu/publications/security-framework-for-govenmental-clouds
Cloud usage in APAC. http://www.asiacloudcomputing.org/images/documents/cri2016_acca.pdf
Riquet, D., Grimaud, G., Hauspie, M.: Large-scale coordinated attacks: Impact on the cloud security. In: 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, Palermo, pp. 558–563 (2012). doi:10.1109/IMIS.2012.76, http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6296915&isnumber=6296822
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 305–316. ACM, 16 October 2012
Tandon, S., Srushti, S.B., Agrawal, V.: Cache-based side-channel attack on aes in cloud computing environment. Int. J. Eng. Res. Technol. 3(10), 1080–1084 (2014)
Hussein, N.H., Khalid, A., Khanfar, K.: A Survey of Cryptography Cloud Storage Techniques (2016)
Cloud Security Alliance: Secaas Implementation Guidance, Category 7: Security Information and Event Management, pp. 1–33 (2012)
Mazurczyk, W., Szczypiorski, K.: Is cloud computing steganography-proof? In: 2011 Third International Conference on Multimedia Information Networking and Security (MINES), pp. 441–442 (2011). http://dx.doi.org/10.1109/MINES.2011.95
Gruschka, N., Iacono, L.: Vulnerable cloud: Soap message security validation revisited. In: 2009 IEEE International Conference on Web Services, ICWS 2009, pp. 625–631 (2009). http://dx.doi.org/10.1109/ICWS.2009.70
Lastpass breach (2015). https://krebsonsecurity.com/2015/06/password-manager-lastpass-warns-of-breach/
Lastpass breach (2011). https://www.cnet.com/news/lastpass-ceo-reveals-details-on-security-breach/
Anthem Hack. https://blog.digicert.com/anthem-hack-preventable/
TruffleHog. https://github.com/dxa4481/truffleHog
Hawkeye Malware. http://www.trendmicro.es/media/wp/piercing-hawkeye-whitepaper-en.pdf
Dyre Malware campaigns targeting salesforce. https://help.salesforce.com/articleView?id=Security-Alert-Dyre-Malware&type=1
Gameover Zeus. https://aws.amazon.com/security/security-bulletins/zeus-botnet-controller/
Neverquest. https://www.secureworks.com/research/banking-botnets-the-battle-continues
Dropbox Breach. http://fortune.com/2016/08/26/heres-why-dropbox-is-urging-users-to-reset-their-passwords/
Insecure API case in IRS. http://www.forbes.com/sites/kurtmarko/2015/05/27/irs-hack_fido-leadership/#31e162d62df0
FREAK vulnerability. https://www.scmagazine.com/more-than-600-cloud-services-still-vulnerable-to-freak-data-shows/article/536548/
Amazon ELB Service Event. https://aws.amazon.com/message/680587/
Misconfiguration consequences in Amazon S3 buckets. https://community.rapid7.com/community/infosec/blog/2013/03/27/1951-open-s3-buckets
Man-In-The-Cloud-Attack. https://www.imperva.com/docs/HII_Man_In_The_Cloud_Attacks.pdf
Hammertoss. https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
LOWBALL. https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
RedHack. http://thehackernews.com/2016/10/turkey-redhack.html
Evolution of Dridex. https://www.fireeye.com/blog/threat-research/2015/06/evolution_of_dridex.html
Neverquest. https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf
Dyn DDoS Attack. http://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/
Dyn DDos Attack Effect on Amazon Web Services. http://www.ciodive.com/news/how-amazon-responded-to-the-dyn-ddos-attack/429050/
Dyn DDoS Attack Exposes. http://www.infoworld.com/article/3134023/security/dyn-ddos-attack-exposes-soft-underbelly-of-the-cloud.html
Hotschedules DD0S. https://www.hotschedules.com/news/inside-a-vicious-ddos-attack/
Phishing in the cloud. https://pages.phishlabs.com/rs/130-BFB-942/images/2017%20PhishLabs%20Phishing%20and%20Threat%20Intelligence%20Report.pdf
APT1. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Borazjani, P.N. (2017). Security Issues in Cloud Computing. In: Au, M., Castiglione, A., Choo, KK., Palmieri, F., Li, KC. (eds) Green, Pervasive, and Cloud Computing. GPC 2017. Lecture Notes in Computer Science(), vol 10232. Springer, Cham. https://doi.org/10.1007/978-3-319-57186-7_58
Download citation
DOI: https://doi.org/10.1007/978-3-319-57186-7_58
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57185-0
Online ISBN: 978-3-319-57186-7
eBook Packages: Computer ScienceComputer Science (R0)