Skip to main content
SpringerLink
Log in

Security Issues in Cloud Computing

  • Conference paper
  • First Online:
Green, Pervasive, and Cloud Computing (GPC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10232))

Included in the following conference series:

Abstract

Cloud computing is a mixture of resources and services that are offered through the internet. Despite flexibility, efficiency, and lower costs, security worries and privacy issues make users skeptical of using cloud computing. In this paper, we discuss the most current security threats to cloud computing and how malicious users find a way to abuse cloud computing resources. Our work has helped security professionals and researchers understand real-life examples and trends surrounding security threats to cloud computing and how to mitigate them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Almorsy, M., Grundy, J., Müller, I.: An analysis of the cloud computing security problem (2016). arXiv preprint arXiv:1609.01107

  2. VMware vCloud Director. https://www.vmware.com/products/vcloud-director.html

  3. OpenStack. https://www.openstack.org/software/

  4. OMB announces ‘cloud first’ policy for agencies, Federal News Radio, 23 November 2010, and Jeffrey Zients, “Driving IT Reform: An Update,” Office of Management and Budget, 19 November 2010. http://www.federalnewsradio.com/?nid=249&sid=2129860

  5. ENISA. https://www.enisa.europa.eu/publications/security-framework-for-govenmental-clouds

  6. Cloud usage in APAC. http://www.asiacloudcomputing.org/images/documents/cri2016_acca.pdf

  7. Riquet, D., Grimaud, G., Hauspie, M.: Large-scale coordinated attacks: Impact on the cloud security. In: 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, Palermo, pp. 558–563 (2012). doi:10.1109/IMIS.2012.76, http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6296915&isnumber=6296822

  8. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 305–316. ACM, 16 October 2012

    Google Scholar 

  9. Tandon, S., Srushti, S.B., Agrawal, V.: Cache-based side-channel attack on aes in cloud computing environment. Int. J. Eng. Res. Technol. 3(10), 1080–1084 (2014)

    Google Scholar 

  10. Hussein, N.H., Khalid, A., Khanfar, K.: A Survey of Cryptography Cloud Storage Techniques (2016)

    Google Scholar 

  11. Cloud Security Alliance: Secaas Implementation Guidance, Category 7: Security Information and Event Management, pp. 1–33 (2012)

    Google Scholar 

  12. Mazurczyk, W., Szczypiorski, K.: Is cloud computing steganography-proof? In: 2011 Third International Conference on Multimedia Information Networking and Security (MINES), pp. 441–442 (2011). http://dx.doi.org/10.1109/MINES.2011.95

  13. Gruschka, N., Iacono, L.: Vulnerable cloud: Soap message security validation revisited. In: 2009 IEEE International Conference on Web Services, ICWS 2009, pp. 625–631 (2009). http://dx.doi.org/10.1109/ICWS.2009.70

  14. Lastpass breach (2015). https://krebsonsecurity.com/2015/06/password-manager-lastpass-warns-of-breach/

  15. Lastpass breach (2011). https://www.cnet.com/news/lastpass-ceo-reveals-details-on-security-breach/

  16. Anthem Hack. https://blog.digicert.com/anthem-hack-preventable/

  17. TruffleHog. https://github.com/dxa4481/truffleHog

  18. Hawkeye Malware. http://www.trendmicro.es/media/wp/piercing-hawkeye-whitepaper-en.pdf

  19. Dyre Malware campaigns targeting salesforce. https://help.salesforce.com/articleView?id=Security-Alert-Dyre-Malware&type=1

  20. Gameover Zeus. https://aws.amazon.com/security/security-bulletins/zeus-botnet-controller/

  21. Neverquest. https://www.secureworks.com/research/banking-botnets-the-battle-continues

  22. Dropbox Breach. http://fortune.com/2016/08/26/heres-why-dropbox-is-urging-users-to-reset-their-passwords/

  23. Insecure API case in IRS. http://www.forbes.com/sites/kurtmarko/2015/05/27/irs-hack_fido-leadership/#31e162d62df0

  24. FREAK vulnerability. https://www.scmagazine.com/more-than-600-cloud-services-still-vulnerable-to-freak-data-shows/article/536548/

  25. Amazon ELB Service Event. https://aws.amazon.com/message/680587/

  26. Misconfiguration consequences in Amazon S3 buckets. https://community.rapid7.com/community/infosec/blog/2013/03/27/1951-open-s3-buckets

  27. Man-In-The-Cloud-Attack. https://www.imperva.com/docs/HII_Man_In_The_Cloud_Attacks.pdf

  28. Hammertoss. https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf

  29. LOWBALL. https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html

  30. RedHack. http://thehackernews.com/2016/10/turkey-redhack.html

  31. Evolution of Dridex. https://www.fireeye.com/blog/threat-research/2015/06/evolution_of_dridex.html

  32. Neverquest. https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf

  33. CodeSpaces. https://arstechnica.com/security/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/

  34. Dyn DDoS Attack. http://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/

  35. Dyn DDos Attack Effect on Amazon Web Services. http://www.ciodive.com/news/how-amazon-responded-to-the-dyn-ddos-attack/429050/

  36. Dyn DDoS Attack Exposes. http://www.infoworld.com/article/3134023/security/dyn-ddos-attack-exposes-soft-underbelly-of-the-cloud.html

  37. Hotschedules DD0S. https://www.hotschedules.com/news/inside-a-vicious-ddos-attack/

  38. Phishing in the cloud. https://pages.phishlabs.com/rs/130-BFB-942/images/2017%20PhishLabs%20Phishing%20and%20Threat%20Intelligence%20Report.pdf

  39. APT1. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf

Download references

Author information

Authors and Affiliations

  1. FireEye, Milpitas, California, USA

    Parnian Najafi Borazjani

Authors
  1. Parnian Najafi Borazjani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Parnian Najafi Borazjani .

Editor information

Editors and Affiliations

  1. Hong Kong Polytechnic University, Hong Kong, Hong Kong

    Man Ho Allen Au

  2. University of Salerno, Fisciano, Italy

    Arcangelo Castiglione

  3. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

  4. University of Salerno, Fisciano, Italy

    Francesco Palmieri

  5. Providence University, Taichung City, Taiwan

    Kuan-Ching Li

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Borazjani, P.N. (2017). Security Issues in Cloud Computing. In: Au, M., Castiglione, A., Choo, KK., Palmieri, F., Li, KC. (eds) Green, Pervasive, and Cloud Computing. GPC 2017. Lecture Notes in Computer Science(), vol 10232. Springer, Cham. https://doi.org/10.1007/978-3-319-57186-7_58

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-57186-7_58

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-57185-0

  • Online ISBN: 978-3-319-57186-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation