Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
What is the Cloud? Read chapter Read first chapter

2016 | OriginalPaper | Chapter

3. Security Threats in Cloud Computing

Author : Mohammed M. Alani

Published in: Elements of Cloud Computing Security

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

This chapter discusses the most common threats in cloud computing. It starts with discussing data breaches and data loss. It also discusses the dangers of account and service hijacking in addition to the use of insecure APIs. The chapter also explains different threats to availability in the cloud and the dangers of malicious insiders. The chapter ends with the explanation of insufficient due diligence along with a few other minor threats.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter About Cloud Security
next chapter Security Attacks in Cloud Computing
Literature
1.
R. Shirey, Rfc 2828: Internet security glossary, in The Internet Society, p. 13 (2000)
2.
T.T.W. Group et al., The notorious nine: cloud computing top threats in 2013, in Cloud Security Alliance (2013)
3.
F. Chong, G. Carraro, R. Wolter, Multi-tenant data architecture, in MSDN Library, Microsoft Corporation, pp. 14–30 (2006)
4.
Y. Zhang, A. Juels, A. Oprea, M.K. Reiter, Homealone: co-residency detection in the cloud via side-channel analysis, in 2011 IEEE Symposium on Security and Privacy (SP) (IEEE, 2011), pp. 313–328
5.
R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, J. Molina, Controlling data in the cloud: outsourcing computation without outsourcing control, in Proceedings of the 2009 ACM Workshop on Cloud Computing Security (ACM, 2009), pp. 85–90
6.
H. Takabi, J.B. Joshi, G.-J. Ahn, Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 6, 24–31 (2010)CrossRef
7.
D. Koo, J. Hur, H. Yoon, Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage. Comput. Electr. Eng. 39(1), 34–46 (2013)CrossRef
8.
S. Yu, C. Wang, K. Ren, W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing, in Proceedings of the IEEE Infocom, 2010 (IEEE, 2010), pp. 1–9
9.
N. Park, Secure data access control scheme using type-based re-encryption in cloud environment, in Semantic Methods for Knowledge Management and Communication (Springer, Berlin, 2011), pp. 319–327
10.
C.-I. Fan, S.-Y. Huang, Controllable privacy preserving search based on symmetric predicate encryption in cloud storage. Future Gener. Comput. Syst. 29(7), 1716–1724 (2013)MathSciNetCrossRef
11.
F. Fatemi Moghaddam, O. Karimi, M.T. Alrashdan, A comparative study of applying real-time encryption in cloud computing environments, in 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet) (IEEE, 2013), pp. 185–189
12.
U. Somani, K. Lakhani, M. Mundra, Implementing digital signature with RSA encryption algorithm to enhance the data security of cloud in cloud computing, in 2010 1st International Conference on Parallel Distributed and Grid Computing (PDGC) (IEEE, 2010), pp. 211–216
13.
M. Li, S. Yu, Y. Zheng, K. Ren, W. Lou, Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)
14.
K. Liang, M.H. Au, J.K. Liu, W. Susilo, D.S. Wong, G. Yang, Y. Yu, A. Yang, A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener. Comput. Syst. 52, 95–108 (2015)CrossRef
15.
A. Rahumed, H.C. Chen, Y. Tang, P.P. Lee, J. Lui, A secure cloud backup system with assured deletion and version control, in 2011 40th International Conference on Parallel Processing Workshops (ICPPW) (IEEE, 2011), pp. 160–167
16.
J.D. Mehr, E.E. Murphy, N. Virk, L.M. Sosnosky, Hybrid distributed and cloud backup architecture. US Patent 8,935,366, 13 Jan 2015
17.
V. Javaraiah, Backup for cloud and disaster recovery for consumers and smbs, in 2011 IEEE 5th International Conference on Advanced Networks and Telecommunication Systems (ANTS) (IEEE, 2011), pp. 1–3
18.
D. Harnik, B. Pinkas, A. Shulman-Peleg, Side channels in cloud services: deduplication in cloud storage. IEEE Secur. Priv. 8(6), 40–47 (2010)CrossRef
19.
Y. Fu, H. Jian, N. Xiao, L. Tian, F. Liu, Aa-dedupe: an application-aware source deduplication approach for cloud backup services in the personal computing environment, in 2011 IEEE International Conference on Cluster Computing (CLUSTER) (IEEE, 2011), pp. 112–120
20.
Y. Tan, H. Jiang, D. Feng, L. Tian, Z. Yan, Cabdedupe: a causality-based deduplication performance booster for cloud backup services, in 2011 IEEE International Parallel and Distributed Processing Symposium (IPDPS) (IEEE, 2011), pp. 1266–1277
21.
Y. Tan, H. Jiang, D. Feng, L. Tian, Z. Yan, G. Zhou, Sam: a semantic-aware multi-tiered source de-duplication framework for cloud backup, in 2010 39th International Conference on Parallel Processing (ICPP) (IEEE, 2010), pp. 614–623
22.
J. Stanek, A. Sorniotti, E. Androulaki, L. Kencl, A secure data deduplication scheme for cloud storage, in Financial Cryptography and Data Security (Springer, Berlin, 2014), pp. 99–118
23.
M. Bellare, S. Keelveedhi, T. Ristenpart, Message-locked encryption and secure deduplication, in Advances in Cryptology-EUROCRYPT (Springer, Berlin, 2013), pp. 296–312MATH
24.
25.
26.
A. McIlwraith, Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness (Gower Publishing Ltd, UK, 2006)
27.
A. Sirisha, G.G. Kumari, API access control in cloud using the role based access control model. Trendz Inf. Sci. Comput. (TISC) 2010, 135–137 (2010)CrossRef
28.
L. Tang, L. Ouyang, W.T. Tsai, Multi-factor web api security for securing mobile cloud, in 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD) (2015), pp. 2163–2168
29.
H.K. Lu, Keeping your api keys in a safe, in 2014 IEEE 7th International Conference on Cloud Computing (CLOUD) (2014), pp. 962–965
30.
M. Alani, Securing the cloud against distributed denial of service attacks: a review, in 2nd International Conference of Applied Information and Communications Technologies (Elsevier, 2014)
31.
32.
Y. Zhang, A. Juels, M.K. Reiter, T. Ristenpart, Cross-vm side channels and their use to extract private keys, in Proceedings of the 2012 ACM Conference on Computer and Communications Security (ACM, 2012), pp. 305–316
33.
T.H. Noor, Q.Z. Sheng, S. Zeadally, J. Yu, Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. (CSUR) 46(1), 12 (2013)CrossRef
34.
S. Bleikertz, A. Kurmus, Z.A. Nagy, M. Schunter, Secure cloud maintenance: protecting workloads against insider attacks, in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ACM, 2012), pp. 83–84
35.
A. Nappa, M.Z. Rafique, J. Caballero, Driving in the cloud: an analysis of drive-by download operations and abuse reporting, in Detection of Intrusions and Malware, and Vulnerability Assessment (Springer, Berlin, 2013), pp. 1–20
36.
S.K. Nair, S. Porwal, T. Dimitrakos, A.J. Ferrer, J. Tordsson, T. Sharif, C. Sheridan, M. Rajarajan, A.U. Khan, Towards secure cloud bursting, brokerage and aggregation, in 2010 IEEE 8th European Conference on Web Services (ECOWS) (2010), pp. 189–196
37.
B.P. Rimal, A. Jukan, D. Katsaros, Y. Goeleven, Architectural requirements for cloud computing systems: an enterprise cloud approach. J. Grid Comput. 9(1), 3–26 (2011)CrossRef
38.
M. Amini, N. Sadat Safavi, D. Khavidak, S. Mojtaba, A. Abdollahzadegan, Types of cloud computing (public and private) that transform the organization more effectively. Int. J. Eng. Res. Technol. (IJERT) 2(5), pp. 1263–1269 (2013)
39.
D. Perez-Botero, J. Szefer, R.B. Lee, Characterizing hypervisor vulnerabilities in cloud computing servers, in Proceedings of the 2013 International Workshop on Security in Cloud Computing (Cloud Computing’13) (ACM, 2013), pp. 3–10
40.
K. Hashizume, N. Yoshioka, E.B. Fernandez, Three misuse patterns for cloud computing, in Security Engineering for Cloud Computing: Approaches and Tools (Pennsylvania, IGI Global, 2012), pp. 36–53
41.
E. Network, I.S. Agency, Cloud Computing: Benefits, Risks and Recommendations for Information Security (ENISA, Heraklion, 2009)
42.
D. Zissis, D. Lekkas, Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)CrossRef
43.
A. Nagarajan, V. Varadharajan, Dynamic trust enhanced security model for trusted platform based services. Future Gener. Comput. Syst. 27(5), 564–573 (2011)CrossRef
44.
G. Grispos, T. Storer, W.B. Glisson, Calm before the storm: the challenges of cloud. Emerg. Dig. Forensics Appl. Crime Detect. Prev. Secur. 4(1), 28–48 (2013)
Metadata
Title
Security Threats in Cloud Computing
Author
Mohammed M. Alani
Copyright Year
2016
Book
Elements of Cloud Computing Security

Print ISBN: 978-3-319-41410-2

Electronic ISBN: 978-3-319-41411-9

Copyright Year: 2016

DOI
https://doi.org/10.1007/978-3-319-41411-9_3

Premium Partner

    Image Credits