Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
What is the Cloud? Kapitel lesen Erstes Kapitel lesen

2016 | OriginalPaper | Buchkapitel

3. Security Threats in Cloud Computing

verfasst von : Mohammed M. Alani

Erschienen in: Elements of Cloud Computing Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This chapter discusses the most common threats in cloud computing. It starts with discussing data breaches and data loss. It also discusses the dangers of account and service hijacking in addition to the use of insecure APIs. The chapter also explains different threats to availability in the cloud and the dangers of malicious insiders. The chapter ends with the explanation of insufficient due diligence along with a few other minor threats.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel About Cloud Security
Nächstes Kapitel Security Attacks in Cloud Computing
Literatur
1.
R. Shirey, Rfc 2828: Internet security glossary, in The Internet Society, p. 13 (2000)
2.
T.T.W. Group et al., The notorious nine: cloud computing top threats in 2013, in Cloud Security Alliance (2013)
3.
F. Chong, G. Carraro, R. Wolter, Multi-tenant data architecture, in MSDN Library, Microsoft Corporation, pp. 14–30 (2006)
4.
Y. Zhang, A. Juels, A. Oprea, M.K. Reiter, Homealone: co-residency detection in the cloud via side-channel analysis, in 2011 IEEE Symposium on Security and Privacy (SP) (IEEE, 2011), pp. 313–328
5.
R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, J. Molina, Controlling data in the cloud: outsourcing computation without outsourcing control, in Proceedings of the 2009 ACM Workshop on Cloud Computing Security (ACM, 2009), pp. 85–90
6.
H. Takabi, J.B. Joshi, G.-J. Ahn, Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 6, 24–31 (2010)CrossRef
7.
D. Koo, J. Hur, H. Yoon, Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage. Comput. Electr. Eng. 39(1), 34–46 (2013)CrossRef
8.
S. Yu, C. Wang, K. Ren, W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing, in Proceedings of the IEEE Infocom, 2010 (IEEE, 2010), pp. 1–9
9.
N. Park, Secure data access control scheme using type-based re-encryption in cloud environment, in Semantic Methods for Knowledge Management and Communication (Springer, Berlin, 2011), pp. 319–327
10.
C.-I. Fan, S.-Y. Huang, Controllable privacy preserving search based on symmetric predicate encryption in cloud storage. Future Gener. Comput. Syst. 29(7), 1716–1724 (2013)MathSciNetCrossRef
11.
F. Fatemi Moghaddam, O. Karimi, M.T. Alrashdan, A comparative study of applying real-time encryption in cloud computing environments, in 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet) (IEEE, 2013), pp. 185–189
12.
U. Somani, K. Lakhani, M. Mundra, Implementing digital signature with RSA encryption algorithm to enhance the data security of cloud in cloud computing, in 2010 1st International Conference on Parallel Distributed and Grid Computing (PDGC) (IEEE, 2010), pp. 211–216
13.
M. Li, S. Yu, Y. Zheng, K. Ren, W. Lou, Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)
14.
K. Liang, M.H. Au, J.K. Liu, W. Susilo, D.S. Wong, G. Yang, Y. Yu, A. Yang, A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener. Comput. Syst. 52, 95–108 (2015)CrossRef
15.
A. Rahumed, H.C. Chen, Y. Tang, P.P. Lee, J. Lui, A secure cloud backup system with assured deletion and version control, in 2011 40th International Conference on Parallel Processing Workshops (ICPPW) (IEEE, 2011), pp. 160–167
16.
J.D. Mehr, E.E. Murphy, N. Virk, L.M. Sosnosky, Hybrid distributed and cloud backup architecture. US Patent 8,935,366, 13 Jan 2015
17.
V. Javaraiah, Backup for cloud and disaster recovery for consumers and smbs, in 2011 IEEE 5th International Conference on Advanced Networks and Telecommunication Systems (ANTS) (IEEE, 2011), pp. 1–3
18.
D. Harnik, B. Pinkas, A. Shulman-Peleg, Side channels in cloud services: deduplication in cloud storage. IEEE Secur. Priv. 8(6), 40–47 (2010)CrossRef
19.
Y. Fu, H. Jian, N. Xiao, L. Tian, F. Liu, Aa-dedupe: an application-aware source deduplication approach for cloud backup services in the personal computing environment, in 2011 IEEE International Conference on Cluster Computing (CLUSTER) (IEEE, 2011), pp. 112–120
20.
Y. Tan, H. Jiang, D. Feng, L. Tian, Z. Yan, Cabdedupe: a causality-based deduplication performance booster for cloud backup services, in 2011 IEEE International Parallel and Distributed Processing Symposium (IPDPS) (IEEE, 2011), pp. 1266–1277
21.
Y. Tan, H. Jiang, D. Feng, L. Tian, Z. Yan, G. Zhou, Sam: a semantic-aware multi-tiered source de-duplication framework for cloud backup, in 2010 39th International Conference on Parallel Processing (ICPP) (IEEE, 2010), pp. 614–623
22.
J. Stanek, A. Sorniotti, E. Androulaki, L. Kencl, A secure data deduplication scheme for cloud storage, in Financial Cryptography and Data Security (Springer, Berlin, 2014), pp. 99–118
23.
M. Bellare, S. Keelveedhi, T. Ristenpart, Message-locked encryption and secure deduplication, in Advances in Cryptology-EUROCRYPT (Springer, Berlin, 2013), pp. 296–312MATH
24.
25.
26.
A. McIlwraith, Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness (Gower Publishing Ltd, UK, 2006)
27.
A. Sirisha, G.G. Kumari, API access control in cloud using the role based access control model. Trendz Inf. Sci. Comput. (TISC) 2010, 135–137 (2010)CrossRef
28.
L. Tang, L. Ouyang, W.T. Tsai, Multi-factor web api security for securing mobile cloud, in 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD) (2015), pp. 2163–2168
29.
H.K. Lu, Keeping your api keys in a safe, in 2014 IEEE 7th International Conference on Cloud Computing (CLOUD) (2014), pp. 962–965
30.
M. Alani, Securing the cloud against distributed denial of service attacks: a review, in 2nd International Conference of Applied Information and Communications Technologies (Elsevier, 2014)
31.
32.
Y. Zhang, A. Juels, M.K. Reiter, T. Ristenpart, Cross-vm side channels and their use to extract private keys, in Proceedings of the 2012 ACM Conference on Computer and Communications Security (ACM, 2012), pp. 305–316
33.
T.H. Noor, Q.Z. Sheng, S. Zeadally, J. Yu, Trust management of services in cloud environments: obstacles and solutions. ACM Comput. Surv. (CSUR) 46(1), 12 (2013)CrossRef
34.
S. Bleikertz, A. Kurmus, Z.A. Nagy, M. Schunter, Secure cloud maintenance: protecting workloads against insider attacks, in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ACM, 2012), pp. 83–84
35.
A. Nappa, M.Z. Rafique, J. Caballero, Driving in the cloud: an analysis of drive-by download operations and abuse reporting, in Detection of Intrusions and Malware, and Vulnerability Assessment (Springer, Berlin, 2013), pp. 1–20
36.
S.K. Nair, S. Porwal, T. Dimitrakos, A.J. Ferrer, J. Tordsson, T. Sharif, C. Sheridan, M. Rajarajan, A.U. Khan, Towards secure cloud bursting, brokerage and aggregation, in 2010 IEEE 8th European Conference on Web Services (ECOWS) (2010), pp. 189–196
37.
B.P. Rimal, A. Jukan, D. Katsaros, Y. Goeleven, Architectural requirements for cloud computing systems: an enterprise cloud approach. J. Grid Comput. 9(1), 3–26 (2011)CrossRef
38.
M. Amini, N. Sadat Safavi, D. Khavidak, S. Mojtaba, A. Abdollahzadegan, Types of cloud computing (public and private) that transform the organization more effectively. Int. J. Eng. Res. Technol. (IJERT) 2(5), pp. 1263–1269 (2013)
39.
D. Perez-Botero, J. Szefer, R.B. Lee, Characterizing hypervisor vulnerabilities in cloud computing servers, in Proceedings of the 2013 International Workshop on Security in Cloud Computing (Cloud Computing’13) (ACM, 2013), pp. 3–10
40.
K. Hashizume, N. Yoshioka, E.B. Fernandez, Three misuse patterns for cloud computing, in Security Engineering for Cloud Computing: Approaches and Tools (Pennsylvania, IGI Global, 2012), pp. 36–53
41.
E. Network, I.S. Agency, Cloud Computing: Benefits, Risks and Recommendations for Information Security (ENISA, Heraklion, 2009)
42.
D. Zissis, D. Lekkas, Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)CrossRef
43.
A. Nagarajan, V. Varadharajan, Dynamic trust enhanced security model for trusted platform based services. Future Gener. Comput. Syst. 27(5), 564–573 (2011)CrossRef
44.
G. Grispos, T. Storer, W.B. Glisson, Calm before the storm: the challenges of cloud. Emerg. Dig. Forensics Appl. Crime Detect. Prev. Secur. 4(1), 28–48 (2013)
Metadaten
Titel
Security Threats in Cloud Computing
verfasst von
Mohammed M. Alani
Copyright-Jahr
2016
Buch
Elements of Cloud Computing Security

Print ISBN: 978-3-319-41410-2

Electronic ISBN: 978-3-319-41411-9

Copyright-Jahr: 2016

DOI
https://doi.org/10.1007/978-3-319-41411-9_3