SlideShare a Scribd company logo

N017259396

IOSR Journals
IOSR Journals

Volume 17, Issue 2, Ver. V (Mar – Apr. 2015)

Technology
1 of 4
Download to read offline
IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 2, Ver. V (Mar – Apr. 2015), PP 93-96 www.iosrjournals.org DOI: 10.9790/0661-17259396 www.iosrjournals.org 93 | Page Internal & External Attacks in cloud computing Environment from confidentiality, integrity and availability points of view 1 Tayseer TagElsir Ahmed Osman, 2 Dr. Amin babiker A/Nabi Mustafa Alneelian University Abstract: Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. General example of cloud services is Google apps, provided by Google and Microsoft SharePoint. The rapid growth in field of “cloud computing” also increases severe security concerns. This paper aims to identify security threats in cloud computing, which will enable both end users and vendors to know about the key security threats associated with cloud computing. I. Introduction: Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. Security has remained a constant issue for Open Systems and internet, when we are talking about security cloud really suffers. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud computing is surrounded by many security issues like securing data. This paper will presented type of threats that effect the cloud computer environment and what's the techniques use to prevent the security . Technical Components of Cloud Computing: key functions of a cloud management system is divided into four layers, respectively the Resources & Network Layer, Services Layer, Access Layer, and User Layer. Each layer includes a set of functions:  The Resources & Network Layer manages the physical and virtual resources.  The Services Layer includes the main categories of cloud services, namely, NaaS, IaaS, PaaS, SaaS/CaaS, the service orchestration function and the cloud operational function.  The Access Layer includes API termination function, and Inter-Cloud peering and federation function.  The User Layer includes End-user function, Partner function and Administration function. Security as a Service Security as a Service is more than an outsourcing model for security management; it is an essential component in secure business resiliency and continuity. A security focused provider offers greater security expertise than is typically available within an organization. Governance and Enterprise Risk Management A major element of governance will be the agreement between provider and customer (SLA).Risk management is the primary means of decision support for IT resources dedicated to delivering the confidentiality, integrity, and availability of information. Security Threats Originating Between the Customer and the Datacenter Virtual machines live their lives as disk images that are hosted on a hypervisor platform and are easily copied or transferred to other locations. This mobility is advantageous because it allows VMs to be transported to other physical machines via an image file that defines the virtual disk for that IDENTIFYING CLOUD COMPUTING SECURITY RISKS 69 . Unfortunately, the ability to move and copy VMs poses a security risk because the entire system, applications, and data can be stolen without physically stealing the machine “From a theft standpoint, VMs are easy to copy to a remote machine, or walk off with on a storage device” Threats for Cloud Service Users 1. Loss of Governance 2. Loss of Trust 3. Unsecure Cloud Service User Access 4. Lack of Information/Asset Management 5. Data loss and leakage
Internal & External Attacks in cloud computing Environment from confidentiality, integrity …. DOI: 10.9790/0661-17259396 www.iosrjournals.org 94 | Page Threats for Cloud Service Providers 1. Evolutional Risks 2. Business Discontinuity 3. License Risks Software 4. Bad Integration 5. Unsecure Administration API 6. Shared Environment 7. Service Unavailability 8. Data Unreliability Cloud Threats The threats to information assets residing in the cloud can vary according to the cloud delivery models used by cloud user organizations. Cloud threats were categorized according to the Confidentiality, Integrity and Availability (CIA).Next table below cloud computing threats Table (1): Cloud Threats Threats Description Confidentiality Insider user threats: - Malicious cloud provider user - Malicious cloud customer user - Malicious third party user (supporting either the cloud provider or customer organizations) The threat of insiders accessing customer data held within the cloud is greater as each of the delivery models can introduce the need for multiple internal users Threats Description External attacker threats: - Remote software attack of cloud infrastructure - Remote software attack of cloud applications - Remote hardware attack against the cloud - Remote software and hardware attack against cloud user organizations' endpoint software and hardware All types of cloud delivery model are affected by external attackers. Cloud providers with large data stores holding credit card details, personal information and sensitive government or intellectual property, will be subjected to attacks from groups. Data Leakage: - Failure of security access rights across multiple domains - Failure of electronic and physical transport systems for cloud data and backups A threat from widespread data leakage amongst many, potentially competitor organizations, using the same cloud provider could be caused by human error or faulty hardware that will lead to information compromise. Integrity Data segregation: - Incorrectly defined security perimeters - Incorrect configuration of virtual machines and hypervisors The integrity of data within complex cloud hosting environments such as SaaS configured to share computing resource amongst customers could provide a threat against data integrity if system resources are not effectively segregated. User access: - Poor identity and access management procedures Data quality: - Introduction of faulty application or infrastructure components Implementation of poor access control procedures creates many threat opportunities Threats Description Availability Change management: - Customer penetration testing impacting The threat of denial of service against available cloud computing resource is
Internal & External Attacks in cloud computing Environment from confidentiality, integrity …. DOI: 10.9790/0661-17259396 www.iosrjournals.org 95 | Page other cloud customers - Infrastructure changes upon cloud provider, customer and third party systems impacting cloud customers generally an external threat against public cloud services. The threat can impact all cloud service models as external and internal threat agents could introduce application or hardware components that cause a denial of service. Physical Denial of Service threat: - Network bandwidth distributed denial of service - Network DNS denial of service - Application and data denial of service the threat can impact all cloud service models as external and internal threat agents could introduce application or hardware components that cause a denial of service. Physical disruption: - Disruption of cloud provider IT services through physical access - Disruption of cloud customer IT services through physical access - Disruption to third party WAN providers services The threat of disruption to cloud services caused by physical access is different between large cloud service providers and their customers. These providers should be experienced in securing large data centre facilities and have considered resilience among other availability strategies. There is a threat that cloud user infrastructure can be physically disrupted more easily whether by insiders or externally where less secure office environments or remote working is standard practice Types of attackers Many of the security threats and challenges in cloud computing will be familiar to organizations managing in house infrastructure and those involved in traditional outsourcing models. Each of the cloud computing service delivery models’ threats result from the attackers that can be divided into two groups: Table (2): Type of Attackers Internal Attacks External Attacks Is employed by the cloud service provider, customer or other third party provider organization supporting the operation of a cloud service Is not employed by the cloud service provider, customer or other third party provider organization supporting the operation of a cloud service May have existing authorized access to cloud services, customer data or supporting infrastructure and applications, depending on their organizational role Has no authorized access to cloud services, customer data or supporting infrastructure and applications Uses existing privileges to gain further access or support third parties in executing attacks against the confidentiality, integrity and availability of information within the cloud service. Exploits technical, operational, process and social engineering vulnerabilities to attack a cloud service provider, customer or third party supporting organization to gain further access to propagate attacks against the confidentiality, integrity and availability of information within the cloud service II. Conclusion In any cloud service (infrastructure, software or platform) the end service provider or enterprise will control the access to the services. If these services are being hosted on the cloud, then the cloud provider also needs to protect their network from unauthorized accesses. However, since the cloud provider and the service provider or enterprise is legally different entities, they may in certain cases need to isolate their respective user information. Security efforts to assure confidentiality, integrity and availability can be divided into those oriented to prevention and those focused on detection.
Internal & External Attacks in cloud computing Environment from confidentiality, integrity …. DOI: 10.9790/0661-17259396 www.iosrjournals.org 96 | Page Reference [1]. Cloud Security Whitepaper , A Briefing on Cloud Security Challenges and Opportunities October 2013. [2]. International Journal of Security and Its Applications Vol. 6, No. 4, October, 2012. [3]. Security of Cloud Computing Providers Study. April 2011. [4]. Identifying Cloud Computing Security Risks February 2011 . [5]. Security Threats in Cloud Computing Environments1 October 2012. [6]. Cloud Security Alliance, “Top threats to cloud computing”, Cloud Security Alliance, March 2010. [7]. Information Security Briefing 01/2010 Cloud computing . [8]. [8] Secure Cloud Architecture ,Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013 [9]. [9] Analysis of Different Security Attacks in MANETs on Protocol Stack A-Review International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 8958, Volume-1, Issue-5, June 2012 [10]. [10] External Insider Threat: a Real Security Challenge in Enterprise Value Webs

Recommended

SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSSECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
Vertualisation
VertualisationVertualisation
VertualisationChkifa Khalid
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responsesshafzonly
 
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environmentsmlaij
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET Journal
 

Recommended

SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSSECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
Vertualisation
VertualisationVertualisation
VertualisationChkifa Khalid
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responsesshafzonly
 
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environmentsmlaij
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET Journal
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudcloudresearcher
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
Csathreats.v1.0
Csathreats.v1.0Csathreats.v1.0
Csathreats.v1.0vivek_kale27
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
OTechs Cloud computing security
OTechs Cloud computing securityOTechs Cloud computing security
OTechs Cloud computing securityOsman Suliman
 
IRJET- Security Concern: Analysis of Cloud Security Mechanism
IRJET- Security Concern: Analysis of Cloud Security MechanismIRJET- Security Concern: Analysis of Cloud Security Mechanism
IRJET- Security Concern: Analysis of Cloud Security MechanismIRJET Journal
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET Journal
 
SAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS CloudsSAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS CloudsEswar Publications
 
A study on security responsibilities and adoption in
A study on security responsibilities and adoption inA study on security responsibilities and adoption in
A study on security responsibilities and adoption ineSAT Publishing House
 
A study on security responsibilities and adoption in cloud
A study on security responsibilities and adoption in cloudA study on security responsibilities and adoption in cloud
A study on security responsibilities and adoption in cloudeSAT Journals
 
H1304034853
H1304034853H1304034853
H1304034853IOSR Journals
 
G017143640
G017143640G017143640
G017143640IOSR Journals
 
O01021101112
O01021101112O01021101112
O01021101112IOSR Journals
 
N010328691
N010328691N010328691
N010328691IOSR Journals
 
N0106198102
N0106198102N0106198102
N0106198102IOSR Journals
 

More Related Content

What's hot

Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudcloudresearcher
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...iaemedu
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
OTechs Cloud computing security
OTechs Cloud computing securityOTechs Cloud computing security
OTechs Cloud computing securityOsman Suliman
 
IRJET- Security Concern: Analysis of Cloud Security Mechanism
IRJET- Security Concern: Analysis of Cloud Security MechanismIRJET- Security Concern: Analysis of Cloud Security Mechanism
IRJET- Security Concern: Analysis of Cloud Security MechanismIRJET Journal
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET Journal
 
SAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS CloudsSAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS CloudsEswar Publications
 
A study on security responsibilities and adoption in
A study on security responsibilities and adoption inA study on security responsibilities and adoption in
A study on security responsibilities and adoption ineSAT Publishing House
 
A study on security responsibilities and adoption in cloud
A study on security responsibilities and adoption in cloudA study on security responsibilities and adoption in cloud
A study on security responsibilities and adoption in cloudeSAT Journals
 

What's hot (17)

Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud Application
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challenges
 
Csathreats.v1.0
Csathreats.v1.0Csathreats.v1.0
Csathreats.v1.0
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...Secure modelling schema of distributed information access management in cloud...
Secure modelling schema of distributed information access management in cloud...
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
OTechs Cloud computing security
OTechs Cloud computing securityOTechs Cloud computing security
OTechs Cloud computing security
 
IRJET- Security Concern: Analysis of Cloud Security Mechanism
IRJET- Security Concern: Analysis of Cloud Security MechanismIRJET- Security Concern: Analysis of Cloud Security Mechanism
IRJET- Security Concern: Analysis of Cloud Security Mechanism
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
 
SAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS CloudsSAFETY: A Framework for Secure IaaS Clouds
SAFETY: A Framework for Secure IaaS Clouds
 
A study on security responsibilities and adoption in
A study on security responsibilities and adoption inA study on security responsibilities and adoption in
A study on security responsibilities and adoption in
 
A study on security responsibilities and adoption in cloud
A study on security responsibilities and adoption in cloudA study on security responsibilities and adoption in cloud
A study on security responsibilities and adoption in cloud
 

Viewers also liked

Simulation of Signals with Field Signal Simulator
Simulation of Signals with Field Signal SimulatorSimulation of Signals with Field Signal Simulator
Simulation of Signals with Field Signal SimulatorIOSR Journals
 
“A Comparative Study on Balance and Flexibility between National Level Artist...
“A Comparative Study on Balance and Flexibility between National Level Artist...“A Comparative Study on Balance and Flexibility between National Level Artist...
“A Comparative Study on Balance and Flexibility between National Level Artist...IOSR Journals
 
Performance Analysis and Comparative Study of Cognitive Radio Spectrum Sensin...
Performance Analysis and Comparative Study of Cognitive Radio Spectrum Sensin...Performance Analysis and Comparative Study of Cognitive Radio Spectrum Sensin...
Performance Analysis and Comparative Study of Cognitive Radio Spectrum Sensin...IOSR Journals
 
Structural analysis of multiplate clutch
Structural analysis of multiplate clutchStructural analysis of multiplate clutch
Structural analysis of multiplate clutchIOSR Journals
 
Performance Evaluation of Basic Segmented Algorithms for Brain Tumor Detection
Performance Evaluation of Basic Segmented Algorithms for Brain Tumor DetectionPerformance Evaluation of Basic Segmented Algorithms for Brain Tumor Detection
Performance Evaluation of Basic Segmented Algorithms for Brain Tumor DetectionIOSR Journals
 

Viewers also liked (20)

H1304034853
H1304034853H1304034853
H1304034853
 
G017143640
G017143640G017143640
G017143640
 
O01021101112
O01021101112O01021101112
O01021101112
 
N010328691
N010328691N010328691
N010328691
 
N0106198102
N0106198102N0106198102
N0106198102
 
B012530710
B012530710B012530710
B012530710
 
J1302036468
J1302036468J1302036468
J1302036468
 
Simulation of Signals with Field Signal Simulator
Simulation of Signals with Field Signal SimulatorSimulation of Signals with Field Signal Simulator
Simulation of Signals with Field Signal Simulator
 
E012632429
E012632429E012632429
E012632429
 
“A Comparative Study on Balance and Flexibility between National Level Artist...
“A Comparative Study on Balance and Flexibility between National Level Artist...“A Comparative Study on Balance and Flexibility between National Level Artist...
“A Comparative Study on Balance and Flexibility between National Level Artist...
 
Performance Analysis and Comparative Study of Cognitive Radio Spectrum Sensin...
Performance Analysis and Comparative Study of Cognitive Radio Spectrum Sensin...Performance Analysis and Comparative Study of Cognitive Radio Spectrum Sensin...
Performance Analysis and Comparative Study of Cognitive Radio Spectrum Sensin...
 
J010234960
J010234960J010234960
J010234960
 
I010514852
I010514852I010514852
I010514852
 
O0124399103
O0124399103O0124399103
O0124399103
 
Structural analysis of multiplate clutch
Structural analysis of multiplate clutchStructural analysis of multiplate clutch
Structural analysis of multiplate clutch
 
E010424043
E010424043E010424043
E010424043
 
Performance Evaluation of Basic Segmented Algorithms for Brain Tumor Detection
Performance Evaluation of Basic Segmented Algorithms for Brain Tumor DetectionPerformance Evaluation of Basic Segmented Algorithms for Brain Tumor Detection
Performance Evaluation of Basic Segmented Algorithms for Brain Tumor Detection
 
B1303070716
B1303070716B1303070716
B1303070716
 
B013120712
B013120712B013120712
B013120712
 
O13030294101
O13030294101O13030294101
O13030294101
 

Similar to N017259396

Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingSeven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingMervat Bamiah
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloudkairostech
 
Is Cloud Computing Secure - Everything Need to Know.docx
Is Cloud Computing Secure - Everything Need to Know.docxIs Cloud Computing Secure - Everything Need to Know.docx
Is Cloud Computing Secure - Everything Need to Know.docxTiInfotech
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...Manimaran A
 
Security policy enforcement in cloud infrastructure
Security policy enforcement in cloud infrastructureSecurity policy enforcement in cloud infrastructure
Security policy enforcement in cloud infrastructurecsandit
 
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURESECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTUREcscpconf
 
Solutions of cloud computing security issues
Solutions of cloud computing security issuesSolutions of cloud computing security issues
Solutions of cloud computing security issuesJahangeer Qadiree
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderijaprr_editor
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 

Similar to N017259396 (20)

A017130104
A017130104A017130104
A017130104
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud ComputingSeven Deadly Threats and Vulnerabilities in Cloud Computing
Seven Deadly Threats and Vulnerabilities in Cloud Computing
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
 
Project 3
Project 3Project 3
Project 3
 
Is Cloud Computing Secure - Everything Need to Know.docx
Is Cloud Computing Secure - Everything Need to Know.docxIs Cloud Computing Secure - Everything Need to Know.docx
Is Cloud Computing Secure - Everything Need to Know.docx
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...
 
Cloud security
Cloud securityCloud security
Cloud security
 
Security policy enforcement in cloud infrastructure
Security policy enforcement in cloud infrastructureSecurity policy enforcement in cloud infrastructure
Security policy enforcement in cloud infrastructure
 
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURESECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE
 
Solutions of cloud computing security issues
Solutions of cloud computing security issuesSolutions of cloud computing security issues
Solutions of cloud computing security issues
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
 
SECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTINGSECURITY ISSUES IN CLOUD COMPUTING
SECURITY ISSUES IN CLOUD COMPUTING
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 

More from IOSR Journals

More from IOSR Journals (20)

A011140104
A011140104A011140104
A011140104
 
M0111397100
M0111397100M0111397100
M0111397100
 
L011138596
L011138596L011138596
L011138596
 
K011138084
K011138084K011138084
K011138084
 
J011137479
J011137479J011137479
J011137479
 
I011136673
I011136673I011136673
I011136673
 
G011134454
G011134454G011134454
G011134454
 
H011135565
H011135565H011135565
H011135565
 
F011134043
F011134043F011134043
F011134043
 
E011133639
E011133639E011133639
E011133639
 
D011132635
D011132635D011132635
D011132635
 
C011131925
C011131925C011131925
C011131925
 
B011130918
B011130918B011130918
B011130918
 
A011130108
A011130108A011130108
A011130108
 
I011125160
I011125160I011125160
I011125160
 
H011124050
H011124050H011124050
H011124050
 
G011123539
G011123539G011123539
G011123539
 
F011123134
F011123134F011123134
F011123134
 
E011122530
E011122530E011122530
E011122530
 
D011121524
D011121524D011121524
D011121524
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 

N017259396

  • 1. IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 2, Ver. V (Mar – Apr. 2015), PP 93-96 www.iosrjournals.org DOI: 10.9790/0661-17259396 www.iosrjournals.org 93 | Page Internal & External Attacks in cloud computing Environment from confidentiality, integrity and availability points of view 1 Tayseer TagElsir Ahmed Osman, 2 Dr. Amin babiker A/Nabi Mustafa Alneelian University Abstract: Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. General example of cloud services is Google apps, provided by Google and Microsoft SharePoint. The rapid growth in field of “cloud computing” also increases severe security concerns. This paper aims to identify security threats in cloud computing, which will enable both end users and vendors to know about the key security threats associated with cloud computing. I. Introduction: Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. Security has remained a constant issue for Open Systems and internet, when we are talking about security cloud really suffers. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud computing is surrounded by many security issues like securing data. This paper will presented type of threats that effect the cloud computer environment and what's the techniques use to prevent the security . Technical Components of Cloud Computing: key functions of a cloud management system is divided into four layers, respectively the Resources & Network Layer, Services Layer, Access Layer, and User Layer. Each layer includes a set of functions:  The Resources & Network Layer manages the physical and virtual resources.  The Services Layer includes the main categories of cloud services, namely, NaaS, IaaS, PaaS, SaaS/CaaS, the service orchestration function and the cloud operational function.  The Access Layer includes API termination function, and Inter-Cloud peering and federation function.  The User Layer includes End-user function, Partner function and Administration function. Security as a Service Security as a Service is more than an outsourcing model for security management; it is an essential component in secure business resiliency and continuity. A security focused provider offers greater security expertise than is typically available within an organization. Governance and Enterprise Risk Management A major element of governance will be the agreement between provider and customer (SLA).Risk management is the primary means of decision support for IT resources dedicated to delivering the confidentiality, integrity, and availability of information. Security Threats Originating Between the Customer and the Datacenter Virtual machines live their lives as disk images that are hosted on a hypervisor platform and are easily copied or transferred to other locations. This mobility is advantageous because it allows VMs to be transported to other physical machines via an image file that defines the virtual disk for that IDENTIFYING CLOUD COMPUTING SECURITY RISKS 69 . Unfortunately, the ability to move and copy VMs poses a security risk because the entire system, applications, and data can be stolen without physically stealing the machine “From a theft standpoint, VMs are easy to copy to a remote machine, or walk off with on a storage device” Threats for Cloud Service Users 1. Loss of Governance 2. Loss of Trust 3. Unsecure Cloud Service User Access 4. Lack of Information/Asset Management 5. Data loss and leakage
  • 2. Internal & External Attacks in cloud computing Environment from confidentiality, integrity …. DOI: 10.9790/0661-17259396 www.iosrjournals.org 94 | Page Threats for Cloud Service Providers 1. Evolutional Risks 2. Business Discontinuity 3. License Risks Software 4. Bad Integration 5. Unsecure Administration API 6. Shared Environment 7. Service Unavailability 8. Data Unreliability Cloud Threats The threats to information assets residing in the cloud can vary according to the cloud delivery models used by cloud user organizations. Cloud threats were categorized according to the Confidentiality, Integrity and Availability (CIA).Next table below cloud computing threats Table (1): Cloud Threats Threats Description Confidentiality Insider user threats: - Malicious cloud provider user - Malicious cloud customer user - Malicious third party user (supporting either the cloud provider or customer organizations) The threat of insiders accessing customer data held within the cloud is greater as each of the delivery models can introduce the need for multiple internal users Threats Description External attacker threats: - Remote software attack of cloud infrastructure - Remote software attack of cloud applications - Remote hardware attack against the cloud - Remote software and hardware attack against cloud user organizations' endpoint software and hardware All types of cloud delivery model are affected by external attackers. Cloud providers with large data stores holding credit card details, personal information and sensitive government or intellectual property, will be subjected to attacks from groups. Data Leakage: - Failure of security access rights across multiple domains - Failure of electronic and physical transport systems for cloud data and backups A threat from widespread data leakage amongst many, potentially competitor organizations, using the same cloud provider could be caused by human error or faulty hardware that will lead to information compromise. Integrity Data segregation: - Incorrectly defined security perimeters - Incorrect configuration of virtual machines and hypervisors The integrity of data within complex cloud hosting environments such as SaaS configured to share computing resource amongst customers could provide a threat against data integrity if system resources are not effectively segregated. User access: - Poor identity and access management procedures Data quality: - Introduction of faulty application or infrastructure components Implementation of poor access control procedures creates many threat opportunities Threats Description Availability Change management: - Customer penetration testing impacting The threat of denial of service against available cloud computing resource is
  • 3. Internal & External Attacks in cloud computing Environment from confidentiality, integrity …. DOI: 10.9790/0661-17259396 www.iosrjournals.org 95 | Page other cloud customers - Infrastructure changes upon cloud provider, customer and third party systems impacting cloud customers generally an external threat against public cloud services. The threat can impact all cloud service models as external and internal threat agents could introduce application or hardware components that cause a denial of service. Physical Denial of Service threat: - Network bandwidth distributed denial of service - Network DNS denial of service - Application and data denial of service the threat can impact all cloud service models as external and internal threat agents could introduce application or hardware components that cause a denial of service. Physical disruption: - Disruption of cloud provider IT services through physical access - Disruption of cloud customer IT services through physical access - Disruption to third party WAN providers services The threat of disruption to cloud services caused by physical access is different between large cloud service providers and their customers. These providers should be experienced in securing large data centre facilities and have considered resilience among other availability strategies. There is a threat that cloud user infrastructure can be physically disrupted more easily whether by insiders or externally where less secure office environments or remote working is standard practice Types of attackers Many of the security threats and challenges in cloud computing will be familiar to organizations managing in house infrastructure and those involved in traditional outsourcing models. Each of the cloud computing service delivery models’ threats result from the attackers that can be divided into two groups: Table (2): Type of Attackers Internal Attacks External Attacks Is employed by the cloud service provider, customer or other third party provider organization supporting the operation of a cloud service Is not employed by the cloud service provider, customer or other third party provider organization supporting the operation of a cloud service May have existing authorized access to cloud services, customer data or supporting infrastructure and applications, depending on their organizational role Has no authorized access to cloud services, customer data or supporting infrastructure and applications Uses existing privileges to gain further access or support third parties in executing attacks against the confidentiality, integrity and availability of information within the cloud service. Exploits technical, operational, process and social engineering vulnerabilities to attack a cloud service provider, customer or third party supporting organization to gain further access to propagate attacks against the confidentiality, integrity and availability of information within the cloud service II. Conclusion In any cloud service (infrastructure, software or platform) the end service provider or enterprise will control the access to the services. If these services are being hosted on the cloud, then the cloud provider also needs to protect their network from unauthorized accesses. However, since the cloud provider and the service provider or enterprise is legally different entities, they may in certain cases need to isolate their respective user information. Security efforts to assure confidentiality, integrity and availability can be divided into those oriented to prevention and those focused on detection.
  • 4. Internal & External Attacks in cloud computing Environment from confidentiality, integrity …. DOI: 10.9790/0661-17259396 www.iosrjournals.org 96 | Page Reference [1]. Cloud Security Whitepaper , A Briefing on Cloud Security Challenges and Opportunities October 2013. [2]. International Journal of Security and Its Applications Vol. 6, No. 4, October, 2012. [3]. Security of Cloud Computing Providers Study. April 2011. [4]. Identifying Cloud Computing Security Risks February 2011 . [5]. Security Threats in Cloud Computing Environments1 October 2012. [6]. Cloud Security Alliance, “Top threats to cloud computing”, Cloud Security Alliance, March 2010. [7]. Information Security Briefing 01/2010 Cloud computing . [8]. [8] Secure Cloud Architecture ,Advanced Computing: An International Journal ( ACIJ ), Vol.4, No.1, January 2013 [9]. [9] Analysis of Different Security Attacks in MANETs on Protocol Stack A-Review International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 8958, Volume-1, Issue-5, June 2012 [10]. [10] External Insider Threat: a Real Security Challenge in Enterprise Value Webs