SlideShare a Scribd company logo

A survey on the security of cloud computing

Download as PPTX, PDF
Lubna_Alhenaki
Lubna_Alhenaki

Description of A survey on the security of cloud computing (Scientific Paper) presented at ICCAIS 2019 in Riyadh

Technology
1 of 56
A SURVEY ON THE SECURITY OF CLOUD COMPUTING Intensive Study ofAttacks and Possible Threats at Different Layers of Cloud Computing Presented by: Lubna SulaimanAlHenaki Computer Science Department King Saud University Riyadh, SaudiArabia Lubna.henaki@gmail.com
8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 2 Outlines  Introduction  Cloud Computing Overview  Security in Cloud  Threats on Cloud Computing Environment and their Countermeasures.  Attacks on Cloud Computing Environment and their Countermeasures.  Conclusion
Introduction to Cloud Computing Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 3
8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 4 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion Introduction  Cloud Computing technology has been broadly utilized in many fields.  Cloud Computing add more convenience at several levels.  Cloud Computing security is an essential subdomain of computer security  The fact that cloud computing services are based on Internet connection makes them vulnerable to a variety of attacks and security threats.  Security of the provided services makes a primary concern to both the cloud users and the service providers.
Overview on Cloud Computing Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 5
Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 6 Cloud Computing (NIST) Definition  Cloud Computing is defined by NIST (National Institute of Standards and Technology) as: “A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 7 Architecture of Cloud Computing 1. Software-as-a-service (SaaS): This service allows the customers to utilize applications that are hosted in the cloud server and delivered to them over the internet. 2. Platform-as-a-service (PaaS): This layer allows developers to efficiently write and develop applications like SaaS. It makes an economic option for developers. 3. Infrastructure-as-a-service (IaaS): Provides fundamental infrastructure to the above layers. it provides services like networking hardware, servers, operating systems, storage Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion Cloud Service Models
Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 8 Deployment Model of Cloud Computing 1. Public Cloud Hardware and software resources are publicly shared among different users. 2. Private Cloud all the clouds systems and services are only accessible within the boundary of that organization
Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 9 Deployment Model of Cloud Computing 3. Hybrid Cloud Hybrid cloud is a combination of two or more clouds that have different types 4. Community Cloud Cloud services are usually intended for specific individuals or organizations who share the same Cloud requirements.
Security on Cloud Computing Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 10
Cloud Computing Security Requirements 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 11 SecurityRequirements Confidentiality Integrity Availability Accountability • The main objective of the CC system is to reduce the cost of the hardware and provides services for each client needs. • The CC system challenges scalability for both infrastructure and data platform. • In CC there is four main security requirements to ensure privacy and serve a secure cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Threats on Cloud Computing Environment and Countermeasures Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 12
Threats on Cloud Computing Environment Data loss. Data breaches. Malicious Insiders. Account, service and traffic hijacking. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 13
Data Loss  Losing the data can be occurred from various reasons.  Data can be lost due to applying operations by-mistake of deletion or alteration.  Natural causes are also considered, e.g. earthquakes, fires etc.  Sidekick smart phones suffered from this threat. In Cloud Computing, this threat affects the IaaS, PaaS, SaaS Cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 14
Data Loss Organizations should apply the following mitigation techniques to be protected against this type of threats:  Provide data storage and backup mechanisms.  Using proper encryption techniques. Legally indicating supplier support and maintenance techniques. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 15
Data Breaches  Data breach is the leakage of critical information to unauthorized parties, so that those malicious people would have access to the network and its sensitive data.  It occurs due to many causes such as incorrect authentication and authorization mechanisms, reviewing controls, undependable use of encryption keys and operating system failure.  Unfortunately, although data leakage is a critical threat to Cloud Computing, the solutions to mitigate it can cause other threats to be raised.  Sony PlayStation Network suffered from this threat. In Cloud Computing, this threat affects the IaaS, PaaS, SaaS Cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 16
Data Breaches Organizations should apply the following mitigation techniques to be protected against this type of threats: Analyze data at both design and runtime for protection.  Employing strong encryption key generation, storage, and management.  Indicating Cloud provider and ensuring the safety of their files and communications.  Implementing strong Application Programming Interfaces (API). Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 17
Malicious Insiders  The malicious insider threat raised from trusted people within the Cloud organization who have authorized access to the organization assets and items of value.  These people can apply unprivileged operations to cause harm to the organization’s assets.  The harm can be financial, technical failure or resources losing by applying what seems to be legal activities e.g. developing malicious firewalls.  It is a well-known fact that most security threats arise from the inside of an organization. In Cloud Computing, this threat affects the IaaS, PaaS, SaaS Cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 18
Malicious Insiders Organizations should apply the following mitigation techniques to be protected against this type of threats:  Apply human resource management as part of a legal agreement.  A compliance reporting system will help determine the security breach notification so that, appropriate action may be taken against a person who has committed a fraud.  Non-disclosure of the employees’ privileges and how they are monitored. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 19
Account, Service and Traffic Hijacking  Account or service hijacking happens if an attacker gains the login information of some account, which made the hacked account a launching base for the attacker.  In Cloud account hijacking, a malicious intruder can use the stolen credentials to hijack the Cloud services and then they can enter on other’s transactions, add incorrect information and divert users to illegal websites causing legal issues for Cloud service providers.  Amazon suffered from this threat. In Cloud Computing, this threat affects the IaaS, PaaS, SaaS Cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 20
Organizations should apply the following mitigation techniques to be protected against this type of threats:  Appropriate understanding of security policies and service level agreement.  Using a strong multi-factor authentication will form extra security check for the identification of users.  Strict and continuous monitoring to detect unauthorized activities.  Prevent sharing credentials among customers and services. Account, Service and Traffic Hijacking Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 21
Attacks on Cloud Computing Environment and Countermeasures Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 22
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 23 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 24 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Denial of Service (DoS) Attacks  Attacker sends a superfluous request and make the server down and overloaded.  Distributed DoS attack (DDoS) which is extended from DoS attacks that attacker use numerous network hosts to inflict more devastating effects to its victim.  European Network and Information Security Agency (ENISA) reported that Dropbox was attacked by DDoS attacks and suffered a substantial loss of service for more than 15 hours affecting all users. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 258/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Countermeasures of Denial of Service Attacks  Reduce the privileges of the user that connected to a server.  Using the filter-based approach.  Using the signature-based approach.  Using Intrusion Detection System (IDS)/Intrusion Prevention System (IPS). A SURVEY ON THE SECURITY OF CLOUD COMPUTING 268/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 27 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Authentication Attacks  The attackers target the mechanism and methods used by the user to authenticate the system.  The mechanism used for authentication is captured and attackers tries to access the confidential information. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 288/14/2019 Password: 94Gah4562834 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Countermeasures of Authentication Attacks  Using strong password policies.  Using a better authentication mechanism.  Using advanced authentication attacks such as One-Time Password (OTP).  Encrypt communication channels to secure authentication tokens. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 298/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 30 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Structured Query Language (SQL) Injection Attacks  SQL attack is used to steal user information from the web application by inserting malicious code to inject into the web application as a user input.  According to the Open Web Application Security Project (OWASP) which lists the SQL injection attack as the top 10 most critical web application security risks. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 318/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Countermeasures of SQL Injection Attacks A proper validation of input data can mitigate SQL Injection attack. Access Control permission on the database must be strictly defined. Avoid using dynamically generated SQL into the code. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 328/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 33 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 34 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Phishing Attacks  Hacker creates the same script as like the trusted cloud site to steal passwords and email from you.  Phishing attack applied by making the same page like cloud site page then registered a domain that is similar to your cloud provides like www.droppbox.com, then retrieve your personal information.  200 million of users in Facebook are targeted by the phishing attack. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 358/14/2019 Lubna Hi Lubna, We just need to verify your email address before you sign up Is complete! Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Countermeasures of Phishing Attacks Using secure web link Hypertext Transfer Protocol Secure(HTTPS). Identifying the spam emails. Don’t click on short Uniform Resource Locator (URL). Don’t click when someone force you to click. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 368/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 37 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Port Scanning Attacks  The attacker use open ports that belong to a connection to gain exact information about the working environment and running application processes. The attacker can seize information with the help of open ports like services that run on a system, IP and Medium Access Control (MAC) addresses. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 388/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Countermeasures of Port Scanning Attacks  Close all unused ports.  Remove all unnecessary services.  Filter out all unnecessary traffic.  Firewall. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 398/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 40 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Man in the Middle (MITM) Attacks An attacker splits connection and rejoins with the attackers own computer system. Man in the Middle Attacks happens if secure socket layer is not properly configured. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 418/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Countermeasures of Man in the Middle Attacks Using encryption and decryption algorithm. Required a proper Secure Socket Layer architecture. Using Intrusion Detection system. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 428/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 43 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Metadata Spoofing Attacks  Web Services Description Language (WSDL) stored the descriptions about service functionality and details. The attacker manipulates / re-engineers the metadata content of a web service so that the web service's intended operation is replaced by another operation. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 448/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Countermeasures of Metadata Spoofing Attacks A SURVEY ON THE SECURITY OF CLOUD COMPUTING 458/14/2019  Encrypted information about service functionality and other details.  Strong authentication should be required to access the file. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 46 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Side Channel Attacks  It occurs when an attacker places a malicious virtual machine on the same physical machine as the victim machine so that he can access all the confidential information on the victim's machine.  Placement and extraction are the main steps of side channel attacks. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 478/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Countermeasures of Side Channel Attacks A SURVEY ON THE SECURITY OF CLOUD COMPUTING 488/14/2019 Using virtual firewall. Using encryption and decryption. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 49 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Virtual Machines Rollback Attacks  The attacker takes advantage of VM from an old snapshot and run it without the user’s awareness. The attacker can get the password for VM through launches a brute-force attack. This attack can prevent by using suspend and resume. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 508/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 51 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Virtual Machines Escape Attacks  The attacker’s program running in a VM breaks the isolation layer.  This allows an attacker to interact directly with the hypervisor.  Therefore, VM Escape from the isolation is provided by the virtual layer.  As results, an attacker gets access to the host OS and the other VMs running on the physical machine. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 528/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Countermeasures of Virtual Machines Escape Attacks A SURVEY ON THE SECURITY OF CLOUD COMPUTING 538/14/2019  Using of secure hypervisor.  Configuring the host/guest interactions.  Monitor hypervisor activities.  VM Isolation is required. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
A SURVEY ON THE SECURITY OF CLOUD COMPUTING 548/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion Conclusion
Conclusion  Cloud Computing has witnessed significant advances and become widely adopted in different areas.  Security poses a major challenge to its widespread adoption.  We reviewed the significant attacks threatening the security of Cloud Computing.  Solutions and countermeasures are pointed out to serve as a reference for comparative analysis.  Understanding the various Cloud security issues and the means possible to overcome them.  Similar studies helps to mitigating the risk associated with the adoption of Cloud Computing technology. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 558/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
Thank You! A SURVEY ON THE SECURITY OF CLOUD COMPUTING 568/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion

Recommended

Security of Cloud Computing Survey
Security of Cloud Computing SurveySecurity of Cloud Computing Survey
Security of Cloud Computing Survey
Lubna_Alhenaki
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
Nicholas Davis
 
The Art of CyberSecurity in the Cloud
The Art of CyberSecurity in the CloudThe Art of CyberSecurity in the Cloud
The Art of CyberSecurity in the Cloud
Amazon Web Services
 
Review on Security Techniques using Cloud Computing
Review on Security Techniques using Cloud ComputingReview on Security Techniques using Cloud Computing
Review on Security Techniques using Cloud Computing
Editor IJCATR
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud Computing
INFOGAIN PUBLICATION
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2
Cohesive Networks
 
A brief review: security issues in cloud computing and their solutions
A brief review: security issues in cloud computing and their solutionsA brief review: security issues in cloud computing and their solutions
A brief review: security issues in cloud computing and their solutions
TELKOMNIKA JOURNAL
 
Rob kloots auditoutsourcedit
Rob kloots auditoutsourceditRob kloots auditoutsourcedit
Rob kloots auditoutsourcedit
Robert Kloots
 

Recommended

Security of Cloud Computing Survey
Security of Cloud Computing SurveySecurity of Cloud Computing Survey
Security of Cloud Computing Survey
Lubna_Alhenaki
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
Nicholas Davis
 
The Art of CyberSecurity in the Cloud
The Art of CyberSecurity in the CloudThe Art of CyberSecurity in the Cloud
The Art of CyberSecurity in the Cloud
Amazon Web Services
 
Review on Security Techniques using Cloud Computing
Review on Security Techniques using Cloud ComputingReview on Security Techniques using Cloud Computing
Review on Security Techniques using Cloud Computing
Editor IJCATR
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud Computing
INFOGAIN PUBLICATION
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2
Cohesive Networks
 
A brief review: security issues in cloud computing and their solutions
A brief review: security issues in cloud computing and their solutionsA brief review: security issues in cloud computing and their solutions
A brief review: security issues in cloud computing and their solutions
TELKOMNIKA JOURNAL
 
Rob kloots auditoutsourcedit
Rob kloots auditoutsourceditRob kloots auditoutsourcedit
Rob kloots auditoutsourcedit
Robert Kloots
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Arunvignesh Venkatesh
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
IJIR JOURNALS IJIRUSA
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructure
Ericsson
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
Stelios Krasadakis
 
Survey on Security in Cloud Hosted Service & Self Hosted Services
Survey on Security in Cloud Hosted Service & Self Hosted ServicesSurvey on Security in Cloud Hosted Service & Self Hosted Services
Survey on Security in Cloud Hosted Service & Self Hosted Services
ijtsrd
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
Iaetsd Iaetsd
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
ClubHack
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
Arun Gopinath
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
IBM India Smarter Computing
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
Vishal Sharma
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
csandit
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
Lakshmi Subramanian
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
Citrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guideCitrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guide
Alejandro Daricz
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET Journal
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
ijcnes
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust Issues
IJCSIS Research Publications
 

More Related Content

What's hot

Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Arunvignesh Venkatesh
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
IJIR JOURNALS IJIRUSA
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructure
Ericsson
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
Stelios Krasadakis
 
Survey on Security in Cloud Hosted Service & Self Hosted Services
Survey on Security in Cloud Hosted Service & Self Hosted ServicesSurvey on Security in Cloud Hosted Service & Self Hosted Services
Survey on Security in Cloud Hosted Service & Self Hosted Services
ijtsrd
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
Iaetsd Iaetsd
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
ClubHack
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
Arun Gopinath
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
IBM India Smarter Computing
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
Vishal Sharma
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
csandit
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
Lakshmi Subramanian
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
Citrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guideCitrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guide
Alejandro Daricz
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET Journal
 

What's hot (19)

Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructure
 
Cloud Computing Security Issues
Cloud Computing Security IssuesCloud Computing Security Issues
Cloud Computing Security Issues
 
Survey on Security in Cloud Hosted Service & Self Hosted Services
Survey on Security in Cloud Hosted Service & Self Hosted ServicesSurvey on Security in Cloud Hosted Service & Self Hosted Services
Survey on Security in Cloud Hosted Service & Self Hosted Services
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
 
Strategies for assessing cloud security
Strategies for assessing cloud securityStrategies for assessing cloud security
Strategies for assessing cloud security
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
 
Citrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guideCitrix cloud services_total_economic_benefits_assessment_guide
Citrix cloud services_total_economic_benefits_assessment_guide
 
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
IRJET- Authentication and Access Control for Cloud Computing Comparing Proble...
 

Similar to A survey on the security of cloud computing

MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
ijcnes
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust Issues
IJCSIS Research Publications
 
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...A Systematic Literature Review On Cloud Computing Security Threats And Mitig...
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...
Claire Webber
 
Maintaining Secure Cloud by Continuous Auditing
Maintaining Secure Cloud by Continuous AuditingMaintaining Secure Cloud by Continuous Auditing
Maintaining Secure Cloud by Continuous Auditing
ijtsrd
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET Journal
 
Cloud data security and various cryptographic algorithms
Cloud data security and various cryptographic algorithms Cloud data security and various cryptographic algorithms
Cloud data security and various cryptographic algorithms
IJECEIAES
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
Ankit Singh
 
Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture
IJECEIAES
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
United States Cybersecurity Institute (USCSI®)
 
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdfUNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
United States Cybersecurity Institute (USCSI®)
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
DataSpace Academy
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud Drain
Eswar Publications
 
Why Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business WorldWhy Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business World
Ciente
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET Journal
 
Cloud security v2
Cloud security v2Cloud security v2
Cloud security v2
Shahar Geiger Maor
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
ijaprr_editor
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
sadique_ghitm
 

Similar to A survey on the security of cloud computing (20)

MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust IssuesA Survey on Cloud Computing Security – Challenges and Trust Issues
A Survey on Cloud Computing Security – Challenges and Trust Issues
 
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...A Systematic Literature Review On Cloud Computing Security Threats And Mitig...
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...
 
Maintaining Secure Cloud by Continuous Auditing
Maintaining Secure Cloud by Continuous AuditingMaintaining Secure Cloud by Continuous Auditing
Maintaining Secure Cloud by Continuous Auditing
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud StorehouseIRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
 
Cloud data security and various cryptographic algorithms
Cloud data security and various cryptographic algorithms Cloud data security and various cryptographic algorithms
Cloud data security and various cryptographic algorithms
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
 
Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture Review on Security Aspects for Cloud Architecture
Review on Security Aspects for Cloud Architecture
 
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...
 
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdfUNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
 
Securing Cloud from Cloud Drain
Securing Cloud from Cloud DrainSecuring Cloud from Cloud Drain
Securing Cloud from Cloud Drain
 
Why Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business WorldWhy Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business World
 
Cloud computing understanding security risk and management
Cloud computing understanding security risk and managementCloud computing understanding security risk and management
Cloud computing understanding security risk and management
 
IRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital ForensicIRJET- A Survey on SaaS-Attacks and Digital Forensic
IRJET- A Survey on SaaS-Attacks and Digital Forensic
 
Cloud security v2
Cloud security v2Cloud security v2
Cloud security v2
 
Ijaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinderIjaprr vol1-1-1-5dr tejinder
Ijaprr vol1-1-1-5dr tejinder
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
 
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
Handling of Incident, Challenges, Risks, Vulnerability and Implementing Detec...
 

Recently uploaded

“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 

Recently uploaded (20)

“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 

A survey on the security of cloud computing

  • 1. A SURVEY ON THE SECURITY OF CLOUD COMPUTING Intensive Study ofAttacks and Possible Threats at Different Layers of Cloud Computing Presented by: Lubna SulaimanAlHenaki Computer Science Department King Saud University Riyadh, SaudiArabia Lubna.henaki@gmail.com
  • 2. 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 2 Outlines  Introduction  Cloud Computing Overview  Security in Cloud  Threats on Cloud Computing Environment and their Countermeasures.  Attacks on Cloud Computing Environment and their Countermeasures.  Conclusion
  • 3. Introduction to Cloud Computing Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 3
  • 4. 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 4 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion Introduction  Cloud Computing technology has been broadly utilized in many fields.  Cloud Computing add more convenience at several levels.  Cloud Computing security is an essential subdomain of computer security  The fact that cloud computing services are based on Internet connection makes them vulnerable to a variety of attacks and security threats.  Security of the provided services makes a primary concern to both the cloud users and the service providers.
  • 5. Overview on Cloud Computing Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 5
  • 6. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 6 Cloud Computing (NIST) Definition  Cloud Computing is defined by NIST (National Institute of Standards and Technology) as: “A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
  • 7. 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 7 Architecture of Cloud Computing 1. Software-as-a-service (SaaS): This service allows the customers to utilize applications that are hosted in the cloud server and delivered to them over the internet. 2. Platform-as-a-service (PaaS): This layer allows developers to efficiently write and develop applications like SaaS. It makes an economic option for developers. 3. Infrastructure-as-a-service (IaaS): Provides fundamental infrastructure to the above layers. it provides services like networking hardware, servers, operating systems, storage Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion Cloud Service Models
  • 8. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 8 Deployment Model of Cloud Computing 1. Public Cloud Hardware and software resources are publicly shared among different users. 2. Private Cloud all the clouds systems and services are only accessible within the boundary of that organization
  • 9. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 9 Deployment Model of Cloud Computing 3. Hybrid Cloud Hybrid cloud is a combination of two or more clouds that have different types 4. Community Cloud Cloud services are usually intended for specific individuals or organizations who share the same Cloud requirements.
  • 10. Security on Cloud Computing Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 10
  • 11. Cloud Computing Security Requirements 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 11 SecurityRequirements Confidentiality Integrity Availability Accountability • The main objective of the CC system is to reduce the cost of the hardware and provides services for each client needs. • The CC system challenges scalability for both infrastructure and data platform. • In CC there is four main security requirements to ensure privacy and serve a secure cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 12. Threats on Cloud Computing Environment and Countermeasures Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 12
  • 13. Threats on Cloud Computing Environment Data loss. Data breaches. Malicious Insiders. Account, service and traffic hijacking. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 13
  • 14. Data Loss  Losing the data can be occurred from various reasons.  Data can be lost due to applying operations by-mistake of deletion or alteration.  Natural causes are also considered, e.g. earthquakes, fires etc.  Sidekick smart phones suffered from this threat. In Cloud Computing, this threat affects the IaaS, PaaS, SaaS Cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 14
  • 15. Data Loss Organizations should apply the following mitigation techniques to be protected against this type of threats:  Provide data storage and backup mechanisms.  Using proper encryption techniques. Legally indicating supplier support and maintenance techniques. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 15
  • 16. Data Breaches  Data breach is the leakage of critical information to unauthorized parties, so that those malicious people would have access to the network and its sensitive data.  It occurs due to many causes such as incorrect authentication and authorization mechanisms, reviewing controls, undependable use of encryption keys and operating system failure.  Unfortunately, although data leakage is a critical threat to Cloud Computing, the solutions to mitigate it can cause other threats to be raised.  Sony PlayStation Network suffered from this threat. In Cloud Computing, this threat affects the IaaS, PaaS, SaaS Cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 16
  • 17. Data Breaches Organizations should apply the following mitigation techniques to be protected against this type of threats: Analyze data at both design and runtime for protection.  Employing strong encryption key generation, storage, and management.  Indicating Cloud provider and ensuring the safety of their files and communications.  Implementing strong Application Programming Interfaces (API). Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 17
  • 18. Malicious Insiders  The malicious insider threat raised from trusted people within the Cloud organization who have authorized access to the organization assets and items of value.  These people can apply unprivileged operations to cause harm to the organization’s assets.  The harm can be financial, technical failure or resources losing by applying what seems to be legal activities e.g. developing malicious firewalls.  It is a well-known fact that most security threats arise from the inside of an organization. In Cloud Computing, this threat affects the IaaS, PaaS, SaaS Cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 18
  • 19. Malicious Insiders Organizations should apply the following mitigation techniques to be protected against this type of threats:  Apply human resource management as part of a legal agreement.  A compliance reporting system will help determine the security breach notification so that, appropriate action may be taken against a person who has committed a fraud.  Non-disclosure of the employees’ privileges and how they are monitored. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 19
  • 20. Account, Service and Traffic Hijacking  Account or service hijacking happens if an attacker gains the login information of some account, which made the hacked account a launching base for the attacker.  In Cloud account hijacking, a malicious intruder can use the stolen credentials to hijack the Cloud services and then they can enter on other’s transactions, add incorrect information and divert users to illegal websites causing legal issues for Cloud service providers.  Amazon suffered from this threat. In Cloud Computing, this threat affects the IaaS, PaaS, SaaS Cloud services. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 20
  • 21. Organizations should apply the following mitigation techniques to be protected against this type of threats:  Appropriate understanding of security policies and service level agreement.  Using a strong multi-factor authentication will form extra security check for the identification of users.  Strict and continuous monitoring to detect unauthorized activities.  Prevent sharing credentials among customers and services. Account, Service and Traffic Hijacking Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 21
  • 22. Attacks on Cloud Computing Environment and Countermeasures Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 22
  • 23. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 23 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 24. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 24 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 25. Denial of Service (DoS) Attacks  Attacker sends a superfluous request and make the server down and overloaded.  Distributed DoS attack (DDoS) which is extended from DoS attacks that attacker use numerous network hosts to inflict more devastating effects to its victim.  European Network and Information Security Agency (ENISA) reported that Dropbox was attacked by DDoS attacks and suffered a substantial loss of service for more than 15 hours affecting all users. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 258/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 26. Countermeasures of Denial of Service Attacks  Reduce the privileges of the user that connected to a server.  Using the filter-based approach.  Using the signature-based approach.  Using Intrusion Detection System (IDS)/Intrusion Prevention System (IPS). A SURVEY ON THE SECURITY OF CLOUD COMPUTING 268/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 27. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 27 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 28. Authentication Attacks  The attackers target the mechanism and methods used by the user to authenticate the system.  The mechanism used for authentication is captured and attackers tries to access the confidential information. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 288/14/2019 Password: 94Gah4562834 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 29. Countermeasures of Authentication Attacks  Using strong password policies.  Using a better authentication mechanism.  Using advanced authentication attacks such as One-Time Password (OTP).  Encrypt communication channels to secure authentication tokens. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 298/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 30. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 30 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 31. Structured Query Language (SQL) Injection Attacks  SQL attack is used to steal user information from the web application by inserting malicious code to inject into the web application as a user input.  According to the Open Web Application Security Project (OWASP) which lists the SQL injection attack as the top 10 most critical web application security risks. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 318/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 32. Countermeasures of SQL Injection Attacks A proper validation of input data can mitigate SQL Injection attack. Access Control permission on the database must be strictly defined. Avoid using dynamically generated SQL into the code. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 328/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 33. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 33 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 34. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 34 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 35. Phishing Attacks  Hacker creates the same script as like the trusted cloud site to steal passwords and email from you.  Phishing attack applied by making the same page like cloud site page then registered a domain that is similar to your cloud provides like www.droppbox.com, then retrieve your personal information.  200 million of users in Facebook are targeted by the phishing attack. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 358/14/2019 Lubna Hi Lubna, We just need to verify your email address before you sign up Is complete! Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 36. Countermeasures of Phishing Attacks Using secure web link Hypertext Transfer Protocol Secure(HTTPS). Identifying the spam emails. Don’t click on short Uniform Resource Locator (URL). Don’t click when someone force you to click. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 368/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 37. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 37 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 38. Port Scanning Attacks  The attacker use open ports that belong to a connection to gain exact information about the working environment and running application processes. The attacker can seize information with the help of open ports like services that run on a system, IP and Medium Access Control (MAC) addresses. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 388/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 39. Countermeasures of Port Scanning Attacks  Close all unused ports.  Remove all unnecessary services.  Filter out all unnecessary traffic.  Firewall. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 398/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 40. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 40 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 41. Man in the Middle (MITM) Attacks An attacker splits connection and rejoins with the attackers own computer system. Man in the Middle Attacks happens if secure socket layer is not properly configured. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 418/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 42. Countermeasures of Man in the Middle Attacks Using encryption and decryption algorithm. Required a proper Secure Socket Layer architecture. Using Intrusion Detection system. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 428/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 43. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 43 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 44. Metadata Spoofing Attacks  Web Services Description Language (WSDL) stored the descriptions about service functionality and details. The attacker manipulates / re-engineers the metadata content of a web service so that the web service's intended operation is replaced by another operation. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 448/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 45. Countermeasures of Metadata Spoofing Attacks A SURVEY ON THE SECURITY OF CLOUD COMPUTING 458/14/2019  Encrypted information about service functionality and other details.  Strong authentication should be required to access the file. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 46. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 46 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 47. Side Channel Attacks  It occurs when an attacker places a malicious virtual machine on the same physical machine as the victim machine so that he can access all the confidential information on the victim's machine.  Placement and extraction are the main steps of side channel attacks. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 478/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 48. Countermeasures of Side Channel Attacks A SURVEY ON THE SECURITY OF CLOUD COMPUTING 488/14/2019 Using virtual firewall. Using encryption and decryption. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 49. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 49 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 50. Virtual Machines Rollback Attacks  The attacker takes advantage of VM from an old snapshot and run it without the user’s awareness. The attacker can get the password for VM through launches a brute-force attack. This attack can prevent by using suspend and resume. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 508/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 51. Attacks in a Cloud Computing Environment and Countermeasures 8/14/2019 A SURVEY ON THE SECURITY OF CLOUD COMPUTING 51 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 52. Virtual Machines Escape Attacks  The attacker’s program running in a VM breaks the isolation layer.  This allows an attacker to interact directly with the hypervisor.  Therefore, VM Escape from the isolation is provided by the virtual layer.  As results, an attacker gets access to the host OS and the other VMs running on the physical machine. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 528/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 53. Countermeasures of Virtual Machines Escape Attacks A SURVEY ON THE SECURITY OF CLOUD COMPUTING 538/14/2019  Using of secure hypervisor.  Configuring the host/guest interactions.  Monitor hypervisor activities.  VM Isolation is required. Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 54. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 548/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion Conclusion
  • 55. Conclusion  Cloud Computing has witnessed significant advances and become widely adopted in different areas.  Security poses a major challenge to its widespread adoption.  We reviewed the significant attacks threatening the security of Cloud Computing.  Solutions and countermeasures are pointed out to serve as a reference for comparative analysis.  Understanding the various Cloud security issues and the means possible to overcome them.  Similar studies helps to mitigating the risk associated with the adoption of Cloud Computing technology. A SURVEY ON THE SECURITY OF CLOUD COMPUTING 558/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion
  • 56. Thank You! A SURVEY ON THE SECURITY OF CLOUD COMPUTING 568/14/2019 Introduction Overview on CC CC Security CC Threats CC Attacks Conclusion