文章基本信息

标题：How Secure is Your Cloud: Classification of Security Threats and Countermeasures within Cloud Computing
本地全文：下载
作者：Atif Saeed ; Muhmmad Shahid ; Mohammed A. Alghamdi 等
期刊名称：International Journal of Computer Science and Network Security
印刷版ISSN：1738-7906
出版年度：2020
卷号：20
期号：5
页码：22-43
出版社：International Journal of Computer Science and Network Security
摘要：Cloud computing is a contemporary cost-effective model in which the computing resources are dynamically scaled-up and scaled-down to customers, hosted within large- scale multi-tenant systems. These motivations can attract orga- nizations to shift their sensitive data and critical infrastructure on cloud environments. But the cloud environments are facing a large number of challenges of misconfigurations, cyber-attacks, root-kits, malware instances etc which manifest themselves as a serious threat to cloud environments. These threats noticeably decline the general trustworthiness, reliability and accessibility of the cloud. Security is the primary concern of a cloud service model. However, a number of significant challenges revealed that cloud environments are not as much secure as one could expect. cloud providers have implemented different security perimeters to mitigate these attacks but these strategies are not impenetrable. A myriad of previous studies have demon- strated how cloud environment could be vulnerable to attacks through shared file systems, cache side-channels, or through compromising of hypervisor layer using rootkits. Thus, the threat of attacks is still possible because an attacker uses one VM to control or access other VMs on the same hypervisor. This paper presents the classification of security attacks across different cloud services. It also indicates attack types and risk levels associated with different cloud services. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services.
关键词：Cloud Computing; Cross-VM attacks; Countermeasures; Virtual Machine; Virtualization.