Skip to main content
SpringerLink
Log in
SpringerLink
Log in

A Survey of Traditional and Cloud Specific Security Issues

  • Conference paper
Security in Computing and Communications (SSCC 2013)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 377))

Included in the following conference series:

Abstract

The emerging technology popularly referred to as Cloud computing offers dynamically scalable computing resources on a pay per use basis over the Internet. Companies avail hardware and software resources as service from the cloud service provider as opposed to obtaining physical assets. Cloud computing has the potential for significant cost reduction and increased operating efficiency in computing. To achieve these benefits, however, there are still some challenges to be solved. Security is one of the prime concerns in adopting Cloud computing, since the user’s data has to be released from the protection sphere of the data owner to the premises of cloud service provider. As more Cloud based applications keep evolving, the associated security threats are also growing. In this paper an attempt has been made to identify and categorize the security threats applicable to Cloud environment. Threats are classified into Cloud specific security issues and traditional security attacks on various service delivery models of Cloud. The work also briefly discusses the virtualization and authentication related issues in Cloud and tries to consolidate the various security threats in a classified manner.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Buyya, R., Broberg, J., Goscinski, A.: Cloud Computing: Principles and Paradigms. Wiley, Hoboken (2011)

    Book  Google Scholar 

  2. Kahiyamo, T.: Cloud Computing Security: How Risks and Threats are Affecting Cloud Adopting Decisions. MBA Thesis (2012)

    Google Scholar 

  3. Takabi, H., Joshi, J.B.D., Ahn, G.: SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments. In: Proc. IEEE 34th Annual Computer Software and Application Conference Workshops, July 19-23, pp. 393–398 (2010)

    Google Scholar 

  4. http://csrc.nist.gov/groups/SNA/Cloud-computing-cloud-def-v15.doc (accessed on: December 27, 2012)

  5. Jensen, M., Schwenk, J., Gruscka, N., Iacono, L.L.: On Technical Security Issues in Cloud Computing. In: Proc. IEEE International Conference on Cloud Computing, September 21-25, pp. 109–116 (2009)

    Google Scholar 

  6. Lv, H., Hu, Y.: Analysis and Research About Cloud Computing Security Protect Policy. In: Proc. IEEE Int. Conference on Intelligence Science and Information Engineering, August 20-21, pp. 214–216 (2011)

    Google Scholar 

  7. Bakshi, A., Yogesh, B.: Securing Cloud from DDOS Attacks Using Intrusion Detection System in VM. In: Proc. IEEE Second Int. Conference on Communication Software and Networks, February 26-28, pp. 260–264 (2010)

    Google Scholar 

  8. Kilari, N., Sridaran, R.: A Survey on Security Threats for Cloud Computing. Int. Journal of Engineering Research and Technology 1(7) (September 2012)

    Google Scholar 

  9. Ramgovind, S., Eloff, M.M., Smith, E.: The Management of Security in Cloud Computing. In: Proc. IEEE Conference Information Security for South Africa, August 2-4, pp. 1–7 (2010)

    Google Scholar 

  10. Chauhan, N.S., Saxena, A.: Energy Analysis of Security for Cloud Application. In: Proc. Annual IEEE India Conference, pp. 1–6 (December 2011)

    Google Scholar 

  11. Liu, W.: Research on Cloud Computing Security Problem and Strategy. In: Proc. IEEE 2nd Int. Conference on Consumer Electronics, Communications and Networks, April 21-23, pp. 1216–1219 (2012)

    Google Scholar 

  12. Yu, X., Wen, Q.: A View About Cloud Data Security from Data Life Cycle. In: Proc. IEEE Intl. Conference on Computational Intelligence and Software Engineering, December 10-12, pp. 1–4 (2010)

    Google Scholar 

  13. Kantarcioglu, M., Bensoussan, A., Ru, S.: Impact of Security Risks on Cloud Computing Adoption. In: Proc. IEEE 49th Annual Allerton Conference on Communication, Control and Computing, September 28-30, pp. 670–674 (2011)

    Google Scholar 

  14. Hsin-Yi, T., Siebenhaar, M., Miede, A., Yulun, H., Steinmetz, R.: Threat as a Service? The Impact of Virtualization on Cloud Security. IT Professional 14(1), 32–37 (2011)

    Google Scholar 

  15. Subashini, S., Kavitha, V.: A Survey on Security Issues in Service Delivery Models of Cloud Computing. Journal of Network and Computer Applications 34(1), 1–11 (2011)

    Article  Google Scholar 

  16. Bhadauria, R., Sanyal, S.: Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques. International Journal of Computer Applications, 47–66 (June 2012)

    Google Scholar 

  17. Halpert, B.: Auditing Cloud Computing: A Security and Privacy Guide. John Wiley & Sons, Inc., Hoboken (2011)

    Book  Google Scholar 

  18. Zhang, Y., Juels, A., Opera, A., Reiter, M.K.: HomeAlone: Co-Residency Detection in the Cloud Via side-Channel Analysis. In: Proc. IEEE Symposium on Security and Privacy, May 22-25, pp. 313–328 (2011)

    Google Scholar 

  19. Carlson, C.: Side-Channel Attacks Threaten Data in the Cloud (May 30, 2012), http://www.fiercecio.com/storey/side-channel-attacks-threaten-data-cloud/2012-05-30 (accessed on : January 25, 2013)

  20. Krutz, R.L., Vine, R.D.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley Publishing, Inc., Indianapolis (2010)

    Google Scholar 

  21. Chen, Y., Pascon, V., Katz, R.H.: “What’s New about Cloud Computing Security?” Technical Report (January 2010), http://www.eecs.berkeley.edu/pubs/Techrpts/2010/EECS.2020-5.pdf (accessed on : January 25, 2013)

  22. Zetter, K.: FBI defends Disruptive Raid on Texas data Centers. (April 2009), http://www.wired.com/threatlevel/2009/04/data-centers-ra/ (accessed on: February 4, 2013)

  23. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing. Communications of ACM 53(4), 50–58 (2010)

    Article  Google Scholar 

  24. Carlin, S., Curran, K.: Cloud Computing security. International Journal of Ambient Computing and Intelligence 3, 14–19 (2011)

    Article  Google Scholar 

  25. Swinson, M.: Data Security and privacy Issues in Cloud Computing. (March 2012), http://WWW.mallesons.com/publications/marketAlerts/2012/information-technologyupdate-march-2012/pages/Data-Security-and-Privacy-Issues-in-Cloud-Computingaspx (accessed on: February 18, 2013)

  26. SSL/TLS deployment best practices. Version 1.0/; Ivan Ristic, Qualys SSL Labs (February 24, 2012), https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf (accessed on : March 22, 2013)

  27. Rane, P.: Enterprise Applications in the Cloud: A SaaS Security Perspective (September 2010), http://esj.com/Articles/2010/02/09/Cloud-saas-security.aspx?page=2&p=1 (accessed on : March 22, 2013)

  28. Kevin, G.: Software As A Service Security Facts You Should Consider (January 29, 2013), http://SaaSaddict.walkme.com/software-as-a-service-security-facts-you-should-consider/ (accessed on : March 22, 2013)

  29. Microsoft White Paper, MS Strategy for Lightweight Directory Access Protocol (2010) http://technet:microsoft.com/en-us/library/cc750824.aspx (accessed on: December 10, 2012)

    Google Scholar 

  30. Jasti, A., Shah, P., Nagaraj, R., Pendse, R.: Security in Multitenancy. In: Proc. IEEE Int. Carnahan Conference on Security Technology, October 5-8, pp. 35–41 (2010)

    Google Scholar 

  31. Owens, K.: Securing Virtual Compute Infrastructure in the Cloud. Hos-white-paper-securing virtual-computer-infrastructure in the cloud.pdf

    Google Scholar 

  32. Sabahi, F.: Virtualization-level Security in Cloud computing. In: Proc. IEEE Third Int. Conference on Communication Software and Networks, May 27-29, pp. 250–254 (2011)

    Google Scholar 

  33. Gul, I., Rehman, A., Islam, M.H.: Cloud Computing Security Auditing. In: Proc. IEEE the 2nd Int. Conference on Next Generation Information Technology, June 21-23, pp. 143–148 (2011)

    Google Scholar 

  34. Joshi, B., Vijayan, A.S., Joshi, B.K.: Securing Cloud Computing Environment Against DDOS Attacks. In: IEEE Int. Conference on Computer Communication and Information, January 10-12, pp. 1–5 (2012)

    Google Scholar 

  35. Rumor: Amazon Hit with Denial-of-Service-Attack, Again (June 6, 2008), http://www.appscout.com/2008/rumor-amazon-hit-with-denialof.php (accessed on: December 2, 2012)

  36. Tupakula, U., Varadarajan, V.: TVDSEC: Trusted Virtual Domain Security. In: Proc. IEEE 4th Intl. Conference on Utility and Cloud Computing, December 5-8, pp. 57–63 (2011)

    Google Scholar 

  37. Trend Micro, “Making Virtual Machines Cloud-Ready,” A Trend Micro White paper (2009), http://www.WhiteStratus.con/docs/making-vms-cloudready.pdf (accessed on: December 2, 2012)

  38. Lin, Z.: Virtualization Security for Cloud Computing Service. In: Proc. IEEE Intl. Conference on Cloud and Service Computing, December 12-14, pp. 174–178 (2011)

    Google Scholar 

  39. Decarlo, A.L.: Myth Vs. Reality: Controlling VM Sprawl in the Cloud (January 2012), http://searchcloudprovider.techtarget.com/tip/Myth-vs-reality-Controlling-VM-sprawl-in-the-cloud (accessed on: March 22, 2013)

  40. Forrester Inc., Press Release “Top Corporate Software Priority is Modernizing Legacy Applications” (June 8, 2009), http://www.imakenews.com/avnet_bio/e_article001459482.cfm?x=bfQ4d5j,b817d1c4,w (accessed on: March 15, 2013)

  41. Sandikkaya, M.T., Harmanci, A.E.: Security Problems of Platform as a Service. In: 31st International Symposium on Reliable Distributed Systems (2012)

    Google Scholar 

  42. Takabi, H., Joshi, J.B.D., Ahn, G.: Security and Privacy Challenges in Cloud Computing Environments. IEEE Security Privacy 8(6), 24–31 (2010)

    Article  Google Scholar 

  43. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You Get Off My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In: Proc. of 16th ACM Conference on Computer and Communication Security, November 9-13, pp. 199–212 (2009)

    Google Scholar 

  44. Saltzer, J.H., Schroeder, M.D.: The Protection of information in Computer Systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  45. Rfc 3820: Internet X.509 Public Key Infrastructure, http://ietf.org/html/rfc3820

  46. Lamport, L., Shostak, R., Pease, M.: The byzantine General Problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)

    Article  MATH  Google Scholar 

  47. Grobauer, B., Walloschk, T., Stocker, E.: Understanding Cloud Computing Vulnerabilities. IEEE Trans. Security & Privacy 9(2), 50–57 (2011)

    Article  Google Scholar 

  48. Sample, C.: Cloud Computing Security: Routing and DNS Security threats (June 2009), http://www.searchsecurity.techtarget.com/tip/DNS-attacks-compromising-DNS-in-the-cloud (accessed on: March 15, 2013)

  49. Meena, B., Challa, K.A.: Cloud Computing Security Issues with Possible Solutions. Int, Journal of Computer Science and Technology 2(1) (January-March 2012)

    Google Scholar 

  50. Andree, Y.: Implications of SalesForce Phishing Incident (November 2007), http://www.ebizq.net/blogs/security_insider/2007/11/implications_of_salesforce_phi.php (accessed on: March 22, 2013)

  51. Prince, B.: Spam Campaign Caused by Stolen Drop box Employee Password (August 2010), http://www.eweek.com/c/a/Security/Spam-Campaign-Caused-by-Stolen-Dropbox-Employee-Password-344694/ (accessed on: March 15, 2013)

Download references

Author information

Authors and Affiliations

  1. Christ University, Bangalore, India

    Sumitra Binu

  2. Electronic-City, C-DAC, Bangalore, India

    Mohammed Misbahuddin

Authors
  1. Sumitra Binu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed Misbahuddin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  2. Department of Applied Computer Science, The University of Winnipeg, 515 Portage Avenue, R3B 2E9, Winnipeg, MB, Canada

    Pradeep K. Atrey

  3. Electrical and Computer Science Engineering Building, National Sun Yat-sen University, Kaohsiung, Taiwan R.O.C.

    Chun-I Fan

  4. Facultad de Informatica, Campus de Espinardo, s/n, 30.100, Murcia, Spain

    Gregorio Martinez Perez

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Binu, S., Misbahuddin, M. (2013). A Survey of Traditional and Cloud Specific Security Issues. In: Thampi, S.M., Atrey, P.K., Fan, CI., Perez, G.M. (eds) Security in Computing and Communications. SSCC 2013. Communications in Computer and Information Science, vol 377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40576-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40576-1_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40575-4

  • Online ISBN: 978-3-642-40576-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation