Академический Документы
Профессиональный Документы
Культура Документы
Volume 4 Issue 2
Abstract
We brief about cloud computing attacks and counter measures. Also we
explain how cloud security differs than On-Premise Security. Cloud attack
implications, attack category have been depicted. Openstack role in
addressing cloud attack is also been discussed.
consumers can access these services over and reported to the users providing
the Internet using standard protocols such transparency for both the provider and
HTTP and HTTPS from their computer or consumer of the utilized
mobile device. With resource pooling,
provider resources are pooled to serve HOW CLOUD SECURITY DIFFERS
multiple customers and this uses a multi- THAN ON-PREMISE SECURITY?
tenant model. In this model, the provider's Due to complete almost complete
physical and virtual resources are virtualization in cloud, it is possible to
dynamically assigned and then reassigned access anything through console.
according to consumer demand. For Understanding the access control of cloud
example, when a consumer needs CPU services or platforms plays very important
time to run a workload, the provider will role in securing everything from console
create a virtual machine and assign to his perspective.
tenancy and when he no longer needs that
CPU time it is reassigned to another tenant Ensuring the non-exposure of sensitive
based on demand. data to the public is another big challenge.
Cloud provides an option to build private
With elasticity, services can be an network suitable to process most sensitive
elastically provisioned and released, in data. Confidentiality of these data is purely
many cases automatically, enabling a based on security controls which are
consumer to scale their workloads rapidly, different than on-premise security control.
outward and inward, proportional with Network administrator need monitor IP
demand. To give you an example, Amazon space allocated to their cloud through
Web Services (AWS), the leading public vulnerability scanners.
cloud, has a feature called auto-scaling this
enables a consumer to automatically Organizations need to share the security
increase the number of Amazon EC2 responsibilities with cloud provider. For
instances during demand spikes, to on-premise enterprise there will be end-to
maintain application performance and to end security, controlled 100% by security
reduce costs, based on certain conditions team.
they define such as CPU and Memory
utilization. With measured service, No automation in on-premise security
resource usage is monitored, controlled tools like web application firewall, next
generation firewalls etc. These are all data scavenging and data de-duplication.
almost disconnected. It is because these Application based attacks are malware
on-premise tools are not interconnected injection and steganography attacks,
through APIs and hence little or no shared architectures, web services and
automation. It is always accountable for protocol based attacks.
the data in the cloud. In the context of
cloud, accountability is a set of approaches As per the authors John J. and Norman J.,
to addresses two key problems: lack of cloud security Alliance has identified data
consumer trust in cloud service providers breaches and cloud service abuse as the
and difficulty faced by cloud service top threats to cloud services. Insider
providers with compliance across attacks, DOS attack, DDOS attacks,
geographic boundaries. malware attack, worm attack are major
attacks listed here. Trust need to be
CLOUD ATTACK IMPLICATIONS generated between cloud service providers
Attack implications may cause CSP, clients and customers [2].
deterioration of the provision of data and
services on cloud platform. Such possible APPLICATION BASED ATTACKS
implications are violation of data AND COUNTER MEASURES FOR
protection, malicious manipulation of data, DATA PROTECTION
denial-of-service and theft of service. In general, there are many Cloud Security
countermeasures existing as in
Cloud Attacks Category Fig.1Suppose if cloud allows for an
Authors Ajith Bailakare and Meenakshi in insecure interface for application
[1] have categorized cloud attacks based development, then a malicious code may
on cloud components as network based be inserted in an application. This is called
attacks, VM based attacks, storage based malware injection attack. Another variant
attacks, and application based attacks. Port is steganography attack where attacker
scanning, botnets, spoofing attacks are embeds his malware code within files
types of network based attacks.VM based being transmitted over network which
attack types are cross VM side channel causes security breach [3] (Minhaj, (2016).
attack, VM creation attack, VM migration In the paper [4] (Luigi, (2017)] and [5]
and rollback attacks, VM scheduler based author has given detail study of cloud
attacks. Storage based attacks types are security challenges.
In [8], (Adriano and et al. (2016)) have Computing”, Advances in Big Data
shown comparative analysis results of and Cloud Computing, Advances
Private IaaS clouds namely OpenNebula, in Intelligent Systems and
CloudStack and OpenStack. It is stated Computing, vol. 750, 2019.
that OpenStack is more resilient and
CloudStack is more flexible for deploying III. Minhaj Ahmad Khan, “A Survey
IaaS private cloud. of Security Issues for Cloud
Computing”, Journal of Network
CONCLUSION and Computer Applications, vol.
Cloud computing system as a whole is 17, pp. 11-29, 2016.
under various threats and hence solution
framework should not be limited to IV. Luigi Coppolino, Salvatore
specific type of attack only. Research need D.Antonio, Giovanni Mazzeo and
to be in that direction to give solution in all Luigi Romano, “Cloud Security:
scenarios which is a real challenge. Cloud Emerging Threats and Current
administration has to be very effective and Solutions”, vol. 59, pp. 126-140,
also client-customer communication needs 2017.
to be very secure and protected by
implementing appropriate protocols. V. Jouini, Mouna and Latifa Ben Arfa
Rabai. “A Security Framework for
REFERENCE Secure Cloud Computing
I. AjithBailakare and Meenakshi, Environments.” Cloud Security:
“An Introduction to Cloud Concepts, Methodologies, Tools,
Computing and its Security Issues and Applications, 249-263, 2019.
and Challenges - A Literature
Review”, International Journal of VI. J Oberheide, E Cooke and F
Electronics, Electrical and Jahanian, “Cloudav: N-Version
Computational System, vol. 6, Antivirus in the Network Cloud”,
Issue 5, 2017. Proceedings of the Conference on
Security Symposium, pp. 91–106,
II. Jomina John and Jasmine Norman, 2008.
“Major Vulnerabilities and Their
Prevention Methods in Cloud