International Journal of Software and Computer Science Engineering

Volume 4 Issue 2

Cloud Attack Implication and Openstack

Meenakshi*, Ramachandra AC**, Subhrajit Bhattacharya***

Assistant Professor*, Professor**, ***
Dept. of Computer Science and Engineering*, **, Dept. of Data Science***
Nitte Meenakshi Institute of Technology, Bangalore*, **, Data Science, Career Launcher, Bangalore***
Corresponding Author’s E-mail: kmeenarao@gmail.com *
DOI: http://doi.org/10.5281/zenodo.3379956

Abstract
We brief about cloud computing attacks and counter measures. Also we
explain how cloud security differs than On-Premise Security. Cloud attack
implications, attack category have been depicted. Openstack role in
addressing cloud attack is also been discussed.

Keywords: - Cloud computing, Attack, Openstack, Threat

INTRODUCTION From the definition of cloud computing we

“Cloud computing is a model for enabling can understand that five important
convenient, on-demand network access to characteristics of cloud are: on demand
a shared pool of configurable computing self-service, broad network access,
resources (e.g. networks, servers, storage, resource pooling, rapid elasticity, and
applications, and services) that can be measured service. Services are provisioned
rapidly provisioned and released with on demand by the consumer without
minimal management effort or service requiring human interaction. For example,
provider interaction.”Software as a Service a consumer can create a server time,
(SaaS), Platform as a Service (PaaS) and network storage or virtual network
Infrastructure as a Service (IaaS) are cloud segment in a self-service manner by
service models. The common cloud making an API call without interacting
deployment models are public, private, with a human at the service provider.
hybrid and community clouds.
With broad network access, cloud services
are available over a network for access and

34 Page 34-39 © MANTECH PUBLICATIONS 2019. All Rights Reserved

 International Journal of Software and Computer Science Engineering
consumers can access these services over
the Internet using standard protocols such
HTTP and HTTPS from their computer or
mobile device. With resource pooling,
provider resources are pooled to serve
multiple customers and this uses a multi-
tenant model. In this model, the provider's
physical and virtual resources are
dynamically assigned and then reassigned
according to consumer demand. For
example, when a consumer needs CPU
time to run a workload, the provider will
create a virtual machine and assign to his
tenancy and when he no longer needs that
CPU time it is reassigned to another tenant
based on demand.
With elasticity, services can be an
elastically provisioned and released, in
many cases automatically, enabling a
consumer to scale their workloads rapidly,
outward and inward, proportional with
demand. To give you an example, Amazon
Web Services (AWS), the leading public
cloud, has a feature called auto-scaling this
enables a consumer to automatically
increase the number of Amazon EC2
instances during demand spikes, to
maintain application performance and to
reduce costs, based on certain conditions
they define such as CPU and Memory
utilization. With measured service,
resource usage is monitored, controlled
35 Page 34-39 © MANTECH PUBLICATIONS 2019. All Rights Reserved
Volume 4 Issue 2
and reported to the users providing
transparency for both the provider and
consumer of the utilized
HOW CLOUD SECURITY DIFFERS
THAN ON-PREMISE SECURITY?
Due to complete almost complete
virtualization in cloud, it is possible to
access anything through console.
Understanding the access control of cloud
services or platforms plays very important
role in securing everything from console
perspective.
Ensuring the non-exposure of sensitive
data to the public is another big challenge.
Cloud provides an option to build private
network suitable to process most sensitive
data. Confidentiality of these data is purely
based on security controls which are
different than on-premise security control.
Network administrator need monitor IP
space allocated to their cloud through
vulnerability scanners.
Organizations need to share the security
responsibilities with cloud provider. For
on-premise enterprise there will be end-to
end security, controlled 100% by security
team.
No automation in on-premise security
tools like web application firewall, next
 International Journal of Software and Computer Science Engineering
generation firewalls etc. These are all
almost disconnected. It is because these
on-premise tools are not interconnected
through APIs and hence little or no
automation. It is always accountable for
the data in the cloud. In the context of
cloud, accountability is a set of approaches
to addresses two key problems: lack of
consumer trust in cloud service providers
and difficulty faced by cloud service
providers with compliance across
geographic boundaries.
CLOUD ATTACK IMPLICATIONS
Attack implications may cause
deterioration of the provision of data and
services on cloud platform. Such possible
implications are violation of data
protection, malicious manipulation of data,
denial-of-service and theft of service.
Cloud Attacks Category
Authors Ajith Bailakare and Meenakshi in
[1] have categorized cloud attacks based
on cloud components as network based
attacks, VM based attacks, storage based
attacks, and application based attacks. Port
scanning, botnets, spoofing attacks are
types of network based attacks.VM based
attack types are cross VM side channel
attack, VM creation attack, VM migration
and rollback attacks, VM scheduler based
attacks. Storage based attacks types are
36 Page 34-39 © MANTECH PUBLICATIONS 2019. All Rights Reserved
Volume 4 Issue 2
data scavenging and data de-duplication.
Application based attacks are malware
injection and steganography attacks,
shared architectures, web services and
protocol based attacks.
As per the authors John J. and Norman J.,
cloud security Alliance has identified data
breaches and cloud service abuse as the
top threats to cloud services. Insider
attacks, DOS attack, DDOS attacks,
malware attack, worm attack are major
attacks listed here. Trust need to be
generated between cloud service providers
CSP, clients and customers [2].
APPLICATION BASED ATTACKS
AND COUNTER MEASURES FOR
DATA PROTECTION
In general, there are many Cloud Security
countermeasures existing as in
Fig.1Suppose if cloud allows for an
insecure interface for application
development, then a malicious code may
be inserted in an application. This is called
malware injection attack. Another variant
is steganography attack where attacker
embeds his malware code within files
being transmitted over network which
causes security breach [3] (Minhaj, (2016).
In the paper [4] (Luigi, (2017)] and [5]
author has given detail study of cloud
security challenges.
 International Journal of Software and Computer Science Engineering
Volume 4 Issue 2

Figure1: Cloud Security Countermeasures

In [6] (Oberheide J.,(2008)) an anti-virus process logs by considering relationships

framework for securing cloud platforms of PE files. Accuracy of detection in this
has been proposed. It monitors and hinders approach is 84% as mentioned by author.
any malicious code impacting the cloud.
Host agents are analyzing all the files WHY OPENSTACK?
being transferred and suspicious files to “OpenStack is a cloud operating system
network for analysis. Average detection that controls large pools of compute,
rate is 94% as mentioned by author. storage, and networking resources
throughout a datacenter, all managed and
In [7] (Liu, (2010)) historical information provisioned through APIs with common
is used to detect malware by using logs authentication mechanisms. A dashboard
generated due to writing or creation of is also available, giving administrators
executable files in Portable Executable control while empowering their users to
format. It catches any changes made to PE provision resources through a web
files by malware. MapReduce is used to interface.”
37 Page 34-39 © MANTECH PUBLICATIONS 2019. All Rights Reserved
 International Journal of Software and Computer Science Engineering
Volume 4 Issue 2

In [8], (Adriano and et al. (2016)) have Computing”, Advances in Big Data
shown comparative analysis results of and Cloud Computing, Advances
Private IaaS clouds namely OpenNebula, in Intelligent Systems and
CloudStack and OpenStack. It is stated Computing, vol. 750, 2019.
that OpenStack is more resilient and
CloudStack is more flexible for deploying III. Minhaj Ahmad Khan, “A Survey
IaaS private cloud. of Security Issues for Cloud
Computing”, Journal of Network
CONCLUSION and Computer Applications, vol.
Cloud computing system as a whole is 17, pp. 11-29, 2016.
under various threats and hence solution
framework should not be limited to IV. Luigi Coppolino, Salvatore
specific type of attack only. Research need D.Antonio, Giovanni Mazzeo and
to be in that direction to give solution in all Luigi Romano, “Cloud Security:
scenarios which is a real challenge. Cloud Emerging Threats and Current
administration has to be very effective and Solutions”, vol. 59, pp. 126-140,
also client-customer communication needs 2017.
to be very secure and protected by
implementing appropriate protocols. V. Jouini, Mouna and Latifa Ben Arfa
Rabai. “A Security Framework for
REFERENCE Secure Cloud Computing
I. AjithBailakare and Meenakshi, Environments.” Cloud Security:
“An Introduction to Cloud Concepts, Methodologies, Tools,
Computing and its Security Issues and Applications, 249-263, 2019.
and Challenges - A Literature
Review”, International Journal of VI. J Oberheide, E Cooke and F
Electronics, Electrical and Jahanian, “Cloudav: N-Version
Computational System, vol. 6, Antivirus in the Network Cloud”,
Issue 5, 2017. Proceedings of the Conference on
Security Symposium, pp. 91–106,
II. Jomina John and Jasmine Norman, 2008.
“Major Vulnerabilities and Their
Prevention Methods in Cloud

38 Page 34-39 © MANTECH PUBLICATIONS 2019. All Rights Reserved

 International Journal of Software and Computer Science Engineering
Volume 4 Issue 2

VII. S T Liu and Y M Chen, OpenNebula, CloudStack and

“Retrospective Detection of OpenStack”, Euromicro
Malware Attacks by Cloud International Conference on
Computing”, International Parallel, Distributed, and Network-
Conference on Cyber-Enabled Based Processing, 2016.
Distributed Computing and
Knowledge Discovery, pp. 510– Cite this Article As
517,2010. Meenakshi, Ramachandra AC, Subhrajit
Bhattacharya (2019) “Cloud Attack

VIII. Adriano Vogel, Dalvan Griebler, Implication and Openstack” International

Journal of Software and Computer Science
Carlos A. F. Maron, Claudio
Engineering, 4 (2), 34- 39
Schepke and Luiz Gustavo
Fernandes, “Private IaaS Clouds: A
http://doi.org/10.5281/zenodo.3379956
Comparative Analysis of

39 Page 34-39 © MANTECH PUBLICATIONS 2019. All Rights Reserved