Problem Statement Discussion and Justification
Cloud users face security threats both from outside and inside the cloud. Many of the security issues involved in protecting clouds from outside threats are similar to those already facing large data centers. In the cloud, however, this responsibility is divided among potentially many parties, including the cloud user, the cloud vendor, and any third-party vendors that users rely on for security-sensitive software or configurations. The cloud user is responsible for application-level security. The cloud provider is responsible for physical security, and likely for enforcing external firewall policies. Security for intermediate layers of the ...view middle of the document...
The one important exception is the risk of inadvertent data loss. It's difficult to imagine someone spying on the contents of virtual machine memory; it's easy to imagine a hard disk being disposed of without being wiped, or a permissions bug making data visible improperly.
Traditional attacks on software
They are related to the vulnerability of network protocols, operating systems, modular components, and others. These are traditional threats, and to protect from them it will be sufficient to install an anti-virus, firewall, IPS, and other components discussed. It is important that these remedies should be adapted to a cloud infrastructure, and work effectively in virtualization (Winkler, 2011).
Functional attacks on elements of the cloud
This type of attacks is associated with multi-layer nature of clouds, the general principle of security that the general protection of the system is equal to the protection of the weakest link. Thus, a successful DoS-attack on the reverse proxy placed in front of the cloud will block the access to the entire cloud, despite the fact that all the connections inside the cloud will operate without interference (Winkler, 2011). Similarly, SQL-injection coming through an application server will provide access to system data regardless of the access rules in data storage layer. To protect against functional attacks each layer of the cloud should use a specific means of protection: for the proxy - protection against DoS-attacks, the Web server - control over the integrity of pages, for the application server - applications level screen, for DBMS layer - protection from SQL-injections, for storage system - backup and access control. Individually, each of these protective mechanisms is already created, but they are not combined together for the comprehensive protection of the cloud, that is why the task of integrating them into a single system should be solved during the creation of the cloud (Sun et al., 2011).
Attacks on the client
This type of attacks is worked out in the Web environment, but it is also relevant for the cloud, since the clients are usually connected to the cloud through the browser. It includes such attacks as Cross Site Scripting (XSS), interceptions of web sessions, stealing passwords, man in the middle, and others (Kifayat et al., 2010). Protection against these attacks is traditionally a strict authentication and use of an encrypted connection with mutual authentication, but not all of the creators of clouds cannot afford such a wasteful and usually not very convenient means of protection (Winkler, 2011). Therefore, there are still unsolved problems in this field of information security, and the space to create new remedies.
Threats to virtualization
As the virtual environments are traditionally a platform for cloud components, the attack on the virtualization system also threaten the whole cloud as a whole (Trivedi & Pasley, 2012). This type of threat is unique in cloud computing,...