Security Threats in Cloud Computing and Effective Preventive Methods

Verified

Added on 2021/06/17

AI Summary

This report provides a comprehensive overview of security threats in cloud computing. It begins by defining cloud computing and highlighting its benefits, such as increased resource utilization and cost reduction. However, it emphasizes the associated security risks due to the shared and open nature of cloud environments. The report details various security threats, including abusive usage, insecure APIs, insider threats, vulnerabilities from shared technology, data loss, SQL injection attacks, cross-site scripting (XSS) attacks, man-in-the-middle attacks, sniffing attacks, denial-of-service attacks, and cookie poisoning. For each threat, the report offers a concise explanation. Furthermore, the report discusses several countermeasures to mitigate these threats, such as enhancing security policies, access management, data protection, and implementing security techniques like file allocation table (FAT) architecture. The report also includes a review of related research, highlighting the ongoing efforts to address cloud security challenges and the importance of developing new security techniques to adapt to the evolving cloud environment.

SECURITY THREATS IN CLOUD COMPUTING
AND PREVENTIVE METHODS.
ABSTRACT - Cloud computing is a technology that is
used to provide products and services whose foundation is the
extensive study carried out on distributed computing,
virtualization, utility computing, networking and finally
software and web services. It allows for the sharing and
access of resources of computer applications over the internet
unlike the traditional architecture of applications where
access is through client and the applications are located in a
server or machines belonging to the client. Due to this aspect
of sharing resources that are distributed over the internet and
over an open environment, there has been an increased level
of insecurity since important resources are channeled to a
third party. This poses a challenge in maintaining privacy
and the security of the data, data support and the availability
of service. This is where the security threats come in. [1]They
are caused by the above vulnerabilities and they include:
denial of service attack, intrusion on the network,
authentication among others. In this research paper, an
overview of security threats in the cloud is illustrated together
with the solutions that are being used currently to counter the
threats and also proposes the future work of research on the
same.
Keywords-Cloud computing, Security Threats, Privacy.
1. INTRODUCTION
Cloud computing provides numerous favorable aspects, for
example, an increase in hardware resources utilization,
reduction in costs, scalability and deployment that is easy. Due
to this, majority of the well-known companies such as Amazon
have already implemented cloud computing. Additionally, the
number of clients such as Google Drive, LinkedIn among
others, shifting their information to cloud has greatly increased.
Numerous security policies of business level, practices, and
standards are not executable in cloud since distinctive
protection dangers come up[8]. Challenges are still present in
regard to the security of the cloud despite of the large number
of studies carried out by the researchers over the past ten years.
In order to come up with effective preventive measures, use the
existing or new mechanisms on the risks of security in cloud,
its essential that clients, providers of service, innovators and
scholars to first critically analyze and study the risks involved.
Hence, research on the dangers of security in the cloud needs
to carried out so as to acquire the results from the point of view
of exploration.
2. SECURITY THREATS IN CLOUD COMPUTING
Being an upcoming technology, cloud computing enables
sharing of resources as well as reduction of the costs involved.
The costing procedure applied in cloud computing depends on
how the client uses the resource as the clients pay according the
usage[12]. Based on the fact that the resources in the cloud are
shared over the internet, the problem with the security comes in
as threats are posed to the data stored in the cloud. The
following segment contains the threats posed to the data in the
cloud:
Abusive Usage of Cloud Computing.
This is a major threat discovered by Cloud Security
Alliance[3]. A good example is the usage of botnets in
spreading malware and spam. Invaders may inject malware
over a large number of computers and exploit the abilities of
infrastructure of the cloud to harm various computers through
intrusion.
Insecurity in Interfaces of the programming
Application.
Clients mainly use APIs and interfaces of software to
connect with the services offered by the cloud. Due to this fact,
the APIs, and the interfaces of the software require to be
strongly protected in that, the process of authentication should
be strictly secure as well as control of access, encryption,
mechanisms of monitoring activities. This should be strictly
adhered to in the case where third parties engage themselves in
the service of cloud.
Spite from the Insiders
Based on the fact that majority of the providers of service
maintain the secrecy as to who they employ, the manner in
which they delegate to them the access rights or the way they
observe them, spite from the insiders becomes trickier and a
crucial threat. In order to achieve a cloud that is free from
threats from the insiders, it’s crucial that transparency become

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

the center of concentration in regard to this threat together with
reporting of compliance and notification of any kind of breach.
Vulnerabilities from sharing Technology
Sharing of infrastructure is majorly used by the suppliers of
IaaS. Unfortunately, the initial intention of these segments used
on to base that was totally different. In order to ensure that
clients do not over crowd on each other’s domain, monitoring
and centralization of management needs to be achieved.
Loss of Data.
The possibility of the loss of Data and theft is always present
whether it’s by erasing with no prepared backup or by losing
the key of encoding or by illegal access. This can adversely
affect businesses as besides destroying their regard, the law
obliges them to protect it against destruction and theft as well
as privacy.
Attacks of injections in SQL.
An attacker injects a harmful code inside a code of SQL that is
standard. In this way, the attackers are able to illegally reach to
database and view confidential data.
Attacks of Cross Site Scripting (XSS).
This is where harmful scripts are forced into the web. There
are two ways of executing the attack: through XSS which are
stored whereby the script is maintained eternally inside the web
application managed resource. On the other hand, XSS that is
reflected is where the invader only stores the script temporarily.
[4].
Man in the Middle attacks.
This occurs when an attacker invades a conversation that is
being held between a client and a sender and sends incorrect
data and acquires the right and essential data being conveyed.
Attacks by Sniffers
Some applications can seize packets moving within a network
in case the kind of data that is being moved has not been
encrypted and is readable. These attacks are triggered by the
applications explained above. When a program used in sniffing
is introduced in the network using the Network Interface Card,
data connected to various systems is recorded.
Attacks of Denial of Service.
This is a digital assault whereby the culprit looks to cause a
network or machine assets inaccessible for its proposed clients
by incidentally or inconclusively upsetting administrations of
the host associated with the Internet.
At times an error is seen and one is unable to get to a site
when browsing. This is due to a challenge of the very large
number of requests made in order to get to the site.
Poisoning of Cookie
This is the change of a cookie (individual data in a Web
client's PC) by an aggressor to increase unapproved data about
the client for uses, for example, theft of the identity. The
assailant may utilize the data to create new records or to access
the client's current records.
Due Diligence that is Inadequate.
At the point when officials make business systems, cloud
advancements and specialist organizations must be viewed.
Building up a decent guide and agenda for due perseverance
while assessing advancements and suppliers is fundamental for
the best shot of progress. Associations that hurry to embrace
cloud innovations and pick suppliers without performing due
tirelessness open themselves to various dangers.
3. COUNTERMEASURES
The following strategies can be used to counter the
security threats facing cloud computing:
Enhancement of the Policy of Security.
Services offered by the cloud providers can be used after a
client registers by the use of a credit card which is valid.
This offers an advantage to hackers whereby they exploit the
powerful nature of the clouds to execute illegal actions which
include attacking and spamming other systems of computing.
Conduct of such behavior of abuse created by the frail nature
of the systems of registration, monitoring of credit cards to
evaluate fraud and blocking black lists that are public may be
executed. To reduce the abusive use of the power of the cloud,
policies of security can be implemented. To effectively manage
clouds, regulations and rules that are well structured and
stipulated may offer great assistance to the administrators of
the network.
Management of Access.
The client’s information contained in cloud is secretive and
delicate. [6]Therefore, the mechanisms of control of access
may be used to make sure that just the clients who are
authorized can gain access to the information provided. Besides
constantly monitoring the systems of computers that are
physical, restrictions on the access traffic of data needs to be
observed by the use of the techniques of security. Some various
tools such as systems of detection of intrusion and firewalls
have been used to limit intrusion from resources that are not
trustworthy and to observe activities that are malicious.

Furthermore, standards of authentication, eXtensible Access
Control Markup Language (XACML) and Security Assertion
Markup Language (SAML) may be applied to limit entrance to
the applications of cloud and data. The main focus of SAML is
the ways in which decisions of authorization and authentication
can be transferred between connected objects and on the other
hand, the main focus of XACML is the strategies to be used to
come up with the decisions of approval.
Protection of Data.
Breaches of data created by insiders may be intentional or
accidental. As it’s not easy to recognize the behavior of the
insider, it’s advisable to use tools of security that are proper in
order to handle the threats of the insider.[6] These equipment
comprises of: systems of prevention of loss of data, tools of
detection of patterns of behavior that is not normal, tools of
encryption and preservation of format, profiling of the behavior
of the user, technology that is decoy and validation and
approval know-hows. The discussed equipment offers roles
which include detection of real time on traffic monitoring,
recording trails of audit for the forensic of the future among
others.
Implementation of Security Techniques.
The attack of injection of malware may be avoided by the
use of the architecture of the system of File Allocation Table
(FAT) [5]. According to the table of FAT, the possibility of a
customer running can be identified earlier on. Storing the value
of hash in the file image of the original case of service is
another option of avoiding attacks of injection of malware[12].
Identification of instances of malicious can be achieved by
the performance of checks of integrity between new and
original instances of service images.
4. RELATED WORK
Analysis of the choices of design which permits systems of
management of data that are scalable and modern in order to
attain magnitude orders with levels of scalability that are high
in comparison with databases that are traditional was carried
out by [8].
Definition of a group of ideas and the association being
executed in the domain of ISSRM inside the diagram class of
UML was carried out by[10] . The results of the study carried
out included the development of the diagram of class with
characters expressing the metrics elicited.
[5] on the other hand substantiated that the main concern
regarding the security of the cloud within the models of the
cloud computing included division of assets. Therefore,
development of new techniques of security is required and
techniques of security used previously required to be disposed
in order to utilize the architecture of the cloud. The new model
of delivery brings in new methods by which usage and access
of assets can be used hence, injecting the technology of
security that is already in existence cannot augur well with the
new technology.
The analysis of present gaps and the emerging trends in
research regarding cloud computing founded on literature of
systems information, reports of industry and reflections of
experiences that are practical was given out by [11]in form of a
summary that was brief. More so, the summary outlines the
importance of computing of cloud and the effects on academics
and practitioners.
Finally, brought about a thorough analysis of issues of
security in cloud computing and problems majoring on the
types of cloud computing and the types of delivery of
service[13].
Figures
Fig 1. Secure architecture of cloud.
5. PROPOSED DESIGN
Customers trying to shift to cloud are bothered by the
security issue which pulls them behind. The following
architecture design can be used to address various security
concerns. A diagram illustrating the same is shown in Fig.1.
i. Provision of a Single Sign On

Multiple logins in cloud lead to problems in authentication, to
address this, a complex authentication at the level of the user
can be catered for in the cloud.
ii. Increasing Availability
Dynamic loading of the server and balancing of the ISP load
can be enabled to intensify the availability of data within the
infrastructure of the network.
iii. Depth Method Protection
Suitable components of prevention and interference exposure
in a network should be provided. Apart from the use of
firewalls of the first generation, implementation of better
virtual firewalls need to be considered.[9] To enhance network
protection against individuals within and threats that generate
from within.
iv. Use of a Single Console of Management.
More devices for protecting the network are put in place to
guard the network that is virtual.
6. CONCLUSION
Cloud computing is a great and rising innovation for the up
and coming age of IT applications. Despite the fact that cloud
computing has numerous points of interest, there are as yet
numerous genuine issues that should be dealt with. The income
estimates suggest that cloud computing is an industry to
consider. In any case, from another point of view, present
vulnerabilities in the model of the cloud will build the dangers
from hackers. As indicated by the models of service delivery,
models of deployment and fundamental aspects of cloud
computing, security of the data and issues with the protection
of privacy are the basic issues that should be dealt with soonest.
Information security and protection issues are present in all
models of service delivery of SPI as well as in all phases of the
life cycle of data. Problems in protection of privacy include
sharing information while protecting individual data. The
capacity to manage the kind of data to uncover and who can get
to that data via the Internet has turned into a developing issue.
Various procedures have been offered by specialists for
protection of information and achieving the highest level of
protection of information in cloud. Still, many gaps need to be
resolved in perfecting the strategies involved.
Approval and systems of access control should accomplish a
bound together, adaptable and reusable model of access control
and address the issue of access that is fine-grained approval.
Mechanisms of privacy protection that are based on
accountability will accomplish real time and dynamical inform,
auditing and authorization for the information proprietors when
their private information is being gotten to.
ACKNOWLEDGEMENT
Special thanks to Almighty for enabling us to see this
research through. I acknowledge my friends and fellow
students who assisted in who offered support during my
research. I also acknowledge my tutors for their continued
support especially in knowledge-sharing as well as continually
availing of quality assistance in the challenging sectors in my
study.
References
[1]M. McIntosh, P. Austel, "XML signature element
wrapping attacks and countermeasures", Workshop On
Secure Web Services, 2010.
[2]. Kouchaksaraei Hadi, G. Chefranov, "Countering
Wrapping Attack on XML Signature in SOAP Message for
Cloud Computing", vol. 0441, 2013.
[3]. C. Mainka, M. Jensen, L. Lo Iacono, J. Schwenk, I.
Ivanov, M. Sinderen, F. Leymann, T. Shan, "Making XML
Signatures Immune to XML Signature Wrapping
Attacks", Cloud Computing and Services Science
Springer International Publishing, vol. 367, pp. 151-167,
2013.
[4]. Pavan Muraidhara, "Security issues in cloud
computing and its countermeasures", International
Journal of Scientific & Engineering Research, vol. 4, no.
10, October 2013.
[5]. M. Jensen, J.O. Schwenk, N. Gruschka, L.L. Iacono,
"On Technical Security Issues in Cloud
Computing", IEEE International Conference on Cloud
Computing (CLOUD-II 2009, pp. 109-116, 2009.
[6]. Constantin Lucian, "Researchers Demo Cloud
Security Issue with Amazon A WS
Attack", Computerworld, Oct 2011.
[7]. J. Miranda, J. Guillén, C. Canal, "Identifying
Adaptation Needs to Avoid the Vendor Lock - in Effect in
the Deployment of Cloud SBAs", pp. 12-19, 2012.
[8]. Guillén Joaquín et al., "Decoupling Cloud Applications
from the Source - A Framework for Developing Cloud
Agnostic Software", 2012.
[9]N. Gruschka, L. Lo Iacono, "Vulnerable Cloud: SOAP
Message Security Validation Revisited “ in ICWS
‘09", Proceedings of the IEEE International Conference
on Web Services, 2009.
[10].
Bhaskar Prasad, Eunmi Choi Rimal, "A taxonomy and
survey of cloud computing systems", 2009 Fifth
International Joint Conference on INC IMS and IDC
published by IEEE Computer Society.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

[11] D. Balfanz, R. Chow, O. Eisen, M. Jakobsson, S.
Kirsch, S. Matsumoto, J. Molina, P. C. van Oorschot,
"The future of authentication", IEEE Security & Privacy,
vol. 10, no. 1, pp. 22-27, 2012.
[12]. D. Balfanz, R. Chow, O. Eisen, M. Jakobsson, S.
Kirsch, S. Matsumoto, J. Molina, P. C. van Oorschot,
"The future of authentication", IEEE Security & Privacy,
vol. 10, no. 1, pp. 22-27, 2012.
[13]. M. Chauhan, M. Ali Babar, "Migrating service-
sriented system to cloud computing: an experience
report", IEEE 4th International Conference on Cloud
Computing (CLOUD), pp. 404-411, 2011.
.