Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Cloud Security and Security Challenges Revisited (2405.11350v1)

Published 18 May 2024 in cs.CR and cs.DC

Abstract: In recent years, Cloud Computing has transformed local businesses and created new business models on the Internet- and Cloud services are still flourishing. But after the emphatic hype in the early years, a more realistic perception of Cloud services has emerged. One reason for this surely is that today, Cloud Computing is considered as an established and well-accepted technology and no longer as a technical novelty. But the second reason for this assessment might also be numerous security issues that Cloud Computing in general or specific Cloud services have experienced since then. In this paper, we revisit attacks on Cloud services and Cloud-related attack vectors that have been published in recent years. We then consider successful or proposed solutions to cope with these challenges. Based on these findings, we apply a security metric in order to rank all these Cloud-related security challenges concerning their severity. This should assist security professionals to prioritize their efforts toward addressing these issues.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (17)
  1. P. Mell, K. Scarfone and S. Romanosky, “Common vulnerability scoring system”, IEEE Security & Privacy, vol. 4, no. 6, 2006.
  2. FIRST.Org, Inc., 2015, “Common Vulnerability Scoring System v3.0, Specification Document”, URL: https://www.first.org/cvss/cvss-v30-specification-v1.8.pdf [accessed: 2019.04.12]
  3. L. Hay Newman, “GitHub Survived the Biggest DDoS Attack Ever Recorded”, wired.com, 2018.03.01 [accessed: 2019.04.12]
  4. A. Khadke, M. Madankar and M. Motghare, “Review on Mitigation of Distributed Denial of Service (DDoS) Attacks in Cloud Computing” in Proceedings of the 10th International Conference on Intelligent Systems and Control (ISCO), January 7–8, 2016, Coimbatore, India. IEEE, Nov. 2016, pp. 1–5, ISBN: 978-1-4673-7807-9.
  5. S .Alzahrani and L. Hong, “Detection of Distributed Denial of Service (DDoS) Attacks Using Artificial Intelligence on Cloud” in Proceedings of the 2018 IEEE World Congress on Services (SERVICES), July 2–7, 2018, San Francisco, USA. IEEE, Oct. 2018, pp. 36–36, ISBN: 978-1-5386-7374-4.
  6. L. Jaffee, “Cloud infrastructure exposed by multivector, multi-platform malware attacks prevalent, mass scale”, SC Media, January 1st, 2019, URL: https://www.scmagazine.com/home/security-news/cloud-infrastructure-exposed-by-multivector-multi-platform-malware-attacks-prevalent-mass-scale/ [accessed: 2019.04.12]
  7. A. Greenberg, “Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records”, wired.com, June 27th, 2018, URL: https://www.wired.com/story/exactis-database-leak-340-million-records/ [accessed: 2019.04.12]
  8. D. Olenick, “Misconfigured Amazon S3 Buckets allowing man-in-the-middle attacks”, SC Media, November 2nd, 2017, URL: https://www.scmagazineuk.com/misconfigured-amazon-s3-buckets- allowing-man-in-the-middle-attacks/article/1473869 [accessed: 2019.04.12]
  9. CVE database, URL: https://cve.mitre.org/cve/search_cve_list.html [accessed: 2019.04.12]
  10. Shodan search engine, URL: https://www.shodan.io/ [accessed: 2019.04.12]
  11. GitLab, “Postmortem of database outage of January 31”, February 10th, 2017, URL: https://about.gitlab.com/2017/02/10/postmortem-of-database-outage-of-january-31/ [accessed: 2019.04.12]
  12. G. Born, “Microsoft calls DNS-Problems solved”, February 12th, 2019, URL: https://www.borncity.com/blog/2019/02/12/microsoft-meldet-dns-probleme-als-behoben-11-2-2019/ [accessed: 2019.04.12]
  13. Bruno, “DIY Ransomware Kits Accessible on the Dark Web”, February 18th, 2018, URL: https://darkwebnews.com/dark-web/ransomware-diy-kits/ [accessed: 2019.04.12]
  14. D. Palmer, “This new Android malware delivers banking trojan, keylogger and ransomware”, June 15th, 2018, URL: https://www.zdnet.com/article/this-new-android-malware-delivers- banking-trojan-keylogger-and-ransomware/ [accessed: 2019.04.12]
  15. C. Nguyen, “Hacked Chrome extension disguised as legitimate version steals logins”, May 9th, 2018, URL: https://www.digitaltrends.com/computing/mega-cloud-storages-chrome- extension-hacked-to-steal-your-passwords/ [accessed: 2019.03.03]
  16. Westfälische Nachrichten, Ed., “Bagger legt Telekommunikation lahm” (Excavator paralyses telecommunication), May 29th, 2018, URL: https://www.wn.de/Muenster/Stadtteile/Mecklenbeck/3320424- Kein-Telefon-kein-Internet-Bagger-legt-Telekommunikation-lahm [accessed: 2019.04.12]
  17. Forum of Incident Response and Security Teams (FIRST), Ed., “Common Vulnerability Scoring System Version 3.0 Calculator”, URL: https://www.first.org/cvss/calculator/3.0 [accessed: 2019.04.12]
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets