To search, Click below search items.


All Published Papers Search Service


How Secure is Your Cloud: Classification of Security Threats and Countermeasures within Cloud Computing


Atif Saeed, Muhmmad Shahid, Mohammed A. Alghamdi, Khalid Masood, Arfan Ali Nagra, Muhmmad Asif


Vol. 20  No. 5  pp. 22-43


Cloud computing is a contemporary cost-effective model in which the computing resources are dynamically scaled-up and scaled-down to customers, hosted within large- scale multi-tenant systems. These motivations can attract orga- nizations to shift their sensitive data and critical infrastructure on cloud environments. But the cloud environments are facing a large number of challenges of misconfigurations, cyber-attacks, root-kits, malware instances etc which manifest themselves as a serious threat to cloud environments. These threats noticeably decline the general trustworthiness, reliability and accessibility of the cloud. Security is the primary concern of a cloud service model. However, a number of significant challenges revealed that cloud environments are not as much secure as one could expect. cloud providers have implemented different security perimeters to mitigate these attacks but these strategies are not impenetrable. A myriad of previous studies have demon- strated how cloud environment could be vulnerable to attacks through shared file systems, cache side-channels, or through compromising of hypervisor layer using rootkits. Thus, the threat of attacks is still possible because an attacker uses one VM to control or access other VMs on the same hypervisor. This paper presents the classification of security attacks across different cloud services. It also indicates attack types and risk levels associated with different cloud services. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services.


Cloud Computing, Cross-VM attacks, Countermeasures, Virtual Machine, Virtualization.