Security is often cited as the main argument in favor of cloud-based services. Nevertheless, despite significant progress in the field, a number of security concerns remain relevant for the technology. The following paper presents an overview of possible attacks carried out outside the cloud and outlines the possible approaches for addressing the risks.
We will write a custom Essay on Cloud Computing-Related Attacks and Risks specifically for you
301 certified writers online
The first type of attack that may be carried out by the program outside the cloud is known as traffic eavesdropping. This type of attack occurs when a message sent by the cloud service consumer gets intercepted by an external party on its way to the service located in the cloud. Traffic eavesdropping is not unique to cloud services and is used to target a wide variety of systems that allow for such a possibility.
It should be understood that eavesdropping does not introduce any malicious code into the intercepted data, which is delivered to the intended destination unaltered. Nevertheless, it creates a significant threat to data security and confidentiality. In addition, due to its passive nature, such a technique can be used discretely and is extremely difficult to locate. The most common solution to remediating the eavesdropping attack is to use encryption for data sent to the cloud.
The messages can be encrypted using a key shared by the sender (service consumer) and the recipient (cloud service). While it would still be possible to intercept the encrypted data, decrypting it without a key would be a highly unlikely event (Tang et al., 2016). Thus, the data will only exist in a decrypted state outside the communication channel, rendering the interception useless.
The second possibility is a denial of service (DoS) attack. This type of attack relies on exceeding the operational capacity of the server – in this case, the physical hardware that hosts virtual services and programs. A typical DoS attack involves a number of users who initiate a series of repeated actions expected to load the targeted services. At a certain level of workload, the number of requests is expected to exceed the operational capacity of the service, at which point it begins to degrade or shuts down completely (Wang, Zheng, Lou, & Hou, 2015).
At this point, it is important to note that the majority of cloud-based services are dynamically adjusted in response to the changes in the workload. Nevertheless, the capacity for change in this situation is limited by the properties of the physical medium that handles the virtual services. Thus, once the physical servers are unable to keep up with the network load, the services dependent on these servers become inaccessible to any consumer outside the cloud.
The situation is further complicated by the fact that the described setup can host any number of services, which are expected to be equally impacted by the attack. Despite the growing awareness about DoS attacks, the definitive remediating measures for them are scarce. The cloud providers are advised to develop detection and mitigation strategies that would make the recovery process easier. In addition, it is necessary to incorporate risk analysis into the service strategy framework in order to enhance readiness and minimize the adverse effects of an attack.
The third type of attack is similar to passive eavesdropping, with an important distinction that the intercepted data gets modified before being passed over in the initial destination. This type is known as a malicious intermediary and is often performed by a service agent, such as that used between service consumer B and virtual server B in the scheme. A typical malicious intermediary attack occurs when a service agent eavesdrops on data transfer, intercepts a message, modifies it, and forwards it to the addressee.
The modification can be used to render the data unusable by introducing unrecoverable errors to the message or compromising its integrity by altering its content in a specific way. However, the most significant threat is the possibility to inject malicious data that will then be sent to the virtual server hosted on a cloud (Rabai, Jouini, Aissa, & Mili, 2013). The risk is further increased by the fact that such an approach allows the attacker to bypass some of the security measures used by the cloud service provider since the harmful code is disguised as a message and may not show malevolent actions for some time.
The essential level of protection from malicious intermediary can be achieved by encrypting the data sent to the cloud. In addition, it is recommended to monitor the virtual servers for suspicious activity since this is the stage at which the harmful effects can be detected.
As can be seen, cloud technology remains vulnerable to a number of attack types. Some of these types occur entirely outside the cloud, whereas others may potentially disrupt the entire system. In order to address these concerns, it is recommended to develop a comprehensive solution that would combine traditional precautionary measures with innovative ones.
Rabai, L. B. A., Jouini, M., Aissa, A. B., & Mili, A. (2013). A cybersecurity model in cloud computing environments. Journal of King Saud University-Computer and Information Sciences, 25(1), 63-75.
Tang, J., Cui, Y., Li, Q., Ren, K., Liu, J., & Buyya, R. (2016). Ensuring security and privacy preservation for cloud data services. ACM Computing Surveys (CSUR), 49(1), 1-39.
Wang, B., Zheng, Y., Lou, W., & Hou, Y. T. (2015). DDoS attack protection in the era of cloud computing and software-defined networking. Computer Networks, 81, 308-319.