Cloud computing is generally posed as a safe solution for consumers. Nevertheless, several threats pertinent to the technology still pose a serious concern. The following paper provides an example of a security breach in the cloud service by identifying and justifying the legitimate source of malicious data.
While it is difficult to identify the legitimate source of data with a reasonable degree of certainty, it is possible to model its most probable origin. For instance, the fact that the malicious software was established to originate from a message sent by cloud service Y, it is apparent that the source of threat is definitely on the cloud. However, it is important to note that the virtual server that hosts the compromised cloud service does not communicate with any entities other than the targeted cloud service consumer.
While a connection also exists between the two virtual servers, this route is indirect (since both servers communicate with the real hardware rather than between each other) and one-directional (since no operations aside from logging to a hardware server are identified in the cases). Therefore, it becomes necessary to explore the possible ways in which it could have appeared on the virtual server.
First, it is necessary to acknowledge the possibility that the malicious code was deployed onto the virtual server Y as a result of an insider job. In this scenario, an employee who is authorized to operate the service has a hypothetical ability to access the server and deploy the malicious code (Modi, Patel, Borisaniya, Patel, & Rajarajan, 2013). Importantly, the described action does not have to be intentional. It is equally possible that the introduction of the data occurs as a result of the use of an operating system or a tool that is compromised without the user’s awareness. However, it is worth noting that the probability of such a scenario is relatively low.
First, it requires significant negligence demonstrated by the cloud service provider who would authorize access from a device that may potentially contain insecure code. Second, the hypothetical attacker needs to aim at a specific consumer (otherwise, other virtual services would be treated in the same way, which is not the case in the situation at hand. Therefore, it is necessary to seek a more plausible explanation.
The second possibility is the delivery of the code onto the virtual server Y from the hardware machine that hosts both virtual services. In order for such a situation to become a reality, it is necessary for the malware to be able to pose as a part of the software and thus bypass the security systems of the virtual service and consumer by masking its identity. While the probability of such a chain of events is low, it has been reported as one of the viable threats to cloud computing services in a report from East Carolina University (Chou, 2013).
From this standpoint, it is possible to view cloud server X as a channel that introduced the malware into the system. Two possible ways of introduction can be considered. The first one is similar to that described in the previous section and requires the involvement of an insider (e.g., a deliberate injection or an involuntary introduction of threat). However, in order for it to be possible, the malicious code in question needs to be able to function in tandem with the cloud services located on the physical server.
Otherwise, it would be nearly impossible to transfer malware between two virtual environments that are technically disconnected. Such capabilities are extremely unlikely to occur in the case of an accidental breach and can be safely ignored. The second possibility is that the code was delivered to virtual server X using the route from consumer A. This assumption requires one of three conditions. First, cloud service consumers must aim specifically at cloud service consumer B – otherwise, the delivered code would have the same effect on both consumer services. Second, the malware should be able to bypass the security systems of a virtual server and integrate into the operations of the physical one, which is beyond the capabilities of the majority of the known pieces of malicious data.
In other words, it is highly unlikely that the described event has happened accidentally, whereas a deliberate attack requires a certain degree of malevolence on the part of the consumer. Third, the code can be introduced by a service agent during the interception and modification of messages from consumer A (Fernandes, Soares, Gomes, Freire, & Inácio, 2014). While this option still requires a highly specialized nature of malicious data, it can be accomplished by a third party who has access to the agent outside the cloud.
Considering the information above, it is reasonable to offer the following scenario. The data transmitted by cloud service consumer A gets intercepted by service agent A, which modifies it by adding the malicious data. The modified message is then passed onto virtual server X. Once the cloud starts working in conjunction with the malicious code, other virtual entities, including server Y, get infected and start sending modified messages in response to those from consumer B, at which point a successful attack occurs.
Reference
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79-88.
Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M. M., & Inácio, P. R. (2014). Security issues in cloud environments: A survey. International Journal of Information Security, 13(2), 113-170.
Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of cloud computing. The Journal of Supercomputing, 63(2), 561-592.