In this blog, I will review two peer-reviewed journals.

The first is Security Threats in Cloud Computing.

The problem discussed in Cloud Computing is how the customer’s information must always be safe and secure, the journal also explains that Service providers must assure the availability and reliability of services to the consumers available anytime, anywhere using internet, plus security, safety, data protection and Privacy is also exercised. Shaikh, F. B., & Haider, S. (2011, December)

The issue with this is that even if a Cloud provider does their best to protect their service, the user also has to do their part. “It is stated that highly flexible but very complex cloud computing services are configured using web interface by users but wrong configuring of cloud computing by users may lead to vulnerable security threats and can cause security incidents.” Shaikh, F. B., & Haider, S. (2011, December)

Cloud security is important to protect not only the service provider but the user, security is the first rule anyone should perform when creating a cloud infrastructure.

From my experience using Cloud systems, one that does it really well is AWS who highly suggests creating IAM accounts (Identity and Access) which is the same as setting user accounts on a PC, some accounts can install programs and some can’t and in the case of Cloud computing some can create VM’s and some can only monitor them. This protects the Owner from angry employees and from employee mistakes. Check out my blog post about IAM accounts here: https://techdox.nz/2017/03/08/introduction-to-aws-identity-and-access-management-iam/

My next chosen Journal is All Your Clouds are Belong to us – Security Analysis of Cloud Management Interfaces.

The problem discussed here is not about the service providers faultlessness or trust but talks about the service provider being attacked, and since a server hosts typically more than one service is can cause a massive issue. “another important area is often overlooked: if the Cloud control interface is compromised, the attacker gains immense potency over the customer’s data.” Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., & Lo Iacono, L. (2011, October)

Multiple security issues are mentioned in this journal that I wish to add in. We demonstrate that these control interfaces are highly vulnerable to several new and classical variants of signature wrapping Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., & Lo Iacono, L. (2011, October). An XML signature wrapping attack is when an attacker can change the signed message to the receiving service, and the reciver cannot tell it’s been modified. The reason for this easiness is that one can generate arbitrary SOAP messages accepted by this interface from only one valid signature Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., & Lo Iacono, L. (2011, October)

The issue here is mentioned in the contribution section of this journal they mention that the XML attacks are “yet to be resolved or understood. We pair this with giving an overview of the (in)secure countermeasures” Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., & Lo Iacono, L. (2011, October)

This is a very interesting paper as they go more into detail of the attack process and actually perform the attacks and show in detail what happens. If anyone is interested in reading this here is the journal.

http://ei.rub.de/media/nds/veroeffentlichungen/2011/10/22/AmazonSignatureWrapping.pdf

 

References

Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., & Lo Iacono, L. (2011, October). All your clouds are belong to us: security analysis of cloud management interfaces. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (pp. 3-14). ACM.

Shaikh, F. B., & Haider, S. (2011, December). Security threats in cloud computing. In Internet technology and secured transactions (ICITST), 2011 international conference for (pp. 214-219). IEEE.

 

%d bloggers like this: