III. Exploitation on Cloud Computing


/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */

Cloud computing inherits security vulnerabilities from the Internet and makes them more significant when incorporating resource concentration and multi-tenancy sharing approach. Major cloud-specific vulnerabilities include: (1) Economic Denial of Service; (2) Compromise of Service Engine; (3) Interception and Leakage of Data in Transit

Major Vulnerabilities in Cloud Computing Environment

1. Economic Denial of Service (EDoS)

EDoS attempts to consume IT resources maliciously that result in economic damage to their owners. Universities' resources in the cloud can be harmed by the following kinds of EDoS attacks:


Identity theft - an attacker hijacks the user accounts of universities' members and uses them for his personal gain or to damage universities economically.


Resource Abuse - If effective limits on the usage of paid resources from the cloud service providers, malicious actions can be made by attackers to create unexpected consumption of such resources.


Public Channel Attack - Cloud services delivered through public channel, such as metering per HTTP requests, are vulnerable to attacks from the public Internet, such as Disturbed Denial of Service (DDoS).


2. Compromise of Service Engine

Cloud architecture relies on a highly specialised platform, the service engine that sits above the physical hardware resources and manages customer resources at different levels of abstraction.

An attacker can compromise the service engine by hacking it from inside a virtual machine (IaaS clouds), the runtime environment (PaaS clouds), the application pool (SaaS clouds), or through its Application Programming Interface (API).


3. Interception or Leakage of Data in Transit

Being a distributed architecture based on the Internet technologies, cloud computing implies more data in transit than traditional infrastructures. Data must be transferred between remote web clients of universities and cloud infrastructure to synchronise multiple distributed machine images, images distributed across multiple physical machines. Secured data transmission mechanism like Virtual Private Network (VPN) is not always followed in the cloud context.

Sniffing, spoofing, main-in-the-middle attacks, side channel and replay attacks are potential threat sources that can be used by attackers to exploit this vulnerability.




[Previous section] [Next section]