Problem Statement Discussion and Justification Cloud users face security threats both from outside and inside the cloud. Many of the security issues involved in protecting clouds from outside threats are similar to those already facing large data centers. In the cloud, however, this responsibility is divided among potentially many parties, including the cloud user, the cloud vendor, and any third-party vendors that users rely on for security-sensitive software or configurations. The cloud user is responsible for application-level security. The cloud provider is responsible for physical security, and likely for enforcing external firewall policies. Security for intermediate layers of the software stack is shared between the user and the
…show more content…
Individually, each of these protective mechanisms is already created, but they are not combined together for the comprehensive protection of the cloud, that is why the task of integrating them into a single system should be solved during the creation of the cloud (Sun et al., 2011).
Attacks on the client
This type of attacks is worked out in the Web environment, but it is also relevant for the cloud, since the clients are usually connected to the cloud through the browser. It includes such attacks as Cross Site Scripting (XSS), interceptions of web sessions, stealing passwords, man in the middle, and others (Kifayat et al., 2010). Protection against these attacks is traditionally a strict authentication and use of an encrypted connection with mutual authentication, but not all of the creators of clouds cannot afford such a wasteful and usually not very convenient means of protection (Winkler, 2011). Therefore, there are still unsolved problems in this field of information security, and the space to create new remedies.
Threats to virtualization
As the virtual environments are traditionally a platform for cloud components, the attack on the virtualization system also threaten the whole cloud as a whole (Trivedi & Pasley, 2012). This type of threat is unique in cloud computing, that is why it is discussed in