Classifying Security Threats in Cloud Networking

Bruno M. Barros, Leonardo H. Iwaya, Marcos A. Simplício Jr., Tereza C. M. B. Carvalho, András Méhes, Mats Näslund

2015

Abstract

A central component of managing risks in cloud computing is to understand the nature of security threats. The relevance of security concerns are evidenced by the efforts from both the academic community and technological organizations such as NIST, ENISA and CSA, to investigate security threats and vulnerabilities related to cloud systems. Provisioning secure virtual networks (SVNs) in a multi-tenant environment is a fundamental aspect to ensure trust in public cloud systems and to encourage their adoption. However, comparing existing SVN-oriented solutions is a difficult task due to the lack of studies summarizing the main concerns of network virtualization and providing a comprehensive list of threats those solutions should cover. To address this issue, this paper presents a threat classification for cloud networking, describing threat categories and attack scenarios that should be taken into account when designing, comparing, or categorizing solutions. The classification is based on the CSA threat report, building upon studies and surveys from the specialized literature to extend the CSA list of threats and to allow a more detailed analysis of cloud network virtualization issues.

References

  1. Barjatiya, S. and Saripalli, P. (2012). BlueShield: A Layer 2 Appliance for Enhanced Isolation and Security Hardening among Multi-tenant Cloud Workloads. IEEE Int. Conf. on Utility and Cloud Comp., pages 195-198.
  2. Basak, D., Toshniwal, R., Maskalik, S., and Sequeira, A. (2010). Virtualizing networking and security in the cloud. SIGOPS Oper. Syst. Rev., 44(4):86-94.
  3. Catteddu, D. (2010). Cloud computing: Benefits, risks and recommendations for information security. In Serra˜o, C., Aguilera Díaz, V., and Cerullo, F., editors, Web Application Security, volume 72 of CCIS, page 17.
  4. Chowdhury, N. and Boutaba, R. (2010). A survey of network virtualization. Comput. Netw., 54(5):862-876.
  5. Cohen, R., Barabash, K., Rochwerger, B., Schour, L., Crisan, D., Birke, R., Minkenberg, C., Gusat, M., Recio, R., and Jain, V. (2013). An intent-based approach for network virtualization. In IFIP/IEEE INM'13.
  6. CSA (2011). Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. Technical report, CSA.
  7. CSA (2013). The Notorious Nine Cloud Computing Top Threats in 2013. Technical report, CSA.
  8. ENISA (2013). Threat landscape 2013-overview of current and emerging cyber-threats. Technical report, ENISA.
  9. Gonzalez, N., Miers, C., Redígolo, F., Jr. Simplicio, M., Carvalho, T., Näslund, M., and Pourzandi, M. (2012). A quantitative analysis of current security concerns and solutions for cloud computing. JCC, 1(1):1-18.
  10. Hao, F., Lakshman, T. V., Mukherjee, S., and Song, H. (2010). Secure Cloud Computing with a Virtualized Network Infrastructure. In Proc. of the USENIX.
  11. Mattos, L. F. D. and Duarte, O. C. M. B. (2013). A Mechanism for Secure Virtual Network Isolation Using to Hybrid Approach Xen and OpenFlow. In SBSeg'2013.
  12. Mell, P. and Grance, T. (2011). The NIST definition of cloud computing (draft). Technical report, NIST.
  13. Myagmar, S., Lee, A., and Yurcik, W. (2005). Threat modeling as a basis for security requirements. In SREIS.
  14. Natarajan, S. and Wolf, T. (2012). Security issues in network virtualization for the future internet. In ICNC.
  15. NIST (2011). Guide to Security for Full Virtualization Technologies. Technical report, NIST.
  16. Pearce, M., Zeadally, S., and Hunt, R. (2013). Virtualization: Issues, security threats, and solutions. ACM Computing Surveys (CSUR), 45(2):17.
  17. Schoo, P., Fusenig, V., Souza, V., Melo, M., Murray, P., Debar, H., Medhioub, H., and Zeghlache, D. (2011). Challenges for cloud networking security. In MNM.
  18. Sun, Q. and Hu, Z. (2012). Security for networks virtual access of cloud computing. In MINES'2012.
Download


Paper Citation


in Harvard Style

M. Barros B., H. Iwaya L., A. Simplício Jr. M., C. M. B. Carvalho T., Méhes A. and Näslund M. (2015). Classifying Security Threats in Cloud Networking . In Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-104-5, pages 214-220. DOI: 10.5220/0005489402140220


in Bibtex Style

@conference{closer15,
author={Bruno M. Barros and Leonardo H. Iwaya and Marcos A. Simplício Jr. and Tereza C. M. B. Carvalho and András Méhes and Mats Näslund},
title={Classifying Security Threats in Cloud Networking},
booktitle={Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2015},
pages={214-220},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005489402140220},
isbn={978-989-758-104-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Classifying Security Threats in Cloud Networking
SN - 978-989-758-104-5
AU - M. Barros B.
AU - H. Iwaya L.
AU - A. Simplício Jr. M.
AU - C. M. B. Carvalho T.
AU - Méhes A.
AU - Näslund M.
PY - 2015
SP - 214
EP - 220
DO - 10.5220/0005489402140220