Analysis of cloud computing attacks and countermeasures

2016 18th International Conference on Advanced Communication Technology (ICACT) Pub Date : 2016-03-03 DOI:10.1109/ICACT.2016.7423296

Raja Jabir, S. Khanji, Liza Ahmad, O. Alfandi, Huwida E. Said

{"title":"Analysis of cloud computing attacks and countermeasures","authors":"Raja Jabir, S. Khanji, Liza Ahmad, O. Alfandi, Huwida E. Said","doi":"10.1109/ICACT.2016.7423296","DOIUrl":null,"url":null,"abstract":"Business enterprises are competing to get their applications up and running faster with improved manageability and less maintenance by reassigning the ability to IT specialists to adjust resources in order to meet business fluctuating needs. This can be achieved through utilizing the Cloud Computing Model which is distinguished by `pay as you go' model. The model offers solutions of storage, convenient and on-demand access to a shared pool of configurable computing resources. As with any novel technology, Cloud Computing is subject to security threats and vulnerabilities including network threats, information threats and underlying infrastructure threats. In this paper, we present a framework by which penetration testing is conducted to highlight possible vulnerabilities within our private Cloud Computing infrastructure, simulate attacks to exploit discovered vulnerabilities such as Denial of Service (DoS) and Man-in-the-Cloud attacks, apply countermeasures to prevent such attacks, and then to exemplify a recommended best practice protection mechanism which will contribute to the Cloud Computing security.","PeriodicalId":125854,"journal":{"name":"2016 18th International Conference on Advanced Communication Technology (ICACT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 18th International Conference on Advanced Communication Technology (ICACT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACT.2016.7423296","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 33

Abstract

Business enterprises are competing to get their applications up and running faster with improved manageability and less maintenance by reassigning the ability to IT specialists to adjust resources in order to meet business fluctuating needs. This can be achieved through utilizing the Cloud Computing Model which is distinguished by `pay as you go' model. The model offers solutions of storage, convenient and on-demand access to a shared pool of configurable computing resources. As with any novel technology, Cloud Computing is subject to security threats and vulnerabilities including network threats, information threats and underlying infrastructure threats. In this paper, we present a framework by which penetration testing is conducted to highlight possible vulnerabilities within our private Cloud Computing infrastructure, simulate attacks to exploit discovered vulnerabilities such as Denial of Service (DoS) and Man-in-the-Cloud attacks, apply countermeasures to prevent such attacks, and then to exemplify a recommended best practice protection mechanism which will contribute to the Cloud Computing security.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

云计算攻击及对策分析

业务企业正在通过将调整资源的能力重新分配给IT专家，以满足业务波动的需求，从而在提高可管理性和减少维护的情况下，竞相启动和运行应用程序。这可以通过利用云计算模型来实现，该模型的特点是“随用随付”模型。该模型提供了存储、方便和按需访问可配置计算资源共享池的解决方案。与任何新技术一样，云计算受到安全威胁和漏洞的影响，包括网络威胁、信息威胁和底层基础设施威胁。在本文中，我们提出了一个框架，通过该框架进行渗透测试，以突出私有云计算基础设施中可能存在的漏洞，模拟攻击以利用已发现的漏洞，如拒绝服务(DoS)和人在云中的攻击，应用对策来防止此类攻击，然后举例说明推荐的最佳实践保护机制，这将有助于云计算安全。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2016 18th International Conference on Advanced Communication Technology (ICACT)

自引率

0.00%

发文量