Share This Article:

Cloud Security: Services, Risks, and a Case Study on Amazon Cloud Services

Abstract Full-Text HTML XML Download Download as PDF (Size:2622KB) PP. 529-535
DOI: 10.4236/ijcns.2014.712053    5,816 Downloads   8,450 Views   Citations

ABSTRACT

Recent advances have witnessed the success and popularity of cloud computing, which represents a new business model and computing paradigm. The feature of on-demand provisioning of computational, storage, and bandwidth resources has driven modern businesses into cloud services. The cloud is considered cutting edge technology and it is solely relied on by many large technology, business, and media companies such as Netflix or Salesforce.com. However, in addition to the benefit at hand, security issues have been a long-term concern for cloud computing and are the main barriers of the widespread use of cloud computing. In this paper, we briefly describe some basic security concerns that are of particular interest to cloud technology. We investigate some of the basic cloud concepts and discuss cloud security issues. Amazon Web Services is used as a case study for discussing common cloud terminology. Data security, as well as some cloud specific attacks is introduced. The current state and the future progression of cloud computing is discussed.

Conflicts of Interest

The authors declare no conflicts of interest.

Cite this paper

Mosca, P. , Zhang, Y. , Xiao, Z. and Wang, Y. (2014) Cloud Security: Services, Risks, and a Case Study on Amazon Cloud Services. International Journal of Communications, Network and System Sciences, 7, 529-535. doi: 10.4236/ijcns.2014.712053.

References

[1] Xiao, Z. and Xiao, Y. (2013) Security and Privacy in Cloud Computing. IEEE Communications Surveys & Tutorials, 15, 843-859.
[2] Cloud Security Alliance (2010) Top Threat to Cloud Computing.
https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
[3] Amazon: Amazon Glacier. http://aws.amazon.com/glacier/
[4] Quarks Lab (2013) iMessage Privacy. http://blog.quarkslab.com/imessage-privacy.html
[5] Mutch, J. (2010) How to Steal Data from the Cloud.
http://www.cloudbook.net/resources/stories/how-to-steal-data-from-the-cloud
[6] Yorozu, Y., Hirano, M., Oka, K. and Tagawa, Y. (1982) Electron Spectroscopy Studies on Magneto-Optical Media and Plastic Substrate Interface. IEEE Translation Journal on Magnetics in Japan, 2, 740-741.
[7] Amazon: Service Level Agreement. http://aws.amazon.com/ec2-sla/
[8] Kirchgaessner, S. (2013) Cloud Storage Carries Potent Security Risk.
http://www.ft.com/cms/s/0/4729ed7c-3722-11e3-9603-00144feab7de.html
[9] Lemos, R. (2012) Insecure API Implementations Threaten Cloud.
http://www.darkreading.com/cloud/insecure-api-implementations-threaten-cl/232900809
[10] Lemos, R. (2013) Vulnerable APIs Continue to Pose Threat to Cloud.
http://www.darkreading.com/services/vulnerable-apis-continue-to-pose-threat/240146453
[11] Porticor Cloud Security (2013) Did Snowden Compromise the Future of Cloud Security?
http://www.porticor.com/2013/07/cloud-security-snowden/
[12] Amazon: Amazon Web Services. http://aws.amazon.com
[13] SilverSky (2013) The Future of Cloud Computing and the Latest Security Threats.
https://www.silversky.com/blog/the-future-of-cloud-computing-and-the-latest-security-threats
[14] Columbia University (2012) Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud.
http://www.cs.columbia.edu/~angelos/Papers/2012/Fog_Computing_Position_Paper_WRIT_2012.pdf
[15] Amazon: Amazon Machine Image (AMI).
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
[16] Amazon: Amazon EBS. http://aws.amazon.com/ebs/
[17] Amazon: Amazon EBS Product Details. http://aws.amazon.com/ebs/details/#snapshots
[18] Amazon: Amazon EC2 Instance Store.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html
[19] MailChimp (2014) About API Keys. http://kb.mailchimp.com/accounts/management/about-api-keys
[20] Janssen, C. Full-Disk Encryption (FDE).
http://www.techopedia.com/definition/13623/full-disk-encryption-fde
[21] Cover, R. (2010) Security Assertion Markup Language (SAML). http://xml.coverpages.org/saml.html
[22] United Sates Department of Veterans Affairs (2014) Keyed-Hash Message Authentication Code (HMAC). http://www.va.gov/trm/StandardPage.asp?tid=5296
[23] Goodin, D. (2009) Zeus Bot Found Using Amazon’s EC2 as C&C Server.
http://www.theregister.co.uk/2009/12/09/amazon_ec2_bot_control_channel/
[24] Nahorney, B. and Nicolas, F. (2010) Trojan.Zbot.
http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99
[25] Acunetix: Cross Site Scripting Attack. https://www.acunetix.com/websitesecurity/cross-site-scripting/
[26] Amazon: Multi-Factor Authentication. http://aws.amazon.com/iam/details/mfa/
[27] The Guardian: The NSA Files. http://www.theguardian.com/world/the-nsa-files
[28] SilverSky (2013) About Us. https://www.silversky.com/about-us

  
comments powered by Disqus

Copyright © 2018 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.