Cloud Security: Attacks, Techniques, Tools, and Challenges

✍ Scribed by Preeti Mishra, Emmanuel S Pilli, R C Joshi

Publisher: Chapman and Hall/CRC
Year: 2021
Tongue: English
Leaves: 243
Edition: 1
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

Cloud computing has gained paramount attention and most of the companies are adopting this new paradigm and gaining significant benefits. As number of applications and business operations are being facilitated by the cloud computing paradigm, it has become the potential target to attackers. The importance of well-organized architecture and security roles have become greater with the growing popularity.

Cloud Security: Attacks, Techniques, Tools, and Challenges, provides an in-depth technical description about various key essential aspects of cloud security. We have endeavored to provide a technical foundation that will be practically useful not just for students and independent researchers but also for professional cloud security analysts for conducting security procedures, and all those who are curious in the field of cloud security

The book offers comprehensive coverage of the most essential topics, including:

Basic fundamentals of Cloud Computing

Cloud security concepts, vulnerabilities, security standards and reference models

Cloud security goals, key issues and privacy requirements

Threat model, detailed taxonomy of cloud attacks, Attack feature analysis – case study

A detailed taxonomy of IDS techniques and Cloud Intrusion Detection Systems (IDS)

Attack and security tools, LibVMI – case study

Advanced approaches: Virtual Machine Introspection (VMI) and Hypervisor Introspection (HVI)

Container security: threat model, attacks and defense systems

This book is intended for both academic and professional audience. It could also be used as a textbook, for a semester course at undergraduate and post graduate level in Computer Science, Information Technology, Information Security, and Information Science & Management. The book serves as basic reference volume for researchers in cloud security. It will be useful to practitioners, cloud security team, and the cloud security auditor as well. To get the most out of this book, the reader should have a working knowledge of various operating system environments, hypervisors, cloud computing fundamentals, programming languages like Python and a working knowledge of security tools.

✦ Table of Contents

Cover
Half Title
Title Page
Copyright Page
Dedication
Contents
Preface
Acknowledgment
List of Figures
List of Tables
Author Bios
I. Fundamentals: Cloud Computing and Security
1. Introduction to Cloud Computing
1.1. Introduction
1.2. History and Underlying Technologies
1.2.1. Mainframe computing
1.2.2. Cluster computing
1.2.3. Grid computing
1.2.4. Distributed and parallel computing
1.2.5. Virtualization
1.2.6. Web 2.0
1.2.7. Service-oriented computing (SOC)
1.2.8. Utility computing
1.3. Definitions and Characteristics
1.4. Cloud Service Models
1.4.1. Software-as-a-service (SaaS)
1.4.2. Platform-as-a-service (PaaS)
1.4.3. Infrastructure-as-a-service (IaaS)
1.5. Cloud Deployment Models
1.5.1. Private cloud
1.5.2. Public cloud
1.5.3. Community cloud
1.5.4. Hybrid cloud
1.6. Cloud Service Platforms
1.6.1. Amazon web service (AWS)
1.6.2. Microsoft azure
1.6.3. Google cloud platform
1.6.4. IBM cloud
1.6.5. Adobe creative cloud
1.6.6. Kamatera
1.6.7. VMware
1.6.8. Rackspace
1.7. Challenges Ahead
1.7.1. Virtual machine migration
1.7.2. Interoperability and standards
1.7.3. Security and privacy
1.7.4. Energy management
1.7.5. Accessibility issues
1.8. Conclusion
1.9. Questions
2. Introduction to Cloud Security
2.1. Introduction
2.1.1. Vulnerabilities present in cloud
2.1.2. Need of cloud security
2.2. Cloud Security Concepts
2.2.1. Multi-tenancy
2.2.2. Virtualization
2.2.3. Data outsourcing
2.2.4. Trust management
2.2.5. Metadata security
2.3. Cloud Security Standards
2.3.1. Information technology infrastructure library (ITIL)
2.3.2. Control objectives for information and related technology (COBIT)
2.3.3. ISO/IEC 20000
2.3.4. Statement on standards for attestation engagement (SSAE)
2.3.5. Cloud security alliance (CSA) cloud controls matrix
2.4. CSA Cloud Reference Model
2.5. NIST Cloud Reference Model
2.5.1. Architectural components of consumer
2.5.2. Architectural components of CSP
2.5.3. Architectural components of broker
2.5.4. Architectural components of carrier
2.5.5. Architectural components of auditor
2.6. Conclusion
2.7. Questions
3. Cloud Security and Privacy Issues
3.1. Introduction
3.2. Cloud Security Goals/Concepts
3.2.1. Confidentiality
3.2.2. Integrity
3.2.3. Availability
3.2.4. Authentication
3.2.5. Authorization
3.2.6. Auditing
3.2.7. Access control
3.3. Cloud Security Issues
3.3.1. Application level security issues
3.3.2. Network level security issues
3.3.3. Virtualization level security issues
3.3.4. Data security
3.3.5. Identity management and access control
3.3.6. Improper cryptographic keys management
3.3.7. Service level agreement (SLA)
3.3.8. Regular audit and compliances
3.3.9. Cloud and CSP migration, SLA and trust level issues
3.3.10. Hardware-level security issues
3.4. Security Requirements for Privacy
3.4.1. Fine-grained access control
3.4.2. Privacy-preserving
3.4.3. Collision resistance
3.5. Privacy Issues in Cloud
3.5.1. Defining roles to actors
3.5.2. Compliance
3.5.3. Legal issues and multi-location issues
3.5.4. Privacy issues on CIA
3.5.5. Protection of the data
3.5.6. User control lacking
3.5.7. Data movement
3.6. Conclusion
3.7. Questions
II. Threat Model, Attacks, Defense Systems, and Security Techniques
4. Threat Model and Cloud Attacks
4.1. Introduction
4.2. Threat Model
4.2.1. Type of attack entities
4.2.2. Attack surfaces with attack scenarios
4.3. A Taxonomy of Attacks
4.3.1. VMAT: Virtual machines-level attacks
4.3.2. VMMAT: Virtual machine monitor-level attacks
4.3.3. HWAT: Peripheral–level attacks
4.3.4. VSWAT: Virtual storage-level attacks
4.3.5. TENAT: Tenant network-level attacks
4.4. Case Study: Description of Features for Attack Analysis Based on Dataset
4.4.1. Fuzzers
4.4.2. Analysis
4.4.3. Backdoor
4.4.4. Exploits
4.4.5. Generic
4.4.6. Reconnaissance
4.4.7. Shellcode
4.4.8. Worms
4.5. Conclusion
4.6. Questions
5. Classification of Intrusion Detection Systems in Cloud
5.1. Introduction
5.2. TVM-based Intrusion Detection System
5.3. Hypervisor-based Intrusion Detection System
5.4. Network-based Intrusion Detection System
5.5. Distributed Intrusion Detection System
5.6. Research Challenges
5.7. Conclusion
5.8. Questions
6. Intrusion Detection Techniques in Cloud
6.1. Introduction
6.2. Taxonomy of IDS Techniques
6.2.1. Misuse detection techniques
6.2.2. Anomaly detection techniques
6.2.3. Virtual machine introspection (VMI) techniques
6.2.4. Hypervisor introspection-based techniques
6.2.5. Hybrid techniques
6.3. Conclusion
6.4. Questions
III. Tools and Advances
7. Overview of Tools (Attack/Security) in Cloud
7.1. Introduction
7.2. Attack Tools
7.2.1. Network-level attack tools
7.2.2. VM-level attack tools
7.2.3. VMM attack tools
7.3. Security Tools
7.3.1. Network security tools
7.3.2. VM security tool
7.3.3. VMM security tools
7.4. Case Study of LibVMI: A Virtualziation-Specific Tool
7.4.1. Check the system configurations
7.4.2. Install KVM and necessary dependencies
7.4.3. Creating a virtual machine
7.4.4. Install LibVMI tool and necessary dependencies
7.5. Conclusion
7.6. Questions
8. Virtual Machine Introspection and Hypervisor Introspection
8.1. Introduction
8.2. Virtual Machine Introspection (VMI)
8.2.1. VM hook based
8.2.2. VM-state information based
8.2.3. Hypercall verification based
8.2.4. Guest OS kernel debugging based
8.2.5. VM interrupt analysis based
8.3. Hypervisor Introspection (HVI)
8.3.1. Nested virtualization
8.3.2. Code integrity checking using hardware-support
8.3.3. Memory integrity checking using hardware/software support
8.3.4. Revisiting the VMM design
8.3.5. VM-assisted hypervisor introspection
8.4. Conclusion
8.5. Questions
9. Container Security
9.1. Introduction
9.2. Threat Model in Containerized Environment
9.2.1. Attacks in containers
9.3. Defense Mechanisms
9.4. Case Study on SQL Injection Attack in Containers
9.4.1. Part-A-test bed set up
9.4.2. PART B: Attacking launching and malicious logs extraction
9.5. Open Research Challenges for Container Security
9.6. Conclusion
9.7. Questions
Bibliography
Index

📜 SIMILAR VOLUMES

Securing the Cloud: Cloud Computer Secur

📁 Securing the Cloud: Cloud Computer Security Techniques and Tactics

✍ Graham Speake, Patrick Foxhoven 📂 Library 📅 2011 🏛 Elsevier Science Technology 🌐 English

As companies turn to burgeoning cloud computing technology to streamline and save money, security is a fundamental concern. Loss of certain control and lack of trust make this transition difficult unless you know how to handle it. Securing the Cloud discusses making the move to the cloud while secur

Securing the cloud : cloud computer secu

📁 Securing the cloud : cloud computer security techniques and tactics

✍ J R Winkler 📂 Library 📅 2011 🏛 Elsevier 🌐 English

Cloud Security: Techniques and Applicati

📁 Cloud Security: Techniques and Applications

✍ Sirisha Potluri (editor); Katta Subba Rao (editor); Sachi Nandan Mohanty (editor 📂 Library 📅 2021 🏛 De Gruyter 🌐 English

<p>This book presents research on the state-of-the-art methods and applications. Security and privacy related issues of cloud are addressed with best practices and approaches for secure cloud computing, such as cloud ontology, blockchain, recommender systems, optimization strategies, data security,

Information Technology. Security Techniq

📁 Information Technology. Security Techniques. Physical Security Attacks, Mitigation Techniques and Security Requirements

📂 Scientific

Cloud Computing Security: Foundations an

📁 Cloud Computing Security: Foundations and Challenges

✍ John R. Vacca (editor) 📂 Library 📅 2020 🏛 CRC Press 🌐 English

<p>This handbook offers a comprehensive overview of cloud computing security technology and implementation while exploring practical solutions to a wide range of cloud computing security issues. As more organizations use cloud computing and cloud providers for data operations, the need for proper se

Cloud Computing Security: Foundations an

📁 Cloud Computing Security: Foundations and Challenges

✍ John R. Vacca 📂 Library 📅 2016 🏛 CRC Press 🌐 English

This handbook offers a comprehensive overview of cloud computing security technology and implementation, while exploring practical solutions to a wide range of cloud computing security issues. With more organizations using cloud computing and cloud providers for data operations, proper security in t