Cloud Security: Services, Risks, and a Case Study on Amazon Cloud Services

Patrick Mosca; Yanping Zhang; Zhifeng Xiao; Yun Wang

doi:10.4236/ijcns.2014.712053

International Journal of Communications, Network and System Sciences > Vol.7 No.12, December 2014

Cloud Security: Services, Risks, and a Case Study on Amazon Cloud Services

Patrick Mosca¹, Yanping Zhang¹, Zhifeng Xiao², Yun Wang³
¹Department of Computer Science, Gonzaga University, Spokane, USA.
²Department of Computer Science & Software Engineering, Penn State Erie, Erie, USA.
³Department of Computer Science and Information Systems, Bradley University, Peoria, USA.
DOI: 10.4236/ijcns.2014.712053 PDF HTML XML 8,729 Downloads 15,336 Views Citations

Abstract

Recent advances have witnessed the success and popularity of cloud computing, which represents a new business model and computing paradigm. The feature of on-demand provisioning of computational, storage, and bandwidth resources has driven modern businesses into cloud services. The cloud is considered cutting edge technology and it is solely relied on by many large technology, business, and media companies such as Netflix or Salesforce.com. However, in addition to the benefit at hand, security issues have been a long-term concern for cloud computing and are the main barriers of the widespread use of cloud computing. In this paper, we briefly describe some basic security concerns that are of particular interest to cloud technology. We investigate some of the basic cloud concepts and discuss cloud security issues. Amazon Web Services is used as a case study for discussing common cloud terminology. Data security, as well as some cloud specific attacks is introduced. The current state and the future progression of cloud computing is discussed.

Keywords

Could Computing, Security, Amazon, Cloud Storage

Share and Cite:

Mosca, P. , Zhang, Y. , Xiao, Z. and Wang, Y. (2014) Cloud Security: Services, Risks, and a Case Study on Amazon Cloud Services. International Journal of Communications, Network and System Sciences, 7, 529-535. doi: 10.4236/ijcns.2014.712053.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	Xiao, Z. and Xiao, Y. (2013) Security and Privacy in Cloud Computing. IEEE Communications Surveys & Tutorials, 15, 843-859.
[2]	Cloud Security Alliance (2010) Top Threat to Cloud Computing. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
[3]	Amazon: Amazon Glacier. http://aws.amazon.com/glacier/
[4]	Quarks Lab (2013) iMessage Privacy. http://blog.quarkslab.com/imessage-privacy.html
[5]	Mutch, J. (2010) How to Steal Data from the Cloud. http://www.cloudbook.net/resources/stories/how-to-steal-data-from-the-cloud
[6]	Yorozu, Y., Hirano, M., Oka, K. and Tagawa, Y. (1982) Electron Spectroscopy Studies on Magneto-Optical Media and Plastic Substrate Interface. IEEE Translation Journal on Magnetics in Japan, 2, 740-741.
[7]	Amazon: Service Level Agreement. http://aws.amazon.com/ec2-sla/
[8]	Kirchgaessner, S. (2013) Cloud Storage Carries Potent Security Risk. http://www.ft.com/cms/s/0/4729ed7c-3722-11e3-9603-00144feab7de.html
[9]	Lemos, R. (2012) Insecure API Implementations Threaten Cloud. http://www.darkreading.com/cloud/insecure-api-implementations-threaten-cl/232900809
[10]	Lemos, R. (2013) Vulnerable APIs Continue to Pose Threat to Cloud. http://www.darkreading.com/services/vulnerable-apis-continue-to-pose-threat/240146453
[11]	Porticor Cloud Security (2013) Did Snowden Compromise the Future of Cloud Security? http://www.porticor.com/2013/07/cloud-security-snowden/
[12]	Amazon: Amazon Web Services. http://aws.amazon.com
[13]	SilverSky (2013) The Future of Cloud Computing and the Latest Security Threats. https://www.silversky.com/blog/the-future-of-cloud-computing-and-the-latest-security-threats
[14]	Columbia University (2012) Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud. http://www.cs.columbia.edu/~angelos/Papers/2012/Fog_Computing_Position_Paper_WRIT_2012.pdf
[15]	Amazon: Amazon Machine Image (AMI). http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
[16]	Amazon: Amazon EBS. http://aws.amazon.com/ebs/
[17]	Amazon: Amazon EBS Product Details. http://aws.amazon.com/ebs/details/#snapshots
[18]	Amazon: Amazon EC2 Instance Store. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html
[19]	MailChimp (2014) About API Keys. http://kb.mailchimp.com/accounts/management/about-api-keys
[20]	Janssen, C. Full-Disk Encryption (FDE). http://www.techopedia.com/definition/13623/full-disk-encryption-fde
[21]	Cover, R. (2010) Security Assertion Markup Language (SAML). http://xml.coverpages.org/saml.html
[22]	United Sates Department of Veterans Affairs (2014) Keyed-Hash Message Authentication Code (HMAC). http://www.va.gov/trm/StandardPage.asp?tid=5296
[23]	Goodin, D. (2009) Zeus Bot Found Using Amazon’s EC2 as C&C Server. http://www.theregister.co.uk/2009/12/09/amazon_ec2_bot_control_channel/
[24]	Nahorney, B. and Nicolas, F. (2010) Trojan.Zbot. http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99
[25]	Acunetix: Cross Site Scripting Attack. https://www.acunetix.com/websitesecurity/cross-site-scripting/
[26]	Amazon: Multi-Factor Authentication. http://aws.amazon.com/iam/details/mfa/
[27]	The Guardian: The NSA Files. http://www.theguardian.com/world/the-nsa-files
[28]	SilverSky (2013) About Us. https://www.silversky.com/about-us

Journals Menu

Follow SCIRP

	customer@scirp.org
	+86 18163351462(WhatsApp)
	1655362766

	Paper Publishing WeChat

Journals Menu

Home

About SCIRP

Service

Policies