Abstract:

Security is perhaps the most dominant concern for accelerated and widespread acceptance of the emerging cloud computing paradigm. This paradigm is essentially an evolution of multi-tenancy and remote computing architecture. It is therefore not surprising that resource sharing, virtualization, cross-site scripting, malware, and similar concepts may result in increased risk and security vulnerabilities. Some of these vulnerabilities arise from the distributed nature of cloud computing. From this category, we will discuss insecure APIs, distributed denial of service attacks. To provide confidentiality and authentication services, the public key infrastructure is extensively used by the cloud servers and clients. In this work, we will discuss their potential flaws that may be inherited by the cloud environments. To facilitate a systemic approach to addressing the challenges in securing the cloud computing environments, we categorize their vulnerabilities and the threats they face. We then focus on issues in achieving data confidentiality through symmetric key cryptography. Illustrating the inefficiencies of this approach, we argue that data-centric and homomorphic encryption methodologies can provide solutions that are more suitable for cloud computing paradigms.