Skip to main content

Table 2 Vulnerabilities in cloud computing

From: An analysis of security issues for cloud computing

ID Vulnerabilities Description Layer
V01 Insecure interfaces and APIs Cloud providers offer services that can be accessed through APIs (SOAP, REST, or HTTP with XML/JSON) [42]. The security of the cloud depends upon the security of these interfaces [16]. Some problems are: SPI
a) Weak credential
b) Insufficient authorization checks
c) Insufficient input-data validation
Also, cloud APIs are still immature which means that are frequently updated. A fixed bug can introduce another security hole in the application [54].
V02 Unlimited allocation of resources Inaccurate modeling of resource usage can lead to overbooking or over-provisioning [17]. SPI
V03 Data-related vulnerabilities a) Data can be colocated with the data of unknown owners (competitors, or intruders) with a weak separation [36] SPI
b) Data may be located in different jurisdictions which have different laws [19, 54, 55]
c) Incomplete data deletion – data cannot be completely removed [19, 20, 25, 56]
d) Data backup done by untrusted third-party providers [56, 57]
e) Information about the location of the data usually is unavailable or not disclosed to users [25]
f) Data is often stored, processed, and transferred in clear plain text
V04 Vulnerabilities in Virtual Machines a) Possible covert channels in the colocation of VMs [48, 58, 59] I
b) Unrestricted allocation and deallocation of resources with VMs [57]
c) Uncontrolled Migration - VMs can be migrated from one server to another server due to fault tolerance, load balance, or hardware maintenance [42, 44]
d) Uncontrolled snapshots – VMs can be copied in order to provide flexibility [12], which may lead to data leakage
e) Uncontrolled rollback could lead to reset vulnerabilities - VMs can be backed up to a previous state for restoration [44], but patches applied after the previous state disappear
f) VMs have IP addresses that are visible to anyone within the cloud - attackers can map where the target VM is located within the cloud (Cloud cartography [58])
V05 Vulnerabilities in Virtual Machine Images a) Uncontrolled placement of VM images in public repositories [24] I
b) VM images are not able to be patched since they are dormant artifacts [44]
V06 Vulnerabilities in Hypervisors a) Complex hypervisor code [60] I
b) Flexible configuration of VMs or hypervisors to meet organization needs can be exploited
V07 Vulnerabilities in Virtual Networks Sharing of virtual bridges by several virtual machines [51] I