Threat | Vulnerabilities | Incidents | Countermeasures |
---|---|---|---|
T01 | V01 | An attacker can use the victim’s account to get access to the target’s resources. | Identity and Access Management Guidance [65] |
Dynamic credential [66] | |||
T02 | V03a, V03c | Data from hard drives that are shared by several customers cannot be completely removed. | Specify destruction strategies on Service-level Agreements (SLAs) |
T03 | V03a, V03c, V03d, V03f, V04a-f, V05a, V07 | Authors in [58] illustrated the steps necessary to gain confidential information from other VMs co-located in the same server as the attacker. | FRS techniques [67] |
Digital Signatures [68] | |||
Side channel [69] | Encryption [69] | ||
Homomorphic encryption [70] | |||
T04 | V01, V02 | An attacker can request more computational resources, so other legal users are not able to get additional capacity. | Cloud providers can force policies to offer limited computational resources |
T05 | V01 | Some examples are described in [32] such as SQL, command injection, and cross-site scripting | Web application scanners [71] |
T06 | V06a, V06b | A zero-day exploit in the HyperVM virtualization application that destroyed about 100,000 websites [72] | HyperSafe [60] |
TCCP (Trusted Cloud | |||
Computing Platform) [63] | |||
T07 | V04b, V06b | [75] presents a study that demonstrates security flaws in most virtual machines monitors | |
T08 | V05a, V05b | An attacker can create a VM image containing malware and publish it in a public repository. | Mirage [49] |
T09 | V04d | [76] has empirically showed attacks against the migration functionality of the latest version of the Xen and VMware virtualization products. | PALM [64] |
TCCP [63] | |||
VNSS [52] | |||
T10 | V07 | Sniffing and spoofing virtual networks [51] | Virtual network framework based on Xen network modes: “bridged” and “routed” [51] |