Analysing threats in cloud storage

Cloud storage is becoming an option for users in keeping their data online, but it comes with the security threats and challenges of protecting their data from threats. Many security frameworks have been suggested by existing studies, governing bodies, industry standards etc. as guidelines to be implemented by cloud service providers (CSPs) but the complete set of controls cannot be fully implemented due to several challenges such as decreasing availability, less user convenience, need of a robust infrastructure etc. Therefore, there is a need to investigate the security requirements and threats which will enable efficient security protection to protect data in cloud storage. This paper will discuss security requirements and analyses existing cloud security threats. The threats will be modelled in a cloud storage scenario. Future work will involve confirming the security framework using a triangulation method. This will involve confirming the idea with experts and simulations of the designated security requirements on cloud storage that will be used to test the framework.

[1]  William Yurcik,et al.  Threat Modeling as a Basis for Security Requirements , 2005 .

[2]  Nils Gruschka,et al.  Attack Surfaces: A Taxonomy for Attacks on Cloud Services , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[3]  Farzad Sabahi,et al.  Cloud computing security threats and responses , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[4]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[5]  Gail-Joon Ahn,et al.  SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[6]  Sajjad Haider,et al.  Security threats in cloud computing , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[7]  David Brumley Invisible Intruders: Rootkits in Practice , 2015, login Usenix Mag..

[8]  Ryan K. L. Ko,et al.  Cloud computing vulnerability incidents: a statistical overview , 2013 .

[9]  Mahdi Aiash,et al.  Exploring a New Security Framework for Cloud Storage Using Capabilities , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[10]  Andrzej M. Goscinski,et al.  Toward a Framework for Cloud Security , 2010, ICA3PP.

[11]  Donald Firesmith,et al.  Specifying Reusable Security Requirements , 2004, J. Object Technol..

[12]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[13]  Cong Wang,et al.  Toward publicly auditable secure cloud data storage services , 2010, IEEE Network.