The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2011 vol.9)
pp: 50-57
Bernd Grobauer , Siemens
Elmar Stöcker , Siemens
ABSTRACT
The current discourse about cloud computing security issues makes a well-founded assessment of cloud computing's security impact difficult for two primary reasons. First, as is true for many discussions about risk, basic vocabulary such as "risk," "threat," and "vulnerability" are often used as if they were interchangeable, without regard to their respective definitions. Second, not every issue that's raised is really specific to cloud computing. We can achieve an accurate understanding of the security issue "delta" that cloud computing really adds by analyzing how cloud computing influences each risk factor. One important factor concerns vulnerabilities: cloud computing makes certain well-understood vulnerabilities more significant and adds new vulnerabilities. Here, the authors define four indicators of cloud-specific vulnerabilities, introduce a security-specific cloud reference architecture, and provide examples of cloud-specific vulnerabilities for each architectural component.
INDEX TERMS
Risk management, software engineering, emerging technologies, cloud computing, computer systems organization, security, network security
CITATION
Bernd Grobauer, Tobias Walloschek, Elmar Stöcker, "Understanding Cloud Computing Vulnerabilities", IEEE Security & Privacy, vol.9, no. 2, pp. 50-57, March/April 2011, doi:10.1109/MSP.2010.115
REFERENCES
1. ISO/IEC 27005:2007 Information Technology—Security Techniques—Information Security Risk Management, Int'l Org. Standardization, 2007.
2. P. Mell and T. Grance, "Effectively and Securely Using the Cloud Computing Paradigm (v0.25)," presentation, US Nat'l Inst. Standards and Technology, 2009; http://csrc.nist.gov/groups/SNScloud-computing .
3. European Network and Information Security Agency (ENISA), Cloud Computing: Benefits, Risks and Recommendations for Information Security, Nov. 2009; www.enisa.europa.eu/act/rm/files/deliverables/ cloud-computing-risk-assessment/at_download fullReport.
4. L. Youseff, M. Butrico, and D. Da Silva, "Towards a Unified Ontology of Cloud Computing," Proc. Grid Computing Environments Workshop (GCE), IEEE Press, 2008; doi: 10.1109/GCE.2008.4738443.
5. E. Grosse, "Security at Scale," invited talk, ACM Cloud Security Workshop (CCSW), 2010; http://wn.com2010_Google_Faculty_Summit_Security_at_Scale .
19 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool