Issue No.02 - March/April (2011 vol.9)
Bernd Grobauer , Siemens
Tobias Walloschek , Siemens
Elmar Stöcker , Siemens
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.115
The current discourse about cloud computing security issues makes a well-founded assessment of cloud computing's security impact difficult for two primary reasons. First, as is true for many discussions about risk, basic vocabulary such as "risk," "threat," and "vulnerability" are often used as if they were interchangeable, without regard to their respective definitions. Second, not every issue that's raised is really specific to cloud computing. We can achieve an accurate understanding of the security issue "delta" that cloud computing really adds by analyzing how cloud computing influences each risk factor. One important factor concerns vulnerabilities: cloud computing makes certain well-understood vulnerabilities more significant and adds new vulnerabilities. Here, the authors define four indicators of cloud-specific vulnerabilities, introduce a security-specific cloud reference architecture, and provide examples of cloud-specific vulnerabilities for each architectural component.
Risk management, software engineering, emerging technologies, cloud computing, computer systems organization, security, network security
Bernd Grobauer, Tobias Walloschek, Elmar Stöcker, "Understanding Cloud Computing Vulnerabilities", IEEE Security & Privacy, vol.9, no. 2, pp. 50-57, March/April 2011, doi:10.1109/MSP.2010.115