by Daniel S
Cloud is composed of two sections – the user and the cloud. Cloud is possible due to “virtualization” which is the cloud’s central technology. Software-as-a-service (SaaS) is the most common form of cloud. Just Enough Operating System (JeOS) is another form of cloud where cloud handles most of the users tasks. Cloud computing has many security concerns. The following are all areas of concern for cloud’s security: XML signatures, browser security, denial of service, reputation fate sharing, side channel, loose control over data, and dependence on internet. XML signatures are used to ensure the authenticity of data within the “simple object access protocol (SOAP)”. This is an area for security concern because an attacker can duplicate a fragment of XML and add additional codes to control the computer to do what the attacker wants it to do. This is called “wrapper attack”. Browser security is another problem. Often times, “phishing” is used to steal log in information. Denial-of-Service (DOS) attacks happen when the attacker overloads the server with so many requests that the server ends up having too many requests to tend to and gets slowed down. Reputation fate sharing is where one hardware is shared amongst many users. Security risk depends on how it is abused by the users. Side channels is where information is channeled from one machine to another. Loosing control over data is another security risk. With PCs, there is control over how data is stored. With cloud, a third party is in total control of the data storage on the server. There has to be a certain level of trust between the user and the provider. The user has to trust the provider not to share information stored on the server and especially not to sell the information to other third parties. Dependence of the Internet increases as application numbers increase and the more we use cloud. This can be a security issue because if there is a major virus out, it could disable the Internet for many users.
Source: Roberts II, John, C., & Al-Hamdani,Wasim , (September 2011). Who can you trust in the cloud?: A review of security issues within cloud computing. [Electronic version]. Communications of the ACM, 15-19. Retrieved from http://0-delivery.acm.org.opac.library.csupomona.edu/10.1145/2050000/2047458/p15-roberts.pdf?ip=184.108.40.206&acc=ACTIVE SERVICE&CFID=75253128&CFTOKEN=98642440&__acm__=1333326121_78f59356dbbc5bf9318a4f7f1a3c16ff
This article relates to the class blog assignment for week one as it discusses the vulnerabilities and security issues with cloud computing. It discusses in details different types of vulnerabilities, and also defines different terms with cloud computing.
I thought the article I picked was very interesting because it taught me more security vulnerabilities than I ever knew of. Cloud computing is the next generation of computing. I always had the assumption that we will see more and more clouds in cell phones. Apple for example, allows you to back-up your cell phone data in the cloud. Possibly down the line, instead of being able to purchase different memory capacity in cell phones, that you will be able to buy various capacity of cloud space. It is important to understand not only where your data is, but also to know possible vulnerabilities and security issues that is with cloud computing.