Security Flaws and Design Issues in Cloud Infrastructure

Abstract

Information security plays a vital role in cloud computing. Sensitive information should be kept in secure mode for providing integrity and confidentiality from insiders and outsiders. An insider is an employee who has legitimate access to cloud resources which are hosted at cloud data center. They can perform malicious activities on consumer sensitive data with or without malicious intent. This security beach is obvious and the provider needs to protect from such attacks. In this chapter, insider attacks are demonstrated with empirical approach to breach consumer-sensitive data. In this chapter, the authors present the threat models where an insider can manipulate user VMs in the node controller of cloud platform. Here, they assume that cloud service provider is malicious and cloud consumer does not have any security constraints to access their cloud assets. The model described two locations in the cloud infrastructure.