Attacking the cloud from an insider perspective

Abstract

In this paper, we study how an insider such as, the administrator of a cloud service provider, can compromise guest machines in a IaaS cloud structure in order to obtain data from the guests and even achieve code execution. Moreover, we present results obtained by the implementation of such attacks. In general, our results show that cloud infrastructures are susceptible to various types of attacks. Therefore, the choice of a trustworthy service provider is paramount when using public cloud infrastructures.