Taxonomy & Analysis of Cloud Computing Vulnerabilities through Attack Vector, CVSS and Complexity Parameter

Abstract

The world is witnessing an exceptional expansion in the cloud enabled services which is further growing day by day due to advancement & requirement of technology. However, the identification of vulnerabilities & its exploitation in the cloud computing will always be the major challenge and concern for any cloud computing system. To understand the challenges and its consequences and further provide mitigation techniques for the vulnerabilities, the identification of cloud specific vulnerabilities needs to be examined first and after identification of vulnerabilities a detailed taxonomy must be positioned. In this paper several cloud specific identified vulnerabilities have been studied which is listed by the NVD, ENISA CSA etc accordingly a unified taxonomy for security vulnerabilities has been prepared. In this paper we proposed a comprehensive taxonomy for cloud specific vulnerabilities on the basis of several parameters like attack vector, CVSS score, complexity etc which will be further act as input for the analysis and mitigation of cloud vulnerabilities. Scheming of Taxonomy of vulnerabilities is an effective way for cloud administrators, cloud mangers, cloud consumers and other stakeholders for identifying, understanding and addressing security risks.