Manipulating and delivering data in heterogeneous environments such as those underlying cloud systems is a critical task because of confidentiality issues. Cloud technology remains vulnerable to data leakage attacks due to its applications in gathering information about multiple independent entities (e.g. end users and VMs) and sharing cloud resources. Furthermore, the number of threats are increased when the cloud users are using cloud computing services compared to PC users, due to loss of control, privacy and outsourced data storage. Consequently, hackers exploit security vulnerabilities to launch attacks to take advantage of sensitive data such as secret keys. When data is manipulated and shared between different parties in cloud systems, it will be vulnerable to threats in cloud systems. This chapter explores data vulnerability throughout its life cycle to categorise existing data leakage attack techniques in terms of where they can be implemented and what can be stolen in this untrusted environment, and also classifies data leakage attack techniques according to the type of data, such as files and secret keys. Furthermore, this study explores core technologies upon which cloud computing is built, such as the web, virtualisation and cryptography, and their vulnerabilities prone to such attacks. We also propose existing data leakage detection and protection techniques to mitigate and alleviate such attacks.

Chapter Contents:

• Abstract
• 9.1 Introduction
• 9.2 Data state and vulnerabilities
• 9.2.1 Data-At-Rest
• 9.2.2 Data-In-Motion
• 9.2.3 Data-In-Use
• 9.3 Core technology vulnerabilities in cloud computing
• 9.3.1 Web technology
• 9.3.2 Virtualisation technology
• 9.3.3 Cryptography
• 9.4 Side and covert channel attack classification
• 9.4.1 Targeted data types
• 9.4.1.1 Cryptographic keys
• 9.4.1.2 Files
• 9.4.2 Source of leakage
• 9.4.2.1 CPU architecture
• 9.4.2.2 Timing
• 9.4.2.3 CPU power consumption
• 9.4.2.4 Page sharing
• 9.4.2.5 Shared library
• 9.4.3 Types of channel attacks
• 9.4.3.1 Covert-channel attacks
• 9.4.3.2 Side-channel attacks
• 9.4.4 Techniques
• 9.4.5 A generic attack model
• 9.5 Mitigation countermeasures
• 9.5.1 OS level
• 9.5.2 Application level
• 9.5.3 Hardware level
• 9.5.4 Analysis or profile-based detection
• 9.6 Conclusion
• References

Inspec keywords: data privacy; cloud computing; security of data

Other keywords: cloud resource sharing; data manipulation; data leakage detection; data vulnerability; untrusted environment; data confidentiality; data storage; cloud systems; cloud computing services; data privacy; data leakage attack; security vulnerabilities

Subjects: Internet software; Data security