1. escape threats and covert channel

Escape the threat is under the control of a virtualized application has been (VM) premise, by using a variety of virtual system security vulnerabilities, to further expand the penetration of other VM Hypervisor even, make the Hypervisor level, other virtualization applications install back door, DDoS, etc. attack. Because of such threats and related communication takes place between the various VM virtual machines or more, and most are on the same physical entity, do not go through security gateways, hardware firewalls and other security equipment, namely due to the sharing of hardware between virtual machines resources caused by covert channels, simply can not be detected by conventional protection and protective equipment. The lack of visibility into virtualized environment for inter-VM traffic is a major security challenges we face.

2. Web security vulnerabilities

Cloud computing services to promote the Internet Web trend, the Internet is an open, non-control mechanism network, and compared to traditional security vulnerabilities operating system, database, C / S system, application level security issues more prominent, multi-client, virtualization, dynamic, complex business logic service, user participation, these web2.0 and cloud services network security features would mean a huge challenge, even disaster. Cloud computing security issues must also be considered more complex than the network security issues.

3. Denial of Service Attack

Due to large-scale and high-performance cloud platform, once suffered DDoS attacks, cloud platform’s ability to provide technical means to deal with, so that normal applications are not affected, is an important indicator of evaluating cloud computing platform. DoS and DDoS denial of service attacks, while not unique to cloud services. However, cloud services technology environment, the key core data units, and if left intranet services migrate to the cloud service center, more applications and integrated business began to rely on the Internet, the consequences of denial and destruction will serve significantly more than the traditional network environment. Therefore, the availability of the service at any time and the data itself is not only a very important safety indicators and quality assurance in the presence of a malicious attack environment will cause its complexity is greatly increased. How to prevent DDoS attacks disrupt normal application is a big challenge.

4. The internal data leakage and abuse

In contrast, the application installed in existing internal environment is more readily accessible for inspection, but also have a perfect inspection techniques, however, cloud computing applications installed on the outside if not properly protected, these data may be illegally from external cloud computing leak, and the difficulty of checking its very large. When the user’s sensitive data processed in the cloud, critical data and business applications unit in cloud platform IT systems. In a multiuser environment, the cloud platform is difficult to provide the same individual customer environments and related resource isolation level security, users can not risk direct control, data owner can not control, do not even know where data is stored, more different levels of computing tasks may run on one or more machines. Effective protection of cloud service providers to manage their own internal security and segregation of duties system, security audit, to avoid the potential risks of cloud computing environments to coexist bring more customers, security concerns have become a major cloud computing users in the environment.

5. Identity Management

The level of protection, the main object of certification, mandatory access control – direct the focus of discussion in a cloud environment if impractical to solve these two problems, widely used cloud is not realistic. In order to secure the data was originally placed inside the firewall, now on the external cloud computing environment, how to use the service in a number of roles, management strategies, and effective management of multiple identities, identity identification are faced with significant security challenges. The identity of employees, customers, participants and workload of authentication, authorization and auditing cloud computing is the future direction of security.

6. interoperability between different cloud (portability)

For the reality of consideration, the domestic cloud platform to build a multi-country, private cloud-based industries, especially for important national information systems and networks, due to the current cloud computing has not yet formed a unified system of standardization in the industry, or whether it is cloud platform unified cloud services are not formed, which gives the development of cloud computing industry has brought a bottleneck, various units for their own cloud services to launch their own development platform and service standards, so that the interests of the many cloud application platform and service users and long-term development can not be guaranteed, greatly hindered the suitability of the inheritance and development of cloud computing and versatile alternative and software.

Ielab Li Qiang Wei