In the last few years, research has been motivated to provide a categorization and classification of security concerns\naccompanying the growing adaptation of Infrastructure as a Service (IaaS) clouds. Studies have been motivated by\nthe risks, threats and vulnerabilities imposed by the components within the environment and have provided general\nclassifications of related attacks, as well as the respective detection and mitigation mechanisms. Virtual Machine\nIntrospection (VMI) has been proven to be an effective tool for malware detection and analysis in virtualized\nenvironments. In this paper, we classify attacks in IaaS cloud that can be investigated using VMI-based mechanisms.\nThis infers a special focus on attacks that directly involve Virtual Machines (VMs) deployed in an IaaS cloud. Our\nclassification methodology takes into consideration the source, target, and direction of the attacks. As each actor in a\ncloud environment can be both source and target of attacks, the classification provides any cloud actor the necessary\nknowledge of the different attacks by which it can threaten or be threatened, and consequently deploy adapted\nVMI-based monitoring architectures. To highlight the relevance of attacks, we provide a statistical analysis of the\nreported vulnerabilities exploited by the classified attacks and their financial impact on actual business processes.
Loading....