Classifying Security Threats in Cloud Networking Bruno M. Barros 1 , Leonardo H. Iwaya 1,2 , Marcos A. Simplicio Jr. 1 , Tereza C. M. B. Carvalho 1 , Andr´ as M´ ehes 3 and Mats N¨ aslund 3 1 Escola Polit´ ecnica, Universidade de S˜ ao Paulo, S˜ ao Paulo, Brazil 2 Karlstad University, Karlstad, Sweden 3 Ericsson Research, Stockholm, Sweden Keywords: Cloud Networking, Cloud Security, Security Threats, Security Taxonomy. Abstract: A central component of managing risks in cloud computing is to understand the nature of security threats. The relevance of security concerns are evidenced by the efforts from both the academic community and technolog- ical organizations such as NIST, ENISA and CSA, to investigate security threats and vulnerabilities related to cloud systems. Provisioning secure virtual networks (SVNs) in a multi-tenant environment is a fundamental aspect to ensure trust in public cloud systems and to encourage their adoption. However, comparing existing SVN-oriented solutions is a difficult task due to the lack of studies summarizing the main concerns of network virtualization and providing a comprehensive list of threats those solutions should cover. To address this issue, this paper presents a threat classification for cloud networking, describing threat categories and attack scenar- ios that should be taken into account when designing, comparing, or categorizing solutions. The classification is based on the CSA threat report, building upon studies and surveys from the specialized literature to extend the CSA list of threats and to allow a more detailed analysis of cloud network virtualization issues. 1 INTRODUCTION The current concept of cloud computing evolved from technologies such as distributed computing and resource virtualization, enabling the utilization of shared computing infrastructures for delivering soft- ware, platforms and infrastructures to different cus- tomers over the Internet. Nevertheless, cloud com- puting has other particular requirements such as (Mell and Grance, 2011): on-demand provision of the com- puting resources; broad network access to config- ure and request computing capabilities; resources are pooled to be used by multiple customers in a multi- tenant model; the resources should be elastically pro- visioned and released; and delivered services should be transparently measured for managing and billing purposes. This new model of delivering computing power takes advantage of economies of scale, allow- ing cloud providers to deliver services for a reason- able cost to several institutions and companies. It also brings advantages to customers, who can pay only for what they consume instead of obliging them to pur- chase, install and maintain their own equipment. Unfortunately, however, the advantages brought by the cloud are also accompanied by threats and se- curity vulnerabilities that discourage its full adoption by many companies.An example is the need of iso- lating resources, data and communication within the cloud. Public cloud systems utilize a multi-tenant ar- chitecture, in which customers should only ”see” the cloud resources assigned to them, as if they were the sole user of the infrastructure. Virtualization technologies play a crucial role in enforcing this isolation, given that they are the main building block in provisioning the customers’ infras- tructure, including virtual machines (VMs) and vir- tual networks (VNs). Additionally, a virtualization solution(s) should ensure not only that the VMs op- erate with isolated resources, but also allow network traffic monitoring and the creation of secure network domains. For this reason, enabling SVN in the cloud computing is currently a subject of intense research (Sun and Hu, 2012). Many of the existing propos- als rely on open network virtualization solutions such as Open vSwitch for defining virtualized network ar- chitectures with security features (Hao et al., 2010; Cohen et al., 2013), inserting security modules in- side VMs and virtual switches (Basak et al., 2010; 214 M. Barros B., H. Iwaya L., A. Simplício Jr. M., C. M. B. Carvalho T., Méhes A. and Näslund M.. Classifying Security Threats in Cloud Networking. DOI: 10.5220/0005489402140220 In Proceedings of the 5th International Conference on Cloud Computing and Services Science (CLOSER-2015), pages 214-220 ISBN: 978-989-758-104-5 Copyright c  2015 SCITEPRESS (Science and Technology Publications, Lda.)