Content uploaded by Md. Sadek Ferdous
Author content
All content in this area was uploaded by Md. Sadek Ferdous on Feb 02, 2017
Content may be subject to copyright.
THREAT TAXONOMY FOR CLOUD OF THINGS
1
THREAT TAXONOMY FOR CLOUD OF THINGS
Md Sadek Ferdous, Raid Khalid Hussein, Madini O.
Alassafi, Abdulrahman Alharthi, Robert J. Walters and
Gary Wills
Electronic and Software Systems Group
Electronics and Computer Science
University of Southampton
SO17 1BJ, UK
Email :{S.Ferdous,rkh2n14,moa2g15,aaa2g14}@soton.ac.uk,
{rjw1,gbw}ecs.soton.ac.uk
ABSTRACT
In the last few years, the cloud computing paradigm experienced a
considerable growth, making it the de-facto technology fuelling almost all
major online services. At the same time, the concept of Internet of Things has
started to gain mainstream traction with the promise to usher a new era of
pervasive sensing using a weave of numerous inter-connected IoT devices.
Such IoT devices can generate an enourmous amount of data which becomes
increasingly difficult to process using the limited computational and storage
capabilities of these devices. To tackle this problem, a notion of a novel
technology called Cloud of Things is emerging.. However, to harness the full
potential of this new paradigm, different security and privacy issues need to be
properly analysed. The first step for carrying out such an analysis is to define a
well-constructed threat model. In this chapter, we present a comprehensive
threat model which is then utilised to create a first-ever threat taxonomy for
Cloud of Things. This taxonomy outlines different security and privacy threats
faced by this nascent technology and can be used as the basis for further
research on security and privacy in Cloud of Things.
Keywords: Cloud Computing, Internet of Things (IoT), Cloud of Things (CoT),
Threat model, Threat taxonomy.
This is the author's version. The book chapter has been published in Internet of Things and Big
Data Analysis: Recent Trends and Challenges. Publisher: United Scholars Publications, USA
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
2
1. INTRODUCTION
The advancement in Information and communication technologies (ICT)
and the growth need for ubiquitous computing has facilitated the emergence of
new technological paradigm such as cloud computing and IoT. Due to the
limited computation capabilities and storage in IoT devices, cloud computing is
considered to be the desirable mean for hosting and developing large-scale IoT
service platforms. The mutual integration of the cloud computing and IoT lead
to a novel technological trend called “Cloud of Things (CoT)”. The CoT is “a
concept that provides smart things’ functions as a service and allows them to
be used by multiple applications” [1]. CoT can be leveraged to provide a
processing, analysis, storage and decision making platform which utilise data
sensed by IoT devices in a distributed architecture. In CoT, heterogeneous
resources can be accumulated according to a unified processing technique, thus
enabling things as a Service to provide monitoring, analysis and visualisation of
data sensed by multitude of IoT devices [2].
Since the concept of CoT is an integration of cloud computing and IoT
technologies, several security and privacy challenges arise which are mostly
inherited from the architecture of the underlying technologies involved in both
cloud computing and IoT. These security and privacy threats may hamper the
growth of CoT [3]. Therefore, their impact need to be critically analysed. Even
though there exists a plethora of research papers in the exiting literature that
analyse different security and privacy issues with respect to cloud computing
and IoT separately. But, there is no single study that provides a comprehensive
analysis of different security and privacy threats in the setting of CoT. The
terms security and privacy are most probably related concepts. However, the
two concepts are different and need to be analysed separately in order to
categorise the common threats associated with both paradigms.
In this chapter, an insight on CoT paradigm and its underlying concepts are
critically reviewed in order to establish a comprehensive definition of CoT.
Moreover, a threat model is presented which outlines the assumed capabilities
of an adversary (attacker) within a CoT system. Based on these capabilities of
the attacker, different security and privacy threats have been identified and then
combined to formulate a taxonomy of threats for CoT. Finally, a review of the
identified security and privacy threats within the taxonomy is presented. In
summary, the contributions in this chapter are as follows:
A comprehensive definition for CoT is presented.
A threat model is formulated for CoT by outlining the associated
adversary model and enlisting assets. The adversary model
discusses the assumed capabilities of an attacker for a CoT system
and the assets present the resources which could be the focus of
THREAT TAXONOMY FOR CLOUD OF THINGS
3
attack by an adversary in a CoT system.
Based on the threat model, a taxonomy of threats is presented.
Finally, all identified threats are briefly discussed.
The chapter is organised as follows. In Section 2 the concept of CoT is
investigated and a rigorous definition is presented. In Section 3, a threat model
for CoT is outlined. A taxonomy of different security and privacy threats is
presented in Section 4 along with the description of the identified threats and
their corresponding attacks. Finally, the chapter concludes in Section 5.
2. CLOUD OF THINGS: CONCEPT AND STRUCTURE
In this section an overview of the notion of CoT is reviewed and the origin
of its underlying terms ‘Cloud’ and ‘Things’ is elaborated in details. Lastly, a
comprehensive concrete definition for CoT is presented based on the review of
the visions, characteristics and architectures of cloud computing and Internet of
Things (IoT).
A. Cloud computing
Cloud computing has evolved from technologies such as virtualisation, grid
computing, distributed computing, web 2.0 technologies, Service Oriented
Architecture and utility computing. There are many definitions for cloud
computing in the literature. The three most cited definitions are presented
below.
Buyya et al. defined cloud computing as “A type of parallel and distributed
system consisting of a collection of interconnected and virtualized computers
that are dynamically provisioned and presented as one or more unified
computing resources based on service-level agreements established through
negotiation between the service provider and consumers” [4].
Alternatively, cloud computing was defined by Vaquero et. al. as: “a broad
array of web-based services aimed at allowing users to obtain a wide range of
functional capabilities on a ’pay-as-you-go’ basis that previously required
tremendous hardware/software investments and professional skills to acquire”
[5].
Moreover, the National Institute of Standards and Technology (NIST)
defines cloud computing as “a model for enabling convenient, on-demand
network access to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications and services) that can be rapidly
provisioned and released with minimal management effort or service provider
interaction” [6].
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
4
Among the three definitions, the definition of cloud computing by NIST is
the most comprehensive one as it encompasses the unique characteristics,
service models and deployment models for the cloud.
A-1. Cloud Characteristics
According to the NIST definition, five characteristics of cloud computing
are as follows:
On-demand-self-service: In cloud computing, users can automatically
utilise computing resources such as servers, software, and storage as
desired, without any human interaction with a cloud service provider
[1].Resource pooling: The cloud provider’s pool of computing
resources is grouped together to serve multi-tenants/clients in such a
way that different physical and virtual resources are automatically
allocated and relocated according to the user’s command [2]
Broad network access: Resources in cloud computing are reachable
over the Internet which can be retrieved through standard techniques
and used by heterogeneous thin or thick consumers’ platforms [3].
Rapid Elasticity: Computing resources can be promptly and elastically
scaled out and scale in depending on the demand of resources [4]
Measured Service: Resources can be controlled, and conveyed in
order to ensure transparency for the cloud clients and the service
providers [2].
A-2. Cloud Service Models
Cloud computing has three service models or three architectural layers as
identified by NIST as in the Error! Reference source not found. below.
Table 1: Cloud Service Models
Services
Description
Software as a
service
(SaaS)
It is the highest layer and features a complete application layer
offered as a service, on demand, via multi-tenancy. For
example, Salesforce, Facebook, LinkedIn, Intuit, Google Apps
and Microsoft Office Live offer basic business services such as
e-mail and messaging using the SAAS model [5].
Platform as a
Service
(PaaS)
Consumers using PaaS can develop and/or deploy applications
by using provider’s services and tools. PaaS providers provide
tools for every phase of software development and testing
THREAT TAXONOMY FOR CLOUD OF THINGS
5
which can be utilised to quickly deploy any service. Examples
include Google App Engine and Microsoft Azure [6].
Infrastructure
as a Service
(IaaS)
It is a means of delivering basic storage and compute
capabilities as standardized services over the network.
Amazon (AWS) and Rackspace are IaaS providers which
provide servers, storage and other computing resources [7].
A-3. Cloud Deployment Models
There are four deployment models for cloud services, with derivative
variations that address specific requirements. The four models are listed below:
Public Cloud: In this model, a single organisation generally owns the
infrastructure. The infrastructure is made available for public or other
organisations and is leveraged to provide different services. This is currently
the most widely used model globally [8]
Private Cloud: In this model, the infrastructure is utilised by a single
organisation and hence, it is not made available to anyone outside the
organisation. The infrastructure can either be managed by the organisation
or another organisation may manage it on behalf of the first organisation [9]
Community Cloud: In the model, the infrastructure is shared among
multiple organisations which may share a set of common goals and
requirements among themselves. The infrastructure is managed by different
members of the community using a pre-determined level of agreement [10]
Hybrid Cloud: In this model, the cloud infrastructure is a combination of
two or more other cloud models where particular application scenarios
prohibit the usage of a certain cloud model [8].
B. Internet of things
The term IoT was introduced for the first time by the British entrepreneur
Kevin Ashton in 1999 during his work at Auto-ID centres where it was defined
as a universal network of devices connected via radio frequency identification
(RFID) [8]. The IoT concept seems difficult to understand because of the
numerous visions, ideas and the diverse socio economic and technical
applications of IoT deployment.
However, researchers have highlighted the main concepts in the IoT model
and clarify the vision of IoT in order to simplify the overall understanding of
the IoT paradigm. European technology platform on smart systems integration
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
6
(EPOSS) defined IoT as “world-wide network of interconnected objects
uniquely addressable, based on standard communication protocols” [9]. In
addition, Dunkels and Vasseur defined IoT as “a world where things can
automatically communicate to computers and each other providing services to
the benefit of the human kind” [10]. Guillemin and Friess defined IoT as a
“dynamic global network infrastructure with self configuring capabilities based
on standard and interoperable communication protocols where physical and
virtual “things” have identities, physical attributes, and virtual personalities
and use intelligent interfaces, and are seamlessly integrated into the
information network” [11]. Atzori and Morabito state that in the IoT, the RFID
(Radio Frequency Identification) is the corner stone of the technologies driving
the vision [12]. However, they indicate that a wide range of objects and
technologies consisting of different types of networks, devices and electronic
services are recognised as “the atomic components that will link the real world
with the digital world” [12].
However, to ease the understanding of the definition of IoT, it can be
broken down into two core concepts: Internet which refers to the universal
network, and “Things” indicating a variant of hardware devices such as traffic
monitoring devices, climate control devices, vehicles, appliances, etc. Some
scholars view Things as a mixture of data, service, software and hardware [13].
Therefore, IoT can be defined as a network of smart devices, vehicles and other
items embedded with different systems, sensors, and network protocols, and
application, which are capable of collecting and exchanging data. This
definition exhibits a sense about the architecture of IoT, which is often divided
into 3 main layers in the literature: the perception layer which perceives
(senses) the data from the environment, the network layer which is used to
collect the data perceived by the previous layer and send it to the Internet, and
the application layer which is used to create innovative applications, online
services and real-life use-cases utilising the data collected and disseminated via
the previous two layers [14], [15].
To conclude, the novel paradigm of IoT has scaled out the notion of
computing beyond the traditional computers. IoT objects can send and receive
data with each other or to any application using different wireless
communication sensors, mobile phones, actuators and RFID in a real time
fashion. It is envisioned that, in future, all objects surrounding us will be
equipped with the functionalities of IoT devices. For example, IoT scheme can
encompass most of the daily life objects in different domains such as e-health,
learning, manufacturing automation, smart transportation and remote control
for home appliances and leisure devices, capable of collecting useful data and
then transmitting the data with the assistance of the other devices, which will
form a network of smart devices. An abstract idea for IoT domains and
potential applications is illustrated in Figure 1. The interaction with IoT objects
can be in the form of end users to machines or machine-to-machine (m2m) [16].
THREAT TAXONOMY FOR CLOUD OF THINGS
7
Figure 1: Internet of things daily application areas
C. Cloud of Things
The emergence of ubiquitous computing web can be enabled by new IT
paradigms like cloud computing and IoT, which is based on the assumption
that, in future, massive number of connected devices will be transiting data on
the internet. The number of the connected devices has already reached 9 billion
and it is projected to reach 24 billion by 2020 [3]. Moreover, the governments
in Europe and Japan already took some actions toward the conversion of their
cities to “smart cities” in order to promote better management for their
resources by using cutting edge Information and communication technologies
(ICT). This utilisation of ICT will help cities to control the growing demands
on increasing the quality of life, which lead to smarter life. The advancement in
sensor and wireless technologies can enable monitoring and sensing the
physical events with embedded computing and transmit the data wirelessly
[17].
Nowadays, the growth demand on the data will lead to big data burst,
which will need to have scalable IT environments that can generate, transmit
and process such data. Processing and analysing such data in innovative ways
will generate novel knowledge. This high volume of data computation cannot
be performed on the limited processing and storing capabilities of the existing
IoT devices alone. Therefore, merging IoT with cloud computing would
provide a solid platform where a high performance pool of resources can be
leveraged using a relatively low cost payment model (Pay-as-you-go) to host
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
8
and process this huge volume of data. The integration of these two paradigms
construct a novel paradigm called “Cloud of Things”. The vision of CoT is to
introduce a set of heterogonous APIs of smart things as a service to be visible
and shared by other applications. The applications in the CoT platform can
leverage the deployed smart things by others without having to deploy their
own infrastructure repeatedly [1].
In the existing literature, the CoT paradigm is commonly defined as “an IT
paradigm to connect physical objects to the cloud to meet the demand of huge
real-time data” [3], [18], [19]. Moreover, Distefano et al. emphasise on
sensing as service concept when defining CoT [20]. They define it as
“geographically distributed infrastructure with cloud agent elements that
continuously discover and pool sensing resources of IoT devices to be used by
cloud user’s on-demand”. In spite of the existing CoT definitions in the
literature, there is no comprehensive concrete definition for CoT, which can be
derived by critically analysing the underlying IT concepts of both cloud
computing and IoT. Next, based on the critical review of the definitions of both
IoT and Cloud Computing in previous sections, a synthesised comprehensive
CoT definition is presented below:
“The Cloud of Things is a scalable IT paradigm for providing a pay per use
on demand network access to self configurable mutual pool of identified
interconnected sensing devices embedded with different technologies (e.g.,
Wireless Sensor and Actuator Networks (WSAN), Applications, Near Field
Communications (NFC), Radio Frequency Identifier (RFID)), which can be
distributed globally and promptly provisioned in order to perceive data from
the real world environments and link it with the digital world”.
Based on this CoT definition, it can be understood that the concept of CoT
differs from the concept of cloud computing. This is because simultaneous
accesses to smart things (IoT devices) should be constrained in some cases to
avoid resource conflicts as this conflict will not affect the workload of
computing resources like memory, CPU, power, etc. For instance, a CoT-
enabled projector in a room may need to restrict multiple access features
simultaneously because the projector is able to show only one screen from a
device (e.g., Smart Phone) at a time.
To harness the full potential of this new paradigm, different security and
privacy issues need to be properly analysed. The first step for carrying out such
an analysis is to define a threat model which will outline the underlying threats
faced by this nascent technology. In the subsequent sections, we present a threat
model by creating a first-ever threat taxonomy for CoT along with a brief
description of each of the identified threats.
THREAT TAXONOMY FOR CLOUD OF THINGS
9
3. THREAT MODEL IN CLOUD OF THINGS
The first step to design and develop a secure system is to formulate a threat
model for the corresponding system. A well-defined threat model helps to
identify threats on different assets of a system by utilising a well-grounded
assumptions on the capabilities of any attacker interested to attack such a
system. Then, in order to tackle such threats , different mitigation strategies are
sketched out by formulating different security and privacy requirements [21]. In
summary, a threat modelling process consists of the following steps [22] [23]:
i. outlining the adversary model,
ii. listing assets of the system,
iii. identifying possible threats on those assets and
iv. outlining mitigation strategies.
Since each system has different assets, the threat modelling process of one
system within the domain of CoT will be considerably different than that of
another system within the same domain. Even so there are some common
assets, hence some common threats, that will exist in any system within a
particular domain, e.g. CoT. In this chapter, the focus will be mainly on the first
three steps (analysing the adversary model, listing assets and identifying
threats) of the threat modelling process and therefore, the discussion involving
the fourth step (outlining mitigation strategies) is deliberately left out.
In the next subsections, the first two steps are described whereas a full
section is devoted for the third step.
A. Adversary Model
An adversary model assumes certain properties and capabilities of an
adversary (attacker) which the attacker may employ to attack a system. These
assumptions are useful to underline what an attacker can and cannot achieve
and an essential ingridient for modelling threats. Indeed, the assumed
capabilities of an attacker, in many ways, can influence the identification of
assets which are exposed to the attacker. This, in turn, can be used to identify
threats on these assets which can be exploited by the attacker.
There are different adversary models available with respect to the security
of a system. However, two most widely-used adversary models are: Dolev-Yao
(DY) model [24] and Honest-but-curious (HBC)/Semi-dishonest model [25]
[26].
The DY model assumes that an adversary (also known as the DY
adversary) has full control over the communication network in such a way that
they can launch active and/or passive attacks. Active attacks include
interrupting and altering messages, replaying old messages as well as injecting
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
10
forged messages in the communciation path. Whereas, passive attacks include
eavesdropping and intercepting communicating messages between two systems.
These capabilities will enable the adversary to attack the involved systems even
without having limited/no control on the respective system. The limitation that
is imposed on the capability of such an attacker is that she cannot break any
secure cryptographic mechanism. For example, the adversary cannot decrypt an
encrypted message as well as falsify digital signature without holding the
corresponding secret key, nor they can reverse any cryptographic hash function.
The HBC model assumes a limited capability of an adersary (also known as
the HBC or Semi-dishonest adversary) in such a way that they cannot launch
any active or passive attacks on the system. Instead, they will participate in the
system as an honest user and follow its associated communication protocols as
intended. However, the adversary will try to learn and infer as much as
knowledge as possible only from the messages intended for herself. This may
involve linking different messages and analysing the contents of such
messages.
It is to be noted that the capabilities assumed for adversaries of both models
mostly involve engaging in a communication protocol. However, we assume a
few additional capabilities for both type of adversaries through which they can
exploit, in order to launch attacks in CoT systems. Some of these additional
capabilities are:
Both type of adversaries may have access to the physical environments
where IoT devices are deployed which may allow them to launch active or
passive attacks within the respective physical environment.
The adversaries may control substantial external computational power
which reside out of the domain of the attacked system to launch attacks
and/or infer knowledge.
Also, adversaries may act as a malicious insider having expert knowledge
on the deployment system which can be used to launch insder attacks.
B. Enlisting Assets
An asset is the abstract or physical resource in a system that needs to be
protected from an adversary (attacker) [21]. It is the resource for which a threat
exists and represents the target of the adversary in the system. An asset can be a
physical resource, for example, different hardware. Examples of such hardware
are different IoT devices which are used to sense and feed multitude of data
from environments in which they are deployed. Another example is the cluster
of server machines which are used to deploy cloud-enabled systems. In
addition, hardware may also include the network components such as routers by
which data is transmitted from one system to another and machines such as
THREAT TAXONOMY FOR CLOUD OF THINGS
11
computers, smartphones and tablets from which users access different online
services. Similarly, an asset can also be an abastract resource including
different software such as operating systems running the physical servers and
hypervisors responsible for maintaing different virtual machines. Moreover,
web servers, web services and data are also examples of software. Since the
domain of CoT involve an amalgamation of IoT and Cloud technologies, both
physical and abstract resources need to be considered. The motivation behind
this step is to highlight those assets in the system which can be the target of an
adversary so that associated threats for these assets can be identified.
We identify the following physical assets:
IoT devices: IoT devices are essential components of any CoT system.
These are the physical devices that are deployed in different physical
environment, to sense and collect different types of data.
Cloud servers with storage capabilities: Cloud servers along with
their massive storage capacities as deployed in different data-centre
represent another crucial physical resouce. These devices are used to
deploy different models of cloud services.
Client devices: Client devices include computers, smartphones and
tablets and are used to access services provides using the CoT systems.
We identify the following abstract resources:
Data generated by IoT devices: Data generated by multitude of IoT
devices deployed in different physical environments represent a crucial
abstract asset. Such data can be extremely sensitive depending on the
type of IoT devices and is one of the princicple assets that needs to be
secured.
Identities of users and devices: The (partial) identities of users and
devices are crucial assets as these identities are used to identify and
authenticate entities in a CoT System. Such identities can also be used
to bind data with the corresponding entities and to ensure that data is
generated from a valid entity and as well as data is cosumed by an
authorised entity.
Activities associated with an identity: How the partial identity of an
entity is leveraged for accessing different CoT services represents a
valuable asset. This is because such associated activities offer a
lucrative way for an adversary to track users across different
application domains.
Web servers: These web servers represent the software that is used to
host CoT web-services. Such software needs protection to ensure only
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
12
legitimate services are hosted.
CoT-enabled web services: CoT-enabled web services may utilise
extremely sensitive data generated from different sensors and hence,
must be protected from any unauthorised access. Such service should
be exposed to only those entities which are properly identified,
authenticated and authorised using their (partial) identities.
Cryptographic keys: If crypographic mechanisms are used to ensure
the security and privacy of different sensed data, the corresponding
cryptographic keys represent a valuable assent. If these keys are
compromised, the security and privacy of the system will break down.
Hypervisors & VM components: Hypervisors are used to deploy and
monitor different VMs whereas VMs are used to host web servers and
web-services discussed above. Protecting hypervisors and VM
components are crucial to ensure that these components are not
compromised.
4. THREAT TAXONOMY
A threat represents the activity or capability of an adversary onto an asset
of a system with an intention to invade the security of the system or invade the
privacy of a user in the system [21]. Privacy embodies the ability to control
who has the privilege to access a certain data which may contain sensitive
information regarding a person. On the other hand, security involves the
mechanisms used to ensure the confidentiality, integrity and availability of the
data at different points within a system [18]. The main motivation behind this
step is to identify possible threats related to two categories: security and
privacy.
Based on the adversary model and the enlisted assets, we have identified
several security and privacy threats for any CoT system. These threats have
been combined to formulate a novel taxonomy of threats for a CoT System. The
taxonomy is illustrated in Figure 2: Taxonomy of threats for CoT and is
discussed below.
A. Security Threats
The threats that can compromise the security of the system belong to this
category. These threats have been grouped together in different sub-categories:
communication threats, physical threats, data threats, service provisioning
threats and other threats. Each of these sub-categories along with the identified
threats is discussed below.
THREAT TAXONOMY FOR CLOUD OF THINGS
13
A-1. Communication threats
An attacker can abuse the communication channel between different
entities within a CoT system to initiate threats belonging to this sub-category.
Availability:
The threat to availability in a CoT system can be materialised using a
Denial of Service (DoS) attack to prevent valid users accessing the respective
services either by stopping the service or by exhausting and/or cutting down the
communication channel and resources in such a way that a valid user cannot
avail any service [27]. In a DoS attack, a server in a CoT system (e.g. a server
in a cloud cluster) can be flooded with an extremely high magnitude of service
access requests. To cope with these requests, the operating system in the server
may start to utilise additional computation power and resources. Since the
server has limited processing capability, it soon exhausts all its resources and
no other resources can be utilised to perform different tasks needed for
providing the respective services. In this way, the attacker could block some of
the services by limiting the server’s capability [28].
In the traditional Cloud computing setting, the DoS attack can affect the
provider resources and the network as mentioned above. However, in a CoT
system, the DoS attack can also affect the availability of the systems where data
are produced by different IoT devices. The attacker can jam the wireless
channel which in turn can affect the communication channel between the IoT
devices and the cloud system and thus launching a DoS attack [29].
Eavesdropping:
The eavesdropping attack allows an attacker to gain access to different
communication channels and exploit such channels to extract the circulated
data during interactions between different entities within a system in the
targeted infrastructure [29], [30]. Such data are then used to breach the security
of the system and to invade the privacy of the users. It is considered a major
communication threat which affects the confidentiality of data during
transmission.
Spoofing:
The spoofing attack allows a malicious party to mimic another device or
impersonate another user on the same communication mean in order to spread
malware or bypass access control mechanisms. There are several types of
spoofing attacks. Two of the most common spoofing types are IP spoofing and
ARP (Address Resolution Packet) spoofing. In the IP spoofing attack, one
device mimics other devices by using their IP address. Whereas in the ARP
spoofing attack, one device spoofs other devices using their MAC addresses
[31].
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
14
Figure 2: Taxonomy of threats for CoT
THREAT TAXONOMY FOR CLOUD OF THINGS
15
Man-in-the-middle (MITM) attack:
In the MITM attack, an attacker places herself in between a valid sender
and receiver without their knowledge. Then, the attacker can intercept the data
packet during data transmission between the sender and receiver and replace
valid data packets with fraudulent ones in such a way that the receiver will be
tricked to believe that the packet has generated from the valid sender. This will
enable the attacker to impersonate as a legitimate sender [32]. An example of a
MITM attack scenario in a CoT system which deploys different IoT sensors can
be envisaged when an attacker tries to deceive the temperature data from the
sensor devices to enforce the controller in the system to overheat and eventually
turn off which could lead to physical and financial damage [33].
Replay attack:
The replay or playback attack is, similar to the MITM attack, a kind of a
communication attack in which a genuine message is initially intercepted and
then maliciously replicated by the attacker at a later period. After receiving
such a legitimate yet duplicate packet, the receiver might be tricked in believing
that the packet is from a legitimate user [34]. However, it differs from the
MITM attacker as the attacker injects fraudulent packets in the MITM attack
whereas the attacker resends a legitimate packet in the replay attack.
A-2. Physical threats
The threats that are materialised only if an attacker can compromise the
physical IoT devices belong to this sub-category. The identified threats are
described below.
Device capture:
An attacker may gain access to the physical environment where different
IoT devices are deployed. Gaining such access might enable the attacker to
capture the deployed devices and then to extract information using different
means before they are sent to the system. In this way, the attacker might be able
to extract information even before they are transmitted and securely stored in
the system [35].
Node damaging:
An attacker having physical access to the environment where IoT devices
are deployed can physically damage a device and thus making it unsuitable to
sense and transmit any data. If the attacker can damage a large number of such
devices, she can launch a DoS attack in the system where the system is
deprived of any input data from these devices. This will make the system
unusable for providing any services that rely on such data [36].
Side channel attack:
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
16
An attacker may launch attacks such as timing attacks, power analysis
attacks, fault analysis attacks, electromagnetic attacks and environmental
attacks which rely on physical characteristic of the devices as well as the
environments in which they are deployed along with the communication pattern
[36], [37]. Such attacks rely on the fact that logical functionalities may exhibit
certain deterministic physical characteristics depending on the input data. By
examining these physical characteristics, certain level of inference can be made
which ultimately can be exploited to compromise the security of the system.
Using such mechanisms, the attacker may even attack the cryptographic
mechanisms that have been deployed to protect the system [38].
A-3. Data threats
The threats and their corresponding attacks which rely on data generated by
a CoT system belong to this sub-category. The identified threats and attacks are
presented below.
Data retrieval from devices:
With the possibility of an attacker to get physical access to any IoT device,
the likelihood of retrieving raw sensed data by tampering the device via reverse
engineering or micro-probing is quite high [39]. The data collected in this
manner can be used to invade the security and privacy of any user within the
environment where the respective device has been deployed.
Data Integrity & Confidentiality:
Once the data has been collected by an IoT device, it needs to be
transferred to a CoT system for storage and further analysis. This imposes the
risk of data tampering while data is transmitted and stored in a storage medium
[39]. Therefore, the integrity and confidentiality of such data must be ensured
while in transmission as well as during storage in the storage medium.
Device authenticity:
An attacker may try to deploy unauthorised devices in the environment
which might generate fraudulent data. To guarantee the trustworthiness of any
CoT system, data sensed and produced by only properly authenticated and
authorised devices must be accepted [40].
Key compromisation:
An attacker can try to compromise the keys that are used to guarantee the
security of sensed via different cryptographic mechanisms. Getting hold of such
keys would enable the attacker to compromise the security of any CoT system
and its respective users.
THREAT TAXONOMY FOR CLOUD OF THINGS
17
False data injection:
An attacker may deploy an unauthenticated and unauthorised IoT device or
even reverse engineer an authenticated and authorised IoT device in order to
inject false data into a system. In a CoT system where the reliability of the
sensed data is crucial, injecting any false data can compromise the whole
security of the system [41].
Weak cryptographic protocols:
IoT devices have limited computational capabilities and power sources. The
standard cryptographic mechanisms are computationally intensive and may
need to consume additional power. This may influence the developer of a CoT
system to employ weak cryptographic mechanisms which may require less
computational power. Such weak cryptographic mechanisms might be easily
breakable which can threaten the security of the whole system [42].
Data loss and leakage:
According to report of Cloud Security Alliance, data loss could occur for
many reasons for instance, accidental deletion of data by the service provider,
physical catastrophe like earthquake and fire and lack of disaster recovery as
well as unreliable data centre [43]. Similarly, data leakage could occur for other
reasons such as exploitations by malicious insiders, weak access control
mechanism, lack of powerful encryption algorithms, etc. In addition, data
leakage could occur in a CoT system as such system understandably will share
different computing and hardware resources.
Data breaches:
Data breach illustrates the situation in which data is accessed by an
unauthorized or illegitimate entity which can be a person, application or
service. Data breach can occur at any layer in a system as well as at different
endpoints. Data breaches might occur from outside the system initiated by an
outside attacker or inside within the system by a malicious insider [44].
Data sensitivity:
Some sensor data (e.g. medical data, financial data, etc.) are more sensitive
in nature than other type of sensor data. Generally, such sensitive data imposes
greater risks for invading privacy and breaching security of a user. Therefore,
more care should be taken in determining the sensitivity of such data as well as
in storing and utilising such data.
A-4. Service provisioning threats
The threats which are related to different services within a CoT system
belong to this sub-category. The identified threats and attacks are presented
below.
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
18
Unidentified and unauthorised access:
CoT-enabled services that deal with sensor data must ensure that
unidentified and unauthorised users cannot access such data. Otherwise an
attacker can easily get access to the sensitive sensor data and can access the
resulting analysis generated from the sensor data.
Escalation of privileges:
Inadequate deployment of any authorisation infrastructure while providing
CoT-enabled services may allow a user/an attacker to gain unprivileged
accesses to sensitive sensor data and their resulting analysis.
Identity theft:
In an identity theft attack, an attacker pretends to be a valid user of the
system in order to gain illegal access to restricted services as well as resources.
The attacker can obtain key pieces of personal information of a valid user
which are then exploited for the identity theft attack. The victim of this attack
can suffer from losses and can be held accountable for the perpetrator’s actions
which can bring adverse consequences for the user [45].
Service hijacking:
In a service hijacking attack, a user, while trying to access a valid service,
is redirected to an illegal service controlled by the attacker. Then the user is
tricked to reveal personal information which could be exploited for other types
of attacks such as identity theft, manipulating user data, spying user activities
and transactions, returning fake information, etc. There are different ways such
an attack can be launched such as phishing attacks, social engineering attacks,
using exploited software, etc. This attack can be launched at different layers of
cloud computing such as in IaaS, PaaS and SaaS [46].
Insecure interfaces and API:
Insecure interfaces and application programing interfaces are also
considered as one of the top threats in cloud computing. This is because the
cloud provider always distributes a set of application programing interfaces
(API) to allow their consumers to retrieve data and services [44]. If the
interface is not properly protected with adequate security mechanisms, an
attacker can easily launch attacks exploiting the interface [47].
Compromising management interface
Client management interfaces of any CoT system, are generally managed
over the Internet. Protecting such management interfaces is crucial as an
insecure interface could be exploited to launch fraudulent services that utilise
legitimate data sensed and produced by IoT devices [48].
THREAT TAXONOMY FOR CLOUD OF THINGS
19
A-5. Other threats
In this sub-category, miscellaneous threats which are not related to any of
the previous sub-categories are listed.
Malicious insiders:
A malicious insider is a risk to any organisation. This is because the
malicious insider can be a current or previous employee of an organisation and
may have authorised access to an organisation's systems or have access to
potential sensitive data. The insider may exploit such access to abuse the data
as well as services. That is why it is important for many organisations to
understand what providers are doing to identify and protect against the
malicious insider risk [49] [43].
Shared technology issues:
In a CoT system, shared resources might by utilised via virtualisation
through multi tenancy architecture which allows many clients to share the same
application instance. Sharing the application by many users might probably
permit to access to the virtual machine (VM) of another user. The VM Monitor
(VMM) has vulnerabilities and could be exploited by a malicious user to gain
access to another user’s VM. All these mean that there is no strong isolation
between tenants when the IaaS is delivered through multi-tenancy architecture
which might lead to one malicious tenant interfering with another and affecting
the normal operation of the application [50].
Abusing cloud computing:
One of the biggest advantages of cloud computing is that it allows big and
even small organisations to avail an unprecedented volume of computing power
which would otherwise be impossible for such organisations [43] [51].
However, there is a drawback that comes with this opportunity as it allows
anyone to abuse such computing power to launch different types of attacks. For
example, a single attacker can rent out a significant among computer power to
launch DoS attacks to another cloud service provider. For this reason,
according to cloud security alliance report, abusive and nefarious usage of
cloud computing is considered as one of the top security threats to cloud
computing which is valid for any CoT system [43].
B. Privacy Threats
The following threats can be exploited to invade the privacy of different
entities in a CoT system. Since the matter of privacy mainly affects the users of
the system, these threats are more focused on how they can breach and/or
invade the privacy of the users within the corresponding system.
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
20
Unnoticed capture & unware identitification:
An IoT device which is deployed in an environment to collect data about
users (e.g. consider a miniscule size camera deployed in the entry point of a
building captureing facial images of every person entering the building) can be
extremely discrete in nature. Such data can be captured without the knowledge
and/or consent of the corresponding users and ultimately can be analysed and
abused to identify users and invade their privacy.
IoT data inaccesibility:
Data captured by different IoT devices in an environment and then
uploaded to the cloud providers may not be accessible to the user whose data
has been captured. Without having any access, the user will have no knowledge
how and what data have been collected.
Lack of control and transparency:
Once collected data about users are uploaded to the cloud, the users have
limited control over them and they may be unaware how such data are being
abused by the data collector. The very nature of the ubiquituous sensing process
which may capture data in a continuous stream makes it very difficult for the
users to express their consent explicitly regarding their acceptance or denial
regarding data collection or what to do with such collected data while they are
processed, analysed, presented and shared in a system. Without such controls it
becomes difficult to create access control rules in a system which can protect
the privacy of the system.
Loss of governance:
Loss of governance is considered one of the most important classes of
cloud specific threats. In using the cloud infrastructures, the customers
essentially give control to the cloud provider which might impact their privacy.
Profiling and tracking:
If different sensors deployed in different environments collect data and
such data can be tied to a particular user, there is a risk of creating a profile of
that particular user and then track her across multiple domains without her
knowledge.
Unforseen inference:
Collected data from different sensors can be analysed comprehensively
using extensive computing power facilitated by CoT. Such extensive analysis
imposes the risk of unforeseen inference regarding any user which otherwise
would not be possible in just an IoT-enabled system. The knowledge gained
from such inference could be exploited to invade the privacy of the user or even
worse, could be used to create inference for future occurrence of events which
THREAT TAXONOMY FOR CLOUD OF THINGS
21
otherwise were not possible.
Unatuhorised disclosure:
Data collected by different IoT devices will be disclosed or uploaded to a
CoT system for storage and further analysis. It is extremely difficult to collect
consent and/or even notify users regarding data collection, storage and analysis
procedure in this manner which might result in unauthorised disclosure of
(sensitive) data.
5. CONCLUSIONS
Cloud computing offers a new processing model that increases efficiency,
provides on-demand access to a shared pool of resources with minimum
management effort in a considerable lower cost. On the otherhand, IoT provides
a platform to inter-connect an array of devieces and enable them to interact with
each other in a seamless manner. Combining these two different technical
paradigms to enable the storage and processing of unprecedented amount of
data generated by different IoT devices seems to be the next step in the
technological evolution which can be leveraged to offer innovative cloud-based
online services. The model of CoT is the realisation of this idea and has
emeraged as a platform to allow intelligent usage of applications or sense as a
services based on real time data from these IoT devices.
Being a new technical paradigm, there are several security and privacy
issues involved in CoT which need to be addressed before its full potential can
be harnessed. The main goal of this chapter is to present an overview of
different security and privacy threats within the domain of CoT. Toward this
goal, a threat model has been presented consisting of a model of an adversary
along with a list of assests. Then, a taxonomy containing different security and
privacy threats has been presented. Finally, each identified threat has been
briefly discussed.
Many of these threats emerge due to the intrinsic nature of Co|T where data
generated by diffrerent IoT devices may involve a human. Depending on the data
generating device, such personal data can be extremely sensitive in nature. Such
data may be collected ubiquitiously in an automatic fashion; where the respective
person may be unaware of the data collection procedure. This makes it difficult for
any person to provide any explicit consent during data collection. Furthermore, data
will be collected in different environments managed by different authorities.
Managing such personal data generated in largle volume in different environments
will be extremely challenging for any user. All these properties of CoT will
challenge the existing practice of secure and privacy preserving mechanisms that
deal with personal data.
Similarly, organisations responsible for the deployment of CoT systems will
face similar challenges with respect to maintaining security and preserving privacy
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
22
of the colleced data. Novel secure mechanisms will need to be deployed to collect
IoT data from environments, transmit such data via the Internet and finally store
and analyse them in a cloud. Moreover, novel access control mechanisms will need
to be deployed to ensure that any single person can is informed what data is being
collected and has the provision for the user to express explicit consent. In addition,
the organisations will also need to deploy novel services to allow users to manage
their collected data in a secure, usable and privacy-friendly way.
One of the ways to design and develop a secure and privacy-friendly CoT
system is to ensure that the underlying threats are addressed. This chapter aims to
lay out the foundation towards that goal by identifiying the threats within a CoT
system. The next challenge will be to produce a comprehensive mitigation
strategies which can be utilised to formulate different security and privacy
requirements. Fulfilling these requirements will ensure that the threats are
mitigated, however, the ultimate challenge is to design a system that can satisfy all
these requirements. These challenges open up an exiciting oportunitiy of extensive
research in the coming years.
REFERENCES
[1] Kim, S.H. and Kim, D. (2015). Enabling Multi-tenancy via Middleware-
level Virtualization with Organization Management in the Cloud of Things.
Services Computing, IEEE Transactions on, 8(6), pp.971-984.
[2] Alohali, B., Merabti, M., & Kifayat, K. (2014). A Secure Scheme for a
Smart House Based on Cloud of Things ( CoT ), 115–120.
[3] Aazam, M., Khan, I., Alsaffar, A.A., and Huh, E.N.(2014). Cloud of
Things: Integrating Internet of Things and cloud computing and the issues
involved. In-Applied Sciences and Technology (IBCAST), 2014 11th
International Bhurban Conference on (pp. 414-419). IEEE.
[4] Buyya, R., Yeo, C., & Venugopal, S. (2008). Market-oriented cloud
computing: Vision, hype, and reality for delivering it services as computing
utilities. CoRR, (abs/0808.3558).
[5] Vaquero, L. M., Rodero-Merino, L., Caceres, J., & Lindner, M. (2008). A
break in the clouds: towards a cloud definition. ACM SIGCOMM
Computer Communication Review, 39(1), 50-55.
[6] Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing
Recommendations of the National Institute of Standards and Technology.
Nist Special Publication, 145, 7. doi:10.1136/emj.2010.096966
THREAT TAXONOMY FOR CLOUD OF THINGS
23
[7] Armbrust, M., Fox, A., Griffith, R., Joseph, A., & RH. (2009). Above the
clouds: A Berkeley view of cloud computing. University of California,
Berkeley, Tech. Rep. UCB, 07–013.[Online] Article available at <
www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf >
[Accessed: 27st April 2016] .
[8] Ashton, K., (2009.) That ‘internet of things’ thing. RFiD Journal, 22(7),
pp.97-114.
[9] EPOSS.(2008). Internet of Things in 2020, Roadmap for the Future,
Version 1.1, 27 [online] Avilable online at<http://www.smart-systems
integration.org/public/documents/publications/Internet-of-
Things_in_2020_EC-EPoSS_Workshop_Report_2008_v3.pdf> [accessed
on: 28/04/2016].
[10] Dunkels, A., Vasseur J.(2008). IP for Smart Objects, Internet Protocol
for Smart Objects (IPSO) Alliance, White Paper #1, [online] availlable at <
http://dunkels.com/adam/dunkels08ipso.pdf > [accessed on 28/04.2016]
[11] Guillemin, P., and Friess, P. (2009) “Internet of things strategic
research roadmap,” The Cluster of European Research Projects, Tech. Rep.
[online] avilable at <http://www.internet-of-things-
research.eu/pdf/IoTClusterStrategicResearchAgenda2009.pdf [Accessed
on: 2016-04- 26].
[12] Atzori, L., Iera, A. and Morabito, G.,. (2010). The internet of things: A
survey. Computer networks, 54(15), pp.2787-2805.
[13] La Diega, G.N. and Walden, I., (2016). Contracting for the ‘Internet of
Things’: Looking into the Nest. Queen Mary School of Law Legal Studies
Research Paper No. 219/2016.
[14] Khan, R., Khan, S. (2012). Future Internet: The Internet of Things
Architecture, Possible Applications and Key Challenges, in the proceedings
of 10th International Conference on Frontiers of Information Technology,
Islamabad, Pakistan, 17-19 D.
[15] Wu, M. 2012. Research on the architecture of Internet of things, in the
proceedings of 3rd International Conference on Advanced Computer
Theory and Engineering, 20-22, Beijing, China.
[16] Gubbi, J., Buyya, R., Marusic, S. and Palaniswami, M., (2013). Internet
of Things (IoT): A vision, architectural elements, and future directions.
Future Generation Computer Systems, 29(7), pp.1645-1660.
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
24
[17] Tei, K. and Gurgen, L., 2014, March. Clout: Cloud of things for
empowering the citizen clout in smart cities. In Internet of Things (WF-
IoT), 2014 IEEE World Forum on (pp. 369-370). IEEE.
[18] Bhattasali, T., Chaki, R. and Chaki, N. (2013). Secure and trusted cloud
of things. In India Conference (INDICON), 2013 Annual IEEE (pp. 1-6).
IEEE.
[19] Tanganelli, G., Vallati, C. and Mingozzi, E. (2014). Energy-efficient
QoS-aware service allocation for the cloud of things. In Cloud Computing
Technology and Science (CloudCom) 2014 IEEE 6th International
Conference on (pp. 787-792). IEEE.
[20] Distefano, S., Merlino, G., and Puliafito, A. (2012). Enabling the cloud
of things. In Innovative Mobile and Internet Services in Ubiquitous
Computing (IMIS), 2012 Sixth International Conference on (pp. 858-863).
IEEE.
[21] Myagmar, S., Lee, A. J., & Yurcik, W. (2005, August). Threat
modeling as a basis for security requirements. In Symposium on
requirements engineering for information security (SREIS) (Vol. 2005, pp.
1-8).
[22] Desmet, L., Jacobs, B., Piessens, F., & Joosen, W. (2005). Threat
modelling for web services based web applications. In Communications and
multimedia security (pp. 131-144). Springer US.
[23] De Cock, D., Wouters, K., Schellekens, D., Singelee, D., & Preneel, B.
(2005). Threat modelling for security tokens in web applications. In
Communications and Multimedia Security (pp. 183-193). Springer US.
[24] Dolev, D., & Yao, A. C. (1983). On the security of public key
protocols.Information Theory, IEEE Transactions on, 29(2), 198-208.
[25] Goldreich, O. (2009). Foundations of cryptography: volume 2, basic
applications. Cambridge university press.
[26] Paverd, A. J., Martin, A., & Brown, I. Modelling and Automatically
Analysing Privacy Properties for Honest-but-Curious Adversaries. Tech.
Rep., 2014.[Online]. Available: https://www. cs. ox. ac. uk/people/andrew.
paverd/casper/casper-privacy-report. pdf.
THREAT TAXONOMY FOR CLOUD OF THINGS
25
[27] Alotaibi, K. H. (2015). Threat in Cloud- Denial of Service ( DoS ) and
Distributed Denial of Service ( DDoS ) Attack , and Security Measures.
Journal of Emerging Trends in Computing and Information Sciences, 6(5),
241–244.
[28] Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. Lo. (2009). On
technical security issues in cloud computing. In CLOUD 2009 - 2009 IEEE
International Conference on Cloud Computing (pp. 109–116).
[29] Mahalle, P., & Anggorojati, B. (2012). Identity establishment and
capability based access control (IECAC) scheme for Internet of Things. …
(WPMC), 2012 15th …, 184–188. Retrieved from
http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6398758
[30] Li, Y., & Teraoka, F. (2012). Privacy protection for low-cost RFID tags
in IoT systems. Proceedings of the 7th International Conference on Future
Internet Technologies - CFI ’12, 60.
http://doi.org/10.1145/2377310.2377335
[31] Vidalis, S., & Olga, A. (2014). Assessing Identity Theft in the Internet
of Things. IT CoNvergence PRActice (INPRA), 2(1), 15–21.
[32] Stojmenovic, I., & Wen, S. (2014). The Fog Computing Paradigm:
Scenarios and Security Issues. Proceedings of the 2014 Federated
Conference on Computer Science and Information Systems, 2, 1–8.
http://doi.org/10.15439/2014F503
[33] Liu, J., Xiao, Y., & Chen, C. L. P. (2012). Authentication and Access
Control in the Internet of Things. 2012 32nd International Conference on
Distributed Computing Systems Workshops, 588–592.
http://doi.org/10.1109/ICDCSW.2012.23
[34] Gope, P., & Hwang, T. (2015). Untraceable Sensor Movement in
Distributed IoT Infrastructure. IEEE Sensors Journal, 15(9), 5340–5348.
http://doi.org/10.1109/JSEN.2015.2441113
[35] Roman, R., Zhou, J., & Lopez, J. (2013). On the features and
challenges of security and privacy in distributed internet of things.
Computer Networks, 57(10), 2266–2279.
http://doi.org/10.1016/j.comnet.2012.12.018
[36] Zhao, K., & Ge, L. (2013). A survey on the internet of things security.
Proceedings - 9th International Conference on Computational Intelligence
and Security, CIS 2013, 663–667. http://doi.org/10.1109/CIS.2013.145
M. S. Ferdous, R. K. Hussein, M. O. Alassafi, A. Alharthi, R. J. Walters and G. Wills
26
[37] Babar, S., Stango, A., Prasad, N., Sen, J., & Prasad, R. (2011,
February). Proposed embedded security framework for internet of things
(iot). InWireless Communication, Vehicular Technology, Information
Theory and Aerospace & Electronic Systems Technology (Wireless
VITAE), 2011 2nd International Conference on (pp. 1-5). IEEE.
[38] Verbauwhede, I. (2010). Secure Integrated Circuits and Systems, 250.
http://doi.org/10.1007/978-0-387-71829-3
[39] Babar, S., Mahalle, P., Stango, A., Prasad, N., & Prasad, R. (2010).
Proposed security model and threat taxonomy for the internet of things
(IoT). In Recent Trends in Network Security and Applications (pp. 420-
429). Springer Berlin Heidelberg.
[40] Mahalle, P., Babar, S., Prasad, N. R., & Prasad, R. (2010). Identity
management framework towards internet of things (IoT): Roadmap and key
challenges. In Recent Trends in Network Security and Applications (pp.
430-439). Springer Berlin Heidelberg.
[41] Komninos, N., Philippou, E., & Pitsillides, A. (2014). Survey in smart
grid and smart home security: issues, challenges and
countermeasures.Communications Surveys & Tutorials, IEEE, 16(4), 1933-
1954.
[42] Clark, J. A., Murdoch, J., McDermid, J. A., Sen, S., Chivers, H.,
Worthington, O., & Rohatgi, P. (2007, September). Threat modelling for
mobile ad hoc and sensor networks. In Annual Conference of ITA (pp. 25-
27).
[43] Cloud Security Alliance. (2013). The Notorious Nine. Cloud
Computing Top Threats in 2013. Security, (February), 1–14.
[44] Subashini, S., & Kavitha, V. (2011). A survey on security issues in
service delivery models of cloud computing. Journal of Network and
Computer Applications, 34(1), 1–11.
http://doi.org/10.1016/j.jnca.2010.07.006
[45] Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013a).
A survey on security issues and solutions at different layers of Cloud
computing. Journal of Supercomputing, 63(2), 561–592.
http://doi.org/10.1007/s11227-012-0831-5
THREAT TAXONOMY FOR CLOUD OF THINGS
27
[46] Pearson, S., & Benameur, A. (2010). Privacy, Security and Trust Issues
Arising from Cloud Computing. 2010 IEEE Second International
Conference on Cloud Computing Technology and Science, 693–702.
http://doi.org/10.1109/CloudCom.2010.66
[47] Babu, S., Ph, C., Bansal, V., & Telang, P. (2010). Cisco: Top 10 Cloud
Risks That Will Keep You Awake at Night, 1–35. Retrieved from
https://www.owasp.org/images/4/47/Cloud-Top10-Security-Risks.pdf
[48] Catteddu, D., & Hogben, G. (2009). The European Network and
Information Security Agency ( ENISA ) is an EU agency created to
advance This work takes place in the context of ENISA ’ s Emerging and
Future Risk programme . C ONTACT DETAILS : This report has been
edited by. Computing, 72(1), 2009–2013. http://doi.org/10.1007/978-3-642-
16120-9_9
[49] Kajiyama, T. (2012). Cloud Computing Security: How Risks and
Threats are Affecting Cloud Adoption Decisions ***, 105. Retrieved from
http://sdsu-dspace.calstate.edu/handle/10211.10/3522
[50] Hashizume, K., Rosado, D., Fernández-Medina, E., & Fernandez, E.
(2013). An analysis of security issues for cloud computing. Journal of
Internet Services and Applications, 4(5), 1–13. http://doi.org/10.1186/1869-
0238-4-5
[51] Bensoussan, A. (2011). Impact of Security Risks on Cloud Computing
Adoption, 670–674.