1. Software
1.1. Memory safety violations
1.1.1. Array bounds
1.1.1.1. Buffer overflow
1.1.1.2. Buffer over-read
1.1.2. Dynamic memory
1.1.2.1. Dangling pointer
1.1.2.2. Double free
1.1.2.3. Invalid free
1.1.2.4. Null pointer accesses
1.1.3. Uninitialized variables
1.1.3.1. Wild pointers
1.1.4. Out-of-memory
1.1.4.1. Stack exhaustion
1.1.4.2. Heap exhaustion
1.2. Weak Input Validation
1.2.1. Data type validation
1.2.2. Range and constraint validation
1.2.3. Code and cross-reference validation
1.3. Race conditions
1.3.1. Time of check to time of use
1.3.2. Symlink race
1.4. Privilege-confusion
1.4.1. Cross-site request forgery (see WebApp)
1.4.2. Clickjacking (see WebApp)
1.5. Privilege escalation
1.5.1. Vertical privilege escalation
1.5.2. Horizontal privilege escalation
2. Web Application
2.1. Authorization
2.1.1. Credential / Session Prediction
2.1.1.1. guessable, meaningful tokens
2.1.1.2. predictable tokens
2.1.1.2.1. concealed sequenses
2.1.1.2.2. time dependancy
2.1.1.2.3. weak Pseudo-Random Number Generator
2.1.1.3. static tokens
2.1.2. Insufficient Authorization
2.1.2.1. Sensitive data in URL parameters
2.1.2.2. Autocomplete Enabled
2.1.3. Insufficient Session Expiration
2.1.3.1. Logout does not invalidate session
2.1.3.2. No Session expiration
2.1.4. Session Fixation
2.1.4.1. webapp accepts provided tokens as new session
2.1.4.2. webapp does not create new token on login
2.1.4.3. new session token smuggling into user browser and continuing using user session after login
2.1.5. Disclosure of Tokens on Network/Logs
2.1.5.1. fallback to HTTP after login
2.1.5.2. HTTP for all static content
2.1.5.2.1. usage of HTTPS only cookies
2.2. Authentication
2.2.1. Brute Force
2.2.2. Insufficient Authentication
2.2.3. Weak Password Management
2.2.3.1. Weak Password Recovery Validation
2.2.3.2. Empty String Password
2.2.3.3. Password Plaintext Storage
2.2.3.4. Hardcoded Password
2.2.3.5. Missing Password expiration/rotation enforcement
2.2.3.6. Missing Password Complexity enforcement
2.3. Information Disclosure
2.3.1. Directory Indexing
2.3.2. Information Leakage
2.3.3. Path Traversal
2.3.4. Predictable Resource Location
2.3.5. Improper Filesystem Permissions
2.4. Command Execution
2.4.1. Buffer Overflow
2.4.2. Format String Attack
2.4.3. LDAP Injection
2.4.4. OS Command Injection
2.4.5. SQL Injection
2.4.6. SSI Injection
2.4.7. XPath Injection
2.4.8. Cross-site request forgery
2.5. Client-side Attacks
2.5.1. Content Spoofing
2.5.2. Cross-site Scripting
2.5.2.1. Reflected (non-persistent)
2.5.2.2. Persistent
2.5.2.3. DOM-based cross-site scripting
2.5.2.4. Self-XSS
2.5.3. Cross-zone Scripting
2.5.4. Clickjacking
2.6. Logical Attacks
2.6.1. Abuse of Functionality
2.6.2. Denial of Service
2.6.3. Insufficient Anti-automation
2.6.4. SOAP Injection
2.6.5. Insufficient Process Validation
3. Network Infrastructure
3.1. Wireless LAN Vulnerabilities
3.1.1. Access Point
3.1.2. Access Contorl
3.1.3. WEP
3.1.4. WEP2
3.1.5. Dynamic WEP
3.1.6. Address Filtering
3.1.7. Authentication
3.2. Remote Access
3.2.1. Lack of physical security controls
3.2.2. Unsecured networks
3.2.3. Infected endpoints accessing the internal network
3.2.4. External access to internal resources
4. Hardware
5. Cloud Risks
5.1. Policy and organizational risks
5.1.1. R.1 Lock-in
5.1.1.1. V13. LACK OF STANDARD TECHNOLOGIES AND SOLUTIONS
5.1.1.2. V46. POOR PROVIDER SELECTION
5.1.1.3. V47. LACK OF SUPPLIER REDUNDANCY
5.1.1.4. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
5.1.2. R.2 Loss of governance
5.1.2.1. V13. LACK OF STANDARD TECHNOLOGIES AND SOLUTIONS
5.1.2.2. V14. NO SOURCE ESCROW AGREEMENT
5.1.2.3. V16. NO CONTROL ON VULNERABILITY ASSESSMENT PROCESS
5.1.2.4. V21. SYNCHRONIZING RESPONSIBILITIES OR CONTRACTUAL OBLIGATIONS EXTERNAL TO CLOUD
5.1.2.5. V22. CROSS-CLOUD APPLICATIONS CREATING HIDDEN DEPENDENCY
5.1.2.6. V23. SLA CLAUSES WITH CONFLICTING PROMISES TO DIFFERENT STAKEHOLDERS
5.1.2.7. V25. AUDIT OR CERTIFICATION NOT AVAILABLE TO CUSTOMERS
5.1.2.8. V26. CERTIFICATION SCHEMES NOT ADAPTED TO CLOUD INFRASTRUCTURES
5.1.2.9. V29. STORAGE OF DATA IN MULTIPLE JURISDICTIONS AND LACK OF TRANSPARENCY ABOUT THIS
5.1.2.10. V30. LACK OF INFORMATION ON JURISDICTIONS
5.1.2.11. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
5.1.2.12. V34. UNCLEAR ROLES AND RESPONSIBILITIES
5.1.2.13. V35. POOR ENFORCEMENT OF ROLE DEFINITIONS
5.1.2.14. V44. UNCLEAR ASSET OWNERSHIP
5.1.3. R.3 Compliance challenges
5.1.3.1. V13. LACK OF STANDARD TECHNOLOGIES AND SOLUTIONS
5.1.3.2. V25. AUDIT OR CERTIFICATION NOT AVAILABLE TO CUSTOMERS
5.1.3.3. V26. CERTIFICATION SCHEMES NOT ADAPTED TO CLOUD INFRASTRUCTURES
5.1.3.4. V29. STORAGE OF DATA IN MULTIPLE JURISDICTIONS AND LACK OF TRANSPARENCY ABOUT THIS
5.1.3.5. V30. LACK OF INFORMATION ON JURISDICTIONS
5.1.3.6. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
5.1.4. R.4 Loss of business reputation due to co-tenant activities
5.1.4.1. V5. HYPERVISOR VULNERABILITIES
5.1.4.2. V6. LACK OF RESOURCE ISOLATION
5.1.4.3. V7. LACK OF REPUTATIONAL ISOLATION
5.1.5. R.5 Cloud service termination or failure
5.1.5.1. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
5.1.5.2. V46. POOR PROVIDER SELECTION
5.1.5.3. V47. LACK OF SUPPLIER REDUNDANCY
5.1.6. R.6 Cloud provider acquisition
5.1.6.1. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
5.1.7. R.7 Supply chain failure
5.1.7.1. V22. CROSS-CLOUD APPLICATIONS CREATING HIDDEN DEPENDENCY
5.1.7.2. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
5.1.7.3. V46. POOR PROVIDER SELECTION
5.1.7.4. V47. LACK OF SUPPLIER REDUNDANCY
5.2. Technical risks
5.2.1. R.8 Resource exhaustion (under or over provisioning)
5.2.1.1. V15. INACCURATE MODELLING OF RESOURCE USAGE
5.2.1.1.1. inaccurate modelling of resource usage, which can lead to overbooking or over-provisioning (in turn, leading to wasted resources on the part of the cloud provider).These are also vulnerable to distortions of fairness.
5.2.1.1.2. failure of resource allocation algorithms due to extraordinary events (e.g., outlying news events for content delivery).
5.2.1.1.3. failure of resource allocation algorithms using job or packet classification because resources are poorly classified.
5.2.1.1.4. failures in overall resource provisioning (as opposed to temporary overloads).
5.2.1.2. V27. INADEQUATE RESOURCE PROVISIONING AND INVESTMENTS IN INFRASTRUCTURE
5.2.1.3. V28. NO POLICIES FOR RESOURCE CAPPING
5.2.1.4. V47. LACK OF SUPPLIER REDUNDANCY
5.2.2. R.9 Isolation failure
5.2.2.1. V5. HYPERVISOR VULNERABILITIES
5.2.2.2. V6. LACK OF RESOURCE ISOLATION
5.2.2.3. V7. LACK OF REPUTATIONAL ISOLATION
5.2.2.4. V17. POSSIBILITY THAT INTERNAL (CLOUD) NETWORK PROBING WILL OCCUR
5.2.2.5. V18. POSSIBILITY THAT CO-RESIDENCE CHECKS WILL BE PERFORMED
5.2.3. R.10 Cloud provider malicious insider - abuse of high privilege roles
5.2.3.1. V1. AAA VULNERABILITIES
5.2.3.1.1. insecure storage of cloud access credentials by customer
5.2.3.1.2. insufficient roles available
5.2.3.1.3. credentials stored on a transitory machine
5.2.3.1.4. password-based authentication for accessing cloud resources
5.2.3.2. V10. IMPOSSIBILITY OF PROCESSING DATA IN ENCRYPTED FORM
5.2.3.3. V34. UNCLEAR ROLES AND RESPONSIBILITIES
5.2.3.4. V35. POOR ENFORCEMENT OF ROLE DEFINITIONS
5.2.3.5. V36. NEED-TO-KNOW PRINCIPLE NOT APPLIED
5.2.3.6. V37. INADEQUATE PHYSICAL SECURITY PROCEDURES
5.2.3.6.1. lack of physical perimeter controls (smart card authentication at entry)
5.2.3.6.2. lack of electromagnetic shielding for critical assets vulnerable to eavesdropping.
5.2.3.7. V39. SYSTEM OR OS VULNERABILITIES
5.2.3.8. V48. APPLICATION VULNERABILITIES OR POOR PATCH MANAGEMENT
5.2.3.8.1. bugs in the application code
5.2.3.8.2. conflicting patching procedures between provider and customer
5.2.3.8.3. vulnerabilities in browsers
5.2.3.8.4. application of untested patches
5.2.3.8.5. an many more,,,
5.2.4. R.11 Management interface compromise (manipulation, availability of infrastructure)
5.2.4.1. V1. AAA VULNERABILITIES
5.2.4.1.1. insecure storage of cloud access credentials by customer
5.2.4.1.2. insufficient roles available
5.2.4.1.3. credentials stored on a transitory machine
5.2.4.1.4. password-based authentication for accessing cloud resources
5.2.4.2. V4. REMOTE ACCESS TO MANAGEMENT INTERFACE
5.2.4.3. V38. MISCONFIGURATION
5.2.4.4. V39. SYSTEM OR OS VULNERABILITIES
5.2.4.5. V48. APPLICATION VULNERABILITIES OR POOR PATCH MANAGEMENT
5.2.4.5.1. bugs in the application code
5.2.4.5.2. conflicting patching procedures between provider and customer
5.2.4.5.3. vulnerabilities in browsers
5.2.4.5.4. application of untested patches
5.2.4.5.5. an many more,,,
5.2.5. R.12 Intercepting data in transit
5.2.5.1. V1. AAA VULNERABILITIES
5.2.5.1.1. insecure storage of cloud access credentials by customer
5.2.5.1.2. insufficient roles available
5.2.5.1.3. credentials stored on a transitory machine
5.2.5.1.4. password-based authentication for accessing cloud resources
5.2.5.2. V8. COMMUNICATION ENCRYPTION VULNERABILITIES
5.2.5.3. V9. LACK OF OR WEAK ENCRYPTION OF ARCHIVES AND DATA IN TRANSIT
5.2.5.4. V17. POSSIBILITY THAT INTERNAL (CLOUD) NETWORK PROBING WILL OCCUR
5.2.5.5. V18. POSSIBILITY THAT CO-RESIDENCE CHECKS WILL BE PERFORMED
5.2.5.6. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
5.2.6. R.13 Data leakage on up/download, intra-cloud
5.2.6.1. V1. AAA VULNERABILITIES
5.2.6.1.1. insecure storage of cloud access credentials by customer
5.2.6.1.2. insufficient roles available
5.2.6.1.3. credentials stored on a transitory machine
5.2.6.1.4. password-based authentication for accessing cloud resources
5.2.6.2. V8. COMMUNICATION ENCRYPTION VULNERABILITIES
5.2.6.3. V10. IMPOSSIBILITY OF PROCESSING DATA IN ENCRYPTED FORM
5.2.6.4. V17. POSSIBILITY THAT INTERNAL (CLOUD) NETWORK PROBING WILL OCCUR
5.2.6.5. V18. POSSIBILITY THAT CO-RESIDENCE CHECKS WILL BE PERFORMED
5.2.6.6. V48. APPLICATION VULNERABILITIES OR POOR PATCH MANAGEMENT
5.2.6.6.1. bugs in the application code
5.2.6.6.2. conflicting patching procedures between provider and customer
5.2.6.6.3. vulnerabilities in browsers
5.2.6.6.4. application of untested patches
5.2.6.6.5. an many more,,,
5.2.7. R.14 Insecure or ineffective deletion of data
5.2.7.1. V20. SENSITIVE MEDIA SANITIZATION
5.2.8. R.15 Distributed denial of service (DDoS)
5.2.8.1. V38. MISCONFIGURATION
5.2.8.2. V39. SYSTEM OR OS VULNERABILITIES
5.2.8.3. V53. INADEQUATE OR MISCONFIGURED FILTERING RESOURCES
5.2.9. R.16 Economic denial of service (EDOS)
5.2.9.1. V1. AAA VULNERABILITIES
5.2.9.1.1. insecure storage of cloud access credentials by customer
5.2.9.1.2. insufficient roles available
5.2.9.1.3. credentials stored on a transitory machine
5.2.9.1.4. password-based authentication for accessing cloud resources
5.2.9.2. V2. USER PROVISIONING VULNERABILITIES
5.2.9.2.1. Customer cannot control provisioning process
5.2.9.2.2. Identity of customer is not adequately verified at registration
5.2.9.2.3. Delays in synchronization between cloud system components (time wise and of profile content) happen
5.2.9.2.4. Multiple, synchronized copies of identity data are made.
5.2.9.2.5. Credentials are vulnerable to interception and replay
5.2.9.3. V3. USER DE-PROVISIONING VULNERABILITIES
5.2.9.4. V4. REMOTE ACCESS TO MANAGEMENT INTERFACE
5.2.9.5. V28. NO POLICIES FOR RESOURCE CAPPING
5.2.10. R.17 Loss of encryption keys
5.2.10.1. V11. POOR KEY MANAGEMENT PROCEDURES
5.2.10.1.1. HSMs are by necessity strongly physically protected (from theft, eavesdrop and tampering). Very difficult to be distributed in the multiple locations used in cloud architectures
5.2.10.1.2. Key management interfaces which are accessible via the public Internet (even if indirectly) are more vulnerable, as security is reduced in the communication channel between the user and the cloud key storage and the mutual remote authentication mechanisms used.
5.2.10.1.3. New virtual machines needing to authenticate themselves must be instantiated with some form of secret. The distribution of such secrets may present problems of scalability.
5.2.10.1.4. Revocation of keys within a distributed architecture is also expensive. Effective revocation essentially implies that applications check the status of the key (certificate usually) according to a known time constraint which determines the window of risk.
5.2.10.2. V12. KEY GENERATION: LOW ENTROPY FOR RANDOM NUMBER GENERATION
5.2.11. R.18 Undertaking malicious probes or scans
5.2.11.1. V17. POSSIBILITY THAT INTERNAL (CLOUD) NETWORK PROBING WILL OCCUR
5.2.11.2. V18. POSSIBILITY THAT CO-RESIDENCE CHECKS WILL BE PERFORMED
5.2.12. R.19 Compromise service engine
5.2.12.1. V5. HYPERVISOR VULNERABILITIES
5.2.12.2. V6. LACK OF RESOURCE ISOLATION
5.2.13. R.20 Conflicts between customer hardening procedures and cloud environment
5.2.13.1. V23. SLA CLAUSES WITH CONFLICTING PROMISES TO DIFFERENT STAKEHOLDERS
5.2.13.2. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
5.2.13.3. V34. UNCLEAR ROLES AND RESPONSIBILITIES
5.3. Legal risks
5.3.1. R.21 Subpoena and e-discovery
5.3.1.1. V6. LACK OF RESOURCE ISOLATION
5.3.1.2. V29. STORAGE OF DATA IN MULTIPLE JURISDICTIONS AND LACK OF TRANSPARENCY ABOUT THIS
5.3.1.3. V30. LACK OF INFORMATION ON JURISDICTIONS
5.3.2. R.22 Risk from changes of jurisdiction
5.3.2.1. V29. STORAGE OF DATA IN MULTIPLE JURISDICTIONS AND LACK OF TRANSPARENCY ABOUT THIS
5.3.2.2. V30. LACK OF INFORMATION ON JURISDICTIONS
5.3.3. R.23 Data protection risks
5.3.3.1. V29. STORAGE OF DATA IN MULTIPLE JURISDICTIONS AND LACK OF TRANSPARENCY ABOUT THIS
5.3.3.2. V30. LACK OF INFORMATION ON JURISDICTIONS
5.3.4. R.24 Licensing risks
5.3.4.1. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
5.4. Risks not specific to the cloud
5.4.1. R.25 Network breaks
5.4.1.1. V6. LACK OF RESOURCE ISOLATION
5.4.1.2. V38. MISCONFIGURATION
5.4.1.3. V39. SYSTEM OR OS VULNERABILITIES
5.4.1.4. V41. LACK OF, OR A POOR AND UNTESTED, BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN
5.4.2. R.26 Network management (ie, network congestion / mis-connection / non-optimal use)
5.4.2.1. V6. LACK OF RESOURCE ISOLATION
5.4.2.2. V38. MISCONFIGURATION
5.4.2.3. V39. SYSTEM OR OS VULNERABILITIES
5.4.2.4. V41. LACK OF, OR A POOR AND UNTESTED, BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN
5.4.3. R.27 Modifying network traffic
5.4.3.1. V2. USER PROVISIONING VULNERABILITIES
5.4.3.1.1. Customer cannot control provisioning process
5.4.3.1.2. Identity of customer is not adequately verified at registration
5.4.3.1.3. Delays in synchronization between cloud system components (time wise and of profile content) happen
5.4.3.1.4. Multiple, synchronized copies of identity data are made.
5.4.3.1.5. Credentials are vulnerable to interception and replay
5.4.3.2. V3. USER DE-PROVISIONING VULNERABILITIES
5.4.3.3. V8. COMMUNICATION ENCRYPTION VULNERABILITIES
5.4.3.4. V16. NO CONTROL ON VULNERABILITY ASSESSMENT PROCESS
5.4.4. R.28 Privilege escalation
5.4.4.1. V1. AAA VULNERABILITIES
5.4.4.1.1. insecure storage of cloud access credentials by customer
5.4.4.1.2. insufficient roles available
5.4.4.1.3. credentials stored on a transitory machine
5.4.4.1.4. password-based authentication for accessing cloud resources
5.4.4.2. V2. USER PROVISIONING VULNERABILITIES
5.4.4.2.1. Customer cannot control provisioning process
5.4.4.2.2. Identity of customer is not adequately verified at registration
5.4.4.2.3. Delays in synchronization between cloud system components (time wise and of profile content) happen
5.4.4.2.4. Multiple, synchronized copies of identity data are made.
5.4.4.2.5. Credentials are vulnerable to interception and replay
5.4.4.3. V3. USER DE-PROVISIONING VULNERABILITIES
5.4.4.4. V5. HYPERVISOR VULNERABILITIES
5.4.4.5. V34. UNCLEAR ROLES AND RESPONSIBILITIES
5.4.4.6. V35. POOR ENFORCEMENT OF ROLE DEFINITIONS
5.4.4.7. V36. NEED-TO-KNOW PRINCIPLE NOT APPLIED
5.4.4.8. V38. MISCONFIGURATION
5.4.5. R.29 Social engineering attacks (ie, impersonation)
5.4.5.1. V2. USER PROVISIONING VULNERABILITIES
5.4.5.1.1. Customer cannot control provisioning process
5.4.5.1.2. Identity of customer is not adequately verified at registration
5.4.5.1.3. Delays in synchronization between cloud system components (time wise and of profile content) happen
5.4.5.1.4. Multiple, synchronized copies of identity data are made.
5.4.5.1.5. Credentials are vulnerable to interception and replay
5.4.5.2. V6. LACK OF RESOURCE ISOLATION
5.4.5.3. V8. COMMUNICATION ENCRYPTION VULNERABILITIES
5.4.5.4. V32. LACK OF SECURITY AWARENESS
5.4.5.5. V37. INADEQUATE PHYSICAL SECURITY PROCEDURES
5.4.5.5.1. lack of physical perimeter controls (smart card authentication at entry)
5.4.5.5.2. lack of electromagnetic shielding for critical assets vulnerable to eavesdropping.
5.4.6. R.30 Loss or compromise of operational logs
5.4.6.1. V1. AAA VULNERABILITIES
5.4.6.1.1. insecure storage of cloud access credentials by customer
5.4.6.1.2. insufficient roles available
5.4.6.1.3. credentials stored on a transitory machine
5.4.6.1.4. password-based authentication for accessing cloud resources
5.4.6.2. V2. USER PROVISIONING VULNERABILITIES
5.4.6.2.1. Customer cannot control provisioning process
5.4.6.2.2. Identity of customer is not adequately verified at registration
5.4.6.2.3. Delays in synchronization between cloud system components (time wise and of profile content) happen
5.4.6.2.4. Multiple, synchronized copies of identity data are made.
5.4.6.2.5. Credentials are vulnerable to interception and replay
5.4.6.3. V3. USER DE-PROVISIONING VULNERABILITIES
5.4.6.4. V19. LACK OF FORENSIC READINESS
5.4.6.5. V39. SYSTEM OR OS VULNERABILITIES
5.4.6.6. V52. LACK OF POLICY OR POOR PROCEDURES FOR LOGS COLLECTION AND RETENTION
5.4.7. R.31 Loss or compromise of security logs (manipulation of forensic investigation)
5.4.7.1. V1. AAA VULNERABILITIES
5.4.7.1.1. insecure storage of cloud access credentials by customer
5.4.7.1.2. insufficient roles available
5.4.7.1.3. credentials stored on a transitory machine
5.4.7.1.4. password-based authentication for accessing cloud resources
5.4.7.2. V2. USER PROVISIONING VULNERABILITIES
5.4.7.2.1. Customer cannot control provisioning process
5.4.7.2.2. Identity of customer is not adequately verified at registration
5.4.7.2.3. Delays in synchronization between cloud system components (time wise and of profile content) happen
5.4.7.2.4. Multiple, synchronized copies of identity data are made.
5.4.7.2.5. Credentials are vulnerable to interception and replay
5.4.7.3. V3. USER DE-PROVISIONING VULNERABILITIES
5.4.7.4. V19. LACK OF FORENSIC READINESS
5.4.8. R.32 Backups lost, stolen
5.4.8.1. V1. AAA VULNERABILITIES
5.4.8.1.1. insecure storage of cloud access credentials by customer
5.4.8.1.2. insufficient roles available
5.4.8.1.3. credentials stored on a transitory machine
5.4.8.1.4. password-based authentication for accessing cloud resources
5.4.8.2. V2. USER PROVISIONING VULNERABILITIES
5.4.8.2.1. Customer cannot control provisioning process
5.4.8.2.2. Identity of customer is not adequately verified at registration
5.4.8.2.3. Delays in synchronization between cloud system components (time wise and of profile content) happen
5.4.8.2.4. Multiple, synchronized copies of identity data are made.
5.4.8.2.5. Credentials are vulnerable to interception and replay
5.4.8.3. V3. USER DE-PROVISIONING VULNERABILITIES
5.4.8.4. V37. INADEQUATE PHYSICAL SECURITY PROCEDURES
5.4.8.4.1. lack of physical perimeter controls (smart card authentication at entry)
5.4.8.4.2. lack of electromagnetic shielding for critical assets vulnerable to eavesdropping.
5.4.9. R.33 Unauthorized access to premises (including physical access to machines and other facilities)
5.4.9.1. V37. INADEQUATE PHYSICAL SECURITY PROCEDURES
5.4.9.1.1. lack of physical perimeter controls (smart card authentication at entry)
5.4.9.1.2. lack of electromagnetic shielding for critical assets vulnerable to eavesdropping.
5.4.10. R.34 Theft of computer equipment
5.4.10.1. V37. INADEQUATE PHYSICAL SECURITY PROCEDURES
5.4.10.1.1. lack of physical perimeter controls (smart card authentication at entry)
5.4.10.1.2. lack of electromagnetic shielding for critical assets vulnerable to eavesdropping.
5.4.11. R.35 Natural disasters
5.4.11.1. V41. LACK OF, OR A POOR AND UNTESTED, BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN
6. Operations
7. CLOUD
7.1. Cloud aggregates an unprecedented quantity and variety of customer data in cloud datacenters.
7.2. V1. AAA VULNERABILITIES
7.2.1. insecure storage of cloud access credentials by customer
7.2.2. insufficient roles available
7.2.3. credentials stored on a transitory machine
7.2.4. password-based authentication for accessing cloud resources
7.3. V2. USER PROVISIONING VULNERABILITIES
7.3.1. Customer cannot control provisioning process
7.3.2. Identity of customer is not adequately verified at registration
7.3.3. Multiple, synchronized copies of identity data are made.
7.3.3.1. Delays in synchronization between cloud system components (time wise and of profile content) happen
7.3.4. Credentials are vulnerable to interception and replay
7.4. V3. USER DE-PROVISIONING VULNERABILITIES
7.5. V4. REMOTE ACCESS TO MANAGEMENT INTERFACE
7.6. V5. HYPERVISOR VULNERABILITIES
7.7. V6. LACK OF RESOURCE ISOLATION
7.8. V7. LACK OF REPUTATIONAL ISOLATION
7.9. V8. COMMUNICATION ENCRYPTION VULNERABILITIES
7.10. V9. LACK OF OR WEAK ENCRYPTION OF ARCHIVES AND DATA IN TRANSIT
7.11. V10. IMPOSSIBILITY OF PROCESSING DATA IN ENCRYPTED FORM
7.12. V11. POOR KEY MANAGEMENT PROCEDURES
7.12.1. HSMs are by necessity strongly physically protected (from theft, eavesdrop and tampering). Very difficult to be distributed in the multiple locations used in cloud architectures
7.12.2. Key management interfaces which are accessible via the public Internet (even if indirectly) are more vulnerable, as security is reduced in the communication channel between the user and the cloud key storage and the mutual remote authentication mechanisms used.
7.12.3. New virtual machines needing to authenticate themselves must be instantiated with some form of secret. The distribution of such secrets may present problems of scalability.
7.12.4. Revocation of keys within a distributed architecture is also expensive. Effective revocation essentially implies that applications check the status of the key (certificate usually) according to a known time constraint which determines the window of risk.
7.13. V12. KEY GENERATION: LOW ENTROPY FOR RANDOM NUMBER GENERATION
7.14. V13. LACK OF STANDARD TECHNOLOGIES AND SOLUTIONS
7.15. V14. NO SOURCE ESCROW AGREEMENT
7.16. V15. INACCURATE MODELLING OF RESOURCE USAGE
7.16.1. inaccurate modelling of resource usage, which can lead to overbooking or over-provisioning (in turn, leading to wasted resources on the part of the cloud provider).These are also vulnerable to distortions of fairness.
7.16.2. failure of resource allocation algorithms due to extraordinary events (e.g., outlying news events for content delivery).
7.16.3. failure of resource allocation algorithms using job or packet classification because resources are poorly classified.
7.16.4. failures in overall resource provisioning (as opposed to temporary overloads).
7.17. V16. NO CONTROL ON VULNERABILITY ASSESSMENT PROCESS
7.18. V17. POSSIBILITY THAT INTERNAL (CLOUD) NETWORK PROBING WILL OCCUR
7.19. V18. POSSIBILITY THAT CO-RESIDENCE CHECKS WILL BE PERFORMED
7.20. V19. LACK OF FORENSIC READINESS
7.21. V20. SENSITIVE MEDIA SANITIZATION
7.22. V21. SYNCHRONIZING RESPONSIBILITIES OR CONTRACTUAL OBLIGATIONS EXTERNAL TO CLOUD
7.23. V22. CROSS-CLOUD APPLICATIONS CREATING HIDDEN DEPENDENCY
7.24. V23. SLA CLAUSES WITH CONFLICTING PROMISES TO DIFFERENT STAKEHOLDERS
7.25. V24. SLA CLAUSES CONTAINING EXCESSIVE BUSINESS RISK
7.26. V25. AUDIT OR CERTIFICATION NOT AVAILABLE TO CUSTOMERS
7.27. V26. CERTIFICATION SCHEMES NOT ADAPTED TO CLOUD INFRASTRUCTURES
7.28. V27. INADEQUATE RESOURCE PROVISIONING AND INVESTMENTS IN INFRASTRUCTURE
7.29. V28. NO POLICIES FOR RESOURCE CAPPING
7.30. V29. STORAGE OF DATA IN MULTIPLE JURISDICTIONS AND LACK OF TRANSPARENCY ABOUT THIS
7.31. V30. LACK OF INFORMATION ON JURISDICTIONS
7.32. V31. LACK OF COMPLETENESS AND TRANSPARENCY IN TERMS OF USE
7.33. V32. LACK OF SECURITY AWARENESS
7.34. V33. LACK OF VETTING PROCESSES
7.35. V34. UNCLEAR ROLES AND RESPONSIBILITIES
7.36. V35. POOR ENFORCEMENT OF ROLE DEFINITIONS
7.37. V36. NEED-TO-KNOW PRINCIPLE NOT APPLIED
7.38. V37. INADEQUATE PHYSICAL SECURITY PROCEDURES
7.38.1. lack of physical perimeter controls (smart card authentication at entry)
7.38.2. lack of electromagnetic shielding for critical assets vulnerable to eavesdropping.
7.39. V38. MISCONFIGURATION
7.40. V39. SYSTEM OR OS VULNERABILITIES
7.41. V40. UNTRUSTED SOFTWARE
7.42. V41. LACK OF, OR A POOR AND UNTESTED, BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN
7.43. V42. LACK OF, OR INCOMPLETE OR INACCURATE, ASSET INVENTORY
7.44. V43. LACK OF, OR POOR OR INADEQUATE, ASSET CLASSIFICATION
7.45. V44. UNCLEAR ASSET OWNERSHIP
7.46. V45. POOR IDENTIFICATION OF PROJECT REQUIREMENTS
7.47. V46. POOR PROVIDER SELECTION
7.48. V47. LACK OF SUPPLIER REDUNDANCY
7.49. V48. APPLICATION VULNERABILITIES OR POOR PATCH MANAGEMENT
7.49.1. bugs in the application code
7.49.2. conflicting patching procedures between provider and customer
7.49.3. vulnerabilities in browsers
7.49.4. application of untested patches
7.49.5. an many more,,,