The three actors involved in the model considered are the user, the service, and the cloud infrastructure, and there are six types of attacks possible.

Attacks in Cloud Computing Environment

The user can be attacked from two directions: from the service and from the cloud. SSL certificate spoofing, attacks on browser caches, or phishing attacks are examples of attacks that originate at the service.

Attacks in a Cloud Computing Environment

The user can also be a victim of attacks that either originate at the cloud or spoofs that originate from the cloud infrastructure.

The service can be attacked by the user. Buffer overflow, SQL injection, and privilege escalation are the common types of attacks from the service.

The service can also be subject to attack by the cloud infrastructure; this is probably the most serious line of attack.  Limiting access to resources, privilege related attacks, data distortion, and injecting additional operations are only a few of the many possible lines of attack originated at the cloud.

The cloud infrastructure can be attacked by a user who targets the cloud control system. The types of attack are the same ones that a user directs toward any other cloud service. The cloud infrastructure may also be targeted by a service requesting an excessive amount of resources and causing the exhaustion of the resources.