B.Threat Model In this section we will describe our assumptions in regard to the environment. In the attack model shown in Fig. 4, an assumption of a secure hypervisor (the infrastructure 347
Figure 4: Attack Model. management component) is made. Also, an attacker is assumed to know nothing about the Cloud provider infrastructure, which is more like a real situation. Moreover, the assumption that the Cloud provider is allowing Multi-Tenancy is made, which is a natural result of allowing resource sharing over virtualization; this is noticed in most Cloud implementations. The attack will take advantage of Multi-Tenancy regardless of any other Cloud component and feature. So, the attack is designed to exploit Multi-Tenancy and all the phases before being a Multi-Tenant does not take advantage of any Cloud well-known vulnerability such as the hypervisor vulnerability. C.Attack Model The Attack model we use is based on one of the scenarios utilized by  to explore information leakage in Amazon EC2 public Cloud. The nature of Information Security (InfoSec) for a specific vulnerability is that there could be a large number of attacks to exploit it . However, one successful attack against a system will identify most of the possible vulnerabilities that can be utilized. Moreover, attacks vary in the sense of their behavior; for example, it is easy to detect any distributed denial of service (DDoS) attack and any attack consisting of port scanning due to the unexpected increase in traffic. Also, it is easy to identify viruses due to their unique signatures; whereas it is hard enough to detect iFrame attacks. An iFrame attack is an attack where an HTML code is embedded inside another HTML code as a frame in order to collect credit card information for instance. The following is a list of well-known attacks that could be utilized efficiently over the Cloud infrastructure: •Side Channel attack: a side channel attack is any attack based on information gained from the physical implementation of a system. There are many side channel attacks known in the field; some of the well-known side channel attacks are timing attacks, power consumption attacks and differential fault analysis. •Brute Forcing:brute forcing is an attack strategy or mechanism which could be applied over any kind of attack. It is one of the simplest strategies in order to build an attack but yet it is one of the most common used strategies. For instance if an attacker wants to find out a password of a system by utilizing a brute force strategy, the attacker will try every possible combination until the correct password is found. Therefore, brute forcing can be defined as running an attack operation multiple times until a successful breach is achieved.