CSP related threats are related to the services offeredby the CSP and ways they can be exploited. These threatsinclude insecure API’s which Clients use to access some ofthe services 9.• Data related threats might include data redundancy,data leakage, and data unavailability.• Network related threats have a significant impact onthe security of the M2C model since M2C depends heavily onnetworking and Internet communications.• Access related issues include impersonation by anoutsider user, a dishonest administrator within the CSP, or byanother Cloud user.The security threats against M2C are enumerated asfollows:A. ImpersonationImpersonation is the theft of another entity’s identity. Itmay occur in various ways:- A malicious outsider may steal the identity of alegitimate user through Phishing, Pharming or PWDguessing attacks to acquire the login credentials. Itmay lead to leakage of Client’s data, loss of service toClient’s beneficiaries, or hijacking of resourcesallocated to the Client.- A malicious insider is a dishonest admin within CSP ora legitimate user of another Client C2. The attack mayoccur when a scheduler in the virtualization layerfavors C2 requests over C1 requests. Also, lack ofsecure encapsulation or vulnerability in thevirtualization layer may lead to granting C2 maliceaccess to C1’s services or unlawful release of C1’s data.- Impersonation of a CSP: An attacker may impersonatea legitimate CSP during RESCSP sent to the client inresponse to an access request allowing for unauthorizedaccess to insider assets of C or deny services to C’sbeneficiaries.B. Tampering of communication messagesAnother threat is the Altering REQ or RES communicationmessages between entities. The alteration may includereplaying, delaying, or modification of messages in an attemptto gain unlawful access or misuse assets of C. ServiceHijacking may occur due to vulnerabilities of communicationprotocols leading to leakage of data or loss of service tolegitimate users.C. EavesdroppingAn attacker may listen in on communication channels inC-to-CSP or CSP-to-CSP communication to get privateinformation of C or CSP to fashion a subsequent attack. Theattack could lead to loss of CSP services or leakage of vitaldata such as secret security credentials, financial, orcompetitive information of C.D. Unauthorized access to data at restA malicious insider or outsider may unlawfully gain accessto data stored on CSP storage resources leading to leakage ofsensitive data causing financial loss to both C and CSP.E. Denial-of-Service (DoS) attacksAn outside or a legitimate user from a different Client ofthe CSP may hog resources or communication channels usedby a user of C1. Due to high dependence of M2C on HTTPand REST architecture, the attacker can flood the web serverswith HTTP requests 9.F. DisputesIntentional or erroneous, false requests made by alegitimate user of C may lead to financial loss or affect otherCs of the CSP. Moreover, intentional or erroneous falserequests made by the CSP may cause financial loss or denialof resources paid for by C.