Cloud computing system packages infrastructures, applica-tions and other resources as services, and delivers the servic-es to market in an elastic and fast way. The significant ad-vantages of cloud computing, e.g., scalability, elasticity, and pay-per-use, bring it considerable commercial values. Never-theless, owing to the new application scenario, e.g., multi-ten-ant, cloud computing is encountering potential security risks. This paper reviews the state-of-art research in cloud securi-ty. According to the attack levels, it analyzes four kinds of attacks in the cloud, i.e., network-based attacks, VM-based attacks, storage-based attacks, and application-based attacks. The countermeasures and corresponding techniques are then introduced. Furthermore, this paper also discusses an innova-tive and promising solution for cloud security by dynamically changing system configuration.