Cloud computing system packages infrastructures, applications and other resources as services, and delivers the services to market in an elastic and fast way. The significant advantages of cloud computing, e.g., scalability, elasticity, and pay-per-use, bring it considerable commercial values. Nevertheless, owing to the new application scenario, e.g., multi-tenant, cloud computing is encountering potential security risks. This paper reviews the state-of-art research in cloud security. According to the attack levels, it analyzes four kinds of attacks in the cloud, i.e., network-based attacks, VM-based attacks, storage-based attacks, and application-based attacks. The countermeasures and corresponding techniques are then introduced. Furthermore, this paper also discusses an innovative and promising solution for cloud security by dynamically changing system configuration.