Content uploaded by Muzaffar Ali Temoor
Author content
All content in this area was uploaded by Muzaffar Ali Temoor on Feb 22, 2020
Content may be subject to copyright.
Content uploaded by Muzaffar Ali Temoor
Author content
All content in this area was uploaded by Muzaffar Ali Temoor on Feb 22, 2020
Content may be subject to copyright.
Abstract—
Cloud computing is a set of services over the
web that provided to the customers for
rented base. These services enable an
organization to scale up or scale down their
business. Mostly cloud services are come up
from the third party that maintained,
managed or shared the cloud service and
resources. Cloud computing provides many
advantages to their client, i.e. flexibility,
integration, capital reduction and scalability.
On the other hand, side cloud computing has
a number of security issues and challenges
that have to handle for the exitance of cloud.
In this paper, I have done a SLR (systematic
literature review) of 25 research articles on
cloud computing security issues and
challenges. Objective of conducting this
literature review is to understand current
state of art and get foundation knowledge of
the security issues in cloud computing and
contributed to those researchers who already
contributed. This paper also focuses on the
tools, techniques and solutions used for
cloud computing security, Moreover I have
also tried to identity the challenges and
limitations of security issues.
Index term—Cloud computing, security
issues, fog computing.
I. INTRODUCTION: -
To meet every changing in business need
organization, need to invest time and budget
to scale up their IT infrastructure such as
hardware, software and services. However,
in traditional way organization can’t not able
to scale up their business due to slow
process of infrastructure of IT. Cloud
computing is the paradigm that provides the
different services to client over the world
largest network, internet. It contains a the
highly optimize data center that provided the
various services to their clients such as
hardware, software and information [1]. We
can deploy these services using four
different models, first private model; such
model is used only a single or particular
organization on a private network, and
highly secured, stability, data protection and
privacy. Second Public model; owned by the
cloud services providers, and offers high
level efficiency for shared data. Third
Hybrid model; combination of public and
private deployment models, in hybrid model
specific services are run in private cloud and
other are run or used in public cloud, it more
efficient than the other three models. Fourth
community model; it is the group of
organizations that have same objective
requirement and plane. It is costly than
others, but present high level of security and
policy compliance and come up with digital
ecosystem [2],[3]. Cloud computing
provides online services to their customer
that are mangened in three models named as
services delivery models. SaaS it includes
complicated operating systems with
application, user interface and management.
IaaS it provides virtual machines, hardware
devices, networks, storage and
infrastructure. PaaS it provides includes
middleware technologies, transaction
controls, applications services controls,
development framework.
SECURITY ISSUES IN CLOUD COMPUTING
(DECEMBER 2019)
Muzaffar Ali(I91-2059) Submitted to: Sir. Dr. Zohaib Iqbal
Spacific topics
Main Objectives
Develope a Research Question
Paper Search for Study
Classifications of paper
Answer to Reserch Question
Result and Finding
literture gabs and conclusion
Cloud computing provides some
basic features, such as on demand self-
services, broad networks access, rapidly
elasticity, resources pooling and measured
services [3]. As we said before that cloud
computing is fast growing field of
information communication technology, due
to third party influence data security is a
hummer for cloud. Few security issues are
highlighted and these issues are classified
into three major groups. First group concern
to services providers, that ensure the clients
to that the system was fully secure and
enlisted some issues are authentication,
authorization, auditing (AAA), integrity,
availability, confidentiality and data access.
Second is related to infrastructure that have
been provided by the services provides,
enlisted few security issues are securing of
data storages, network and server protection
[5]. Third is related to the customers or end
users, enlisted security issues are security as
a service, browser security, user
authentication, data protection, privacy and
data sharing [4]. Cloud security alliance
(CSA) is profitless organization that
research on the securing of cloud computing.
There researches are based on Cloud control
Matrix (CCM), provides security guidance
for cloud customers and vendors and
Consensus Assessment Initiative questioner
(CAIQ) it focused on IT industries
acceptance of what controls of cloud
services. All the standard given by CSA are
accepted and have a great worth in IT
industry [6]. On the bases of the standard
given by CSA there are many tools and
techniques have been introduced to secure
the cloud. Security testing, password
compliance testing, security risk
management testing, SNMP scanning testing
and enumeration of devices testing etc. Fig
1 shows the security issues for cloud
computing designed by CSA.
Fig.1 CSA security issues
Due to the importance of cloud computing
researcher conduct many researches that are
based on the security issues and their
solution, so this literature reviews includes
many research articles that are based on the
cloud computing security issues.
Section 2 describe the methodology,
that includes classification of papers,
objectives of literature review, research
questions, paper selection criteria, and data
extraction. Section 3 describes the result and
finding, limitations on the selected articles.
section 4 describe the conclusion and
validity threats.
II. RESEARCH METHODOLOGY:
The section includes the research
methodology to systematic literature reviews
of the selected articles. Figure 2 manifest the
steps that are involved to performed this
literature reviews.
Fig.2 steps that involved
A. Research Objectives:
The main objectives of this literature review
are to get foundation knowledge about cloud
computing and key security issues with
some approaches as a solution for cloud
computing. And it will help to give a credit
to all those researchers who have already
contributed to this filed and we also
identified inconsistencies, researches gaps,
and conflicts in current researches.
B. Research Questions:
To addressed the main security issues of
cloud computing and met to the research’s
objectives, table 1 have the question that
have been developed and identified.
Table 1 Research questions
C. Search and Selection:
This section shows how to select the papers
for literature reviews. Fig.3 shows manifest
the steps involved to search paper from the
available online resources or database.
Paper ltration
Dene criteria
Search paper And Query
Paper includes in reviews
Research Questions.
RQ.1 What are the tools and techniques
for the protection of cloud
computing?
RQ.2 What are the security issues that are
related to deployment services
models?
RQ.3 What are the security issues that are
related to services delivery models?
Fig. 3.
D. Selection of Database:
The major criteria for selecting the research
paper for this literature reviews are, all those
papers have been included that was not older
than 2010, focused on security issues in
cloud computing, and provides solutions to
secure the cloud computing. There are many
online sources that provides the research
articles and I selected the automatic search
option for finding the relevant papers from
these online databases. As a student and
limited time, I cannot search the papers
manually. Science Direct, Springer, ACM
Digital Library, IEEE Xplore, SCI-HUB and
Google scholar are the online sources from I
selected articles.
E. Search Paper and Design Query:
I used a string query for automatic search
paper from the available online relevant
database, repositories and sources. (Software
OR Systems OR Software Products) AND
(Security OR Issues) AND (Could OR
Computing OR Challenges) AND (Online
OR Services).
F. Research Articles Filtration:
Selection of research paper based on the
following steps
Step 1.
In this step the define query have been
applied to search the papers, the query
selects all the papers that are relevant,
neglect the conference paper, magazines.
Table 2 show the total number of papers that
are relevant to the query.
Table 2 Result of step 1
Step 2.
In this step the papers are filtered by
reading the title, abstract and published data
and come up with the most relevant paper
for this literature reviews. Table 2 shows the
number of papers that are more relevant to
my research study.
Table 3 Result after step 2
Step 3.
In this step the most relevant papers
obtained from iteration 2 are further
analyzed and the paper that are most
appropriate for the completion of our
objectives are selected for review. The result
that obtained after the step 3 I have selected
25 research paper that are related to my
literature reviews and fulfill my research
question and objectives. Table 4 shows the
number of papers that are most relevant to
my research study.
Selection of database
S# Database Papers
1. Science Direct 302
2. ACM Digital Library 6995
3. IEEE Xplore 433
4. Google Scholar 1370
5. Springer 594
Total papers 9394
S# Database Paper
1. Science direct 13
2. ACM Digital Library 11
3. IEEE Xplore 31
4. Google Scholar 5
5. Springer 9
Total 69
Table 4 Result after steps
III. RESULT AND ANALYSIS:
This section composed of all appropriate
articles that have been selected for this
literature reviews and highlight the security
issues in cloud computing and their
solutions. This section provides the answers
of the define research questions. All the
selected papers have been classified into two
main groups, that are based on the security
issues related to cloud deployment and cloud
services delivery models.
Table 5 classification of papers.
RQ1.What are the tools and techniques
for protection of cloud computing?
There are many tools and techniques have
been purposed for the protection of data that
have been deployed by the customer on the
cloud resources.
Fog computing is the extended
paradigm of the cloud computing both have
many similarities, but cloud is providing
their services globally while fog computing
provides their services locally [8]. To
overcome the security challenges in cloud
computing, paper [8] suggested to use the
fog combining with different technologies.
For the protection of data from illegal used
there is another approached have been
suggested named encryption [9]. According
to this method before going to stored data on
server, the data must be encrypted and
convert into cipher text. Paper [17] provide a
trusted environment between the customers
and the third-party influence and also
identified the principle. To ensure the
authentication, authorization, confidentiality,
integrity that are concern to data and
communication of the customers which have
been managed by PKI, LDAP and SSO.
Paper [13] provides a framework
name taxonomy for the security analysis and
identification of issues and help to
categorized. Another framework has been
introduced for the implementation of the
TPA entities. This framework has four basic
entities, first data owner, it is responsible for
the creation of the files that may be
encrypted or not. Second entity is the cloud
services provider (CSP), it is responsible for
providing the space for storing of the data or
files and security mechanism as well. Third
entity is third party auditing (TPA), that is
responsible for check the data integrity
during the auditing process. And the fourth
entity is user, that is responsible for
requesting to CPS for the access of files
[25]. Article [5] developed a framework for
cloud storage and propose an efficient and
privacy protocols. Then, it examined the
protocol to support dynamic data operations,
which is efficient and has been proven to be
secure in the random oracle model.
RQ2. What are the security issues that are
related to deployment services models?
cloud computing is the most popular
technology of the IT field. Due to lack of
S# Database Papers
1. Science Direct 4
2. ACM Digital Library 2
3. IEEE Xplore 11
4. SCI-HUB 5
5. Springer 5
Total 27
Deployment
model
security
issues.
Tools,
techniques
Framework
Services
delivery
model
security
issues.
[1], [2], [7]
[12],[14],
[19]
[22],[4]
[5],[8],[9]
[17],[13],
[7],[25]
[1],[3],[12],
[24],[18],[11]
[16], [15],
[10]
data security customers are still reluctant to
deploy their businesses on cloud to address
these issues in 2008, a survey have been
conducted to ranks the security issues and
challenges 74.4% issues are classified into
two main groups, first grouped related to
deployment model and second related
service delivery models [1].
Researches are conducted to
describe the security issues and challenges
for cloud computing, nine threats have been
identified in 2013 by CAS which are
enlisted Data breaches, Data loss, Account
hijack, Insecure API, Danial of service,
Malicious insider, Abuse of cloud server,
Shared technology issue and Insufficient due
to diligence [2]. Paper [7] highlighted the
technical issue in cloud computing, WS-
security, ensure that how to provides
integrity, confidentiality and authentication
for SOAP message and define how XML
security standards like XML signature and
XML encryptions. TLS ensure includes two
parts recorded layer encrypts/decrypts data
while TLS handshake is use to authenticate
the server. these all issues came from the
latency of cloud computing that are the
services oriented and grid computing and
also depicts the relationship of both grid and
service oriented [12]. Services oriented and
grid computing has many security issues and
challenges, then after combining cloud with
grid or services oriented it caused to
generate more security issues but highly
motivated to enhance the potential of the
cloud computing [14]. Few researches
helped identified the vulnerabilities and
most important security issues related to
cloud computing environment. These helped
to analysis the security issue in data store,
virtualization and networks. Virtualization
that allowed to access data for multiple
users, while store that share and store data
physical on servers and the networks is the
biggest issues for cloud computing
customers [19].
RQ2.What are the security issues that are
related to services delivery models?
Security issues in cloud computing is the
highly risk for the growth of this modern era
technology. As concluded that 74.4% of
security in cloud computing are classified
into two main groups first data deployed
model while the other is service delivery
models [1].
Articles [24] highlighted the key
security issues and challenges that are highly
coupled with cloud services delivery model,
to have a batter way and improve version of
cloud must ensure the high level of security,
authentication, authorization. Integrations,
trust ability, scalability and agility. it is
always a chance to changed, modified or
attacked the data that is stored on the cloud
server to addressed this issue as named data
auditing [23]. To check the integrity of data
TPA concept was introduced. According to
this concept This entity provides a secure
and efficient that possess data security,
public auditing, data privacy and data
integrity with a confidently. This new entity
focusses all the security concern
requirements. PTA divided into three main
categories, first data owner, that are
responsible to select and split the files into
blocks. Second data cloud servers, that are
used to store the encrypted block of files.
Third entity is TPA, that perform data
auditing on the demand of the users or done
periodically. Paper [18],[11] classified the
security issues into the major groups, first
group concern to services provider, which
ensure the customer to that the system was
full secure and functional they shown some
issues such as to authentication,
authorization and auditing (AAA).Second
group is related to the infrastructure that
have been provided by the services providers
with the help of third party influences such
issues are refers to securing data storage,
network and server protection. Third group
is related to the customers or end user
security issue, which refers to security as a
service, Browser security, user
authentication, privacy, data sharing etc.
cloud computing provides many cloud
services and features like multi tendency,
TPC, and elasticity upon the security
requirement [16],[15]. These articles helped
to find the security associated with the cloud
services delivery model which are enlisted
as confidentiality, trust, integrity,
availability, audit and compliance. Due to
rapidly growth and huge number of
customers data cloud computing face lot of
security issues and challenges. [10] tried to
identify the vulnerable security threats that
cloud computing faced, and ensure the
security of customers data that are stored on
cloud servers and security of the cloud
application that are been deployed by the
services providers on cloud servers. It is
important to secure the data but it is more
important to create a mutual understanding
between customers and services providers
for the existence of the cloud computing.
The researchers and IT professional come
forward to overcome this security threats
privacy of the user data, and provides the
mutual understanding among the users and
service provider. The top most security
concern are Data loss, User authentication,
Leakages of customer’s trust, malicious
users handling, hijacking data during access.
IV. CONCLUSION:
It the era of cloud computing where every
businessman wants to deployed their business on
cloud computing, to get financial benefits like
reduced the investment cost, increase the
scalability, increase the reusability and
reliability. clients deployed their system at
anywhere at any time on the behalf of the third
party that cloud be vendors or cloud services
providers. Due to exitance of third party there
will be a chance to lose of data, and this
becomes hummer for the growth of cloud
computing. Security issues is the most concern
to cloud computing so after reviews all the
papers, there are few security issues that are
related to cloud computing are first group is
data related security issues, it concerns to that a
someone try to stole the data without permission
of users. It could be data breach, data lock in,
data removal, data recovery and data locality.
Second group is related to applications security
issues, that concerns to cloud malware injection,
cookies, backdoor and debug options, hidden
filed manipulations. Third group is related to
content security policy level attacks that
concerns to SQL injections, gust hopping
attacks, malicious insider. Four group is related
to network level security attacks that concerns
to IP spoofing, DNS attacks, man in the
middleware attacks and network sniffing. All the
above discuss groups of security issues are
reduced the speed of cloud so there have been
many researches to overcome this security
challenges , many tools and techniques are
purposed to counter these: enhance the security
policy(TPA), access management(AAA), data
protections (Abnormal behavior) , security
techniques (# values, encryption).
Still there is lot of area are empty to
researcher to contribute for the protection in
future as well such as for the encryption of
data advance encryption algorithms.
8
REFERENCE:
[1] S. Yang, “Cloud computing security issues
and mechanisms,” Adv. Mater. Res.,
vol. 225–226, no. 3, pp. 706–709, 2011.
[2] K. Surya, M. Nivedithaa, S. Uma, and C.
Valliyammai, “Security issues and
challenges in cloud,” Proc. 2013 Int.
Conf. Green Comput. Commun. Conserv.
Energy, ICGCE 2013, no. May 2014, pp.
889–893, 2013.
[3] V. (J. R. . Winkler, “Evaluating Cloud
Security: An Information Security
Framework,” in Securing the Cloud,
Elsevier, 2011, pp. 233–252.
[4] A. Verma and S. Kaushal, “Cloud
computing security issues and challenges:
A survey,” Commun. Comput. Inf. Sci.,
vol. 193 CCIS, no. PART 4, pp. 445–454,
2011.
[5] B. Feng, X. Ma, C. Guo, H. Shi, Z. Fu,
and T. Qiu, “An Efficient Protocol with
Bidirectional Verification for Storage
Security in Cloud Computing,” IEEE
Access, vol. 4, pp. 7899–7911, 2016.
[6] I. Odun-Ayo, O. Ajayi, and S. Misra,
“Cloud computing security: Issues and
developments,” Lect. Notes Eng.
Comput. Sci., vol. 2235, 2018.
[7] M. Jensen, J. Schwenk, N. Gruschka, and
L. Lo Iacono, “On technical security
issues in cloud computing,” CLOUD
2009 - 2009 IEEE Int. Conf. Cloud
Comput., pp. 109–116, 2009.
[8] Y. Wang, T. Uehara, and R. Sasaki, “Fog
computing: Issues and challenges in
security and forensics,” Proc. - Int.
Comput. Softw. Appl. Conf., vol. 3, pp.
53–59, 2015.
[9] R. Velumadhava Rao and K. Selvamani,
“Data security challenges and its
solutions in cloud computing,” Procedia
Comput. Sci., vol. 48, no. C, pp. 204–
209, 2015.
[10] D. Puthal, B. P. S. Sahoo, S. Mishra, and
S. Swain, “Cloud computing features,
issues, and challenges: A big picture,”
Proc. - 1st Int. Conf. Comput. Intell.
Networks, CINE 2015, pp. 116–123,
2015.
[11] T. N. Mujawar, A. V. Sutagundar, and L.
L. Ragha, “Security aspects in cloud
computing,” Cyber Secur. Threat.
Concepts, Methodol. Tools, Appl., pp. 54–
76, 2018.
[12] T. Dillon, C. Wu, and E. Chang, “Cloud
computing: Issues and challenges,” Proc.
- Int. Conf. Adv. Inf. Netw. Appl. AINA,
pp. 27–33, 2010.
[13] M. Ahmed and A. T. Litchfield,
“Taxonomy for identification of security
issues in cloud computing environments,”
J. Comput. Inf. Syst., vol. 58, no. 1, pp.
79–88, 2018.
[14] Y. Wei and M. B. Blake, “Service-
oriented computing and cloud computing:
Challenges and opportunities,” IEEE
Internet Comput., vol. 14, no. 6, pp. 72–
75, 2010.
[15] W. A. Jansen, “Security and Privacy
Issues In Cloud Computing and
Virtualization,” 2011 44th Hawaii Int.
Conf. Syst. Sci., pp. 1–10, 2011.
[16] D. Chen and H. Zhao, “Data security and
privacy protection issues in cloud
computing,” Proc. - 2012 Int. Conf.
Comput. Sci. Electron. Eng. ICCSEE
2012, vol. 1, no. 973, pp. 647–651, 2012.
[17] D. Zissis and D. Lekkas, “Addressing
cloud computing security issues,” Futur.
Gener. Comput. Syst., vol. 28, no. 3, pp.
583–592, 2012.
[18] T. N. Mujawar, A. V. Sutagundar, and L.
L. Ragha, “Security aspects in cloud
computing,” Cyber Secur. Threat.
Concepts, Methodol. Tools, Appl., pp. 54–
76, 2018.
[19] M. B. B. A. Malar and J. Prabhu, “An
analysis of security issues in cloud
computing,” Int. J. Civ. Eng. Technol.,
vol. 10, no. 2, pp. 2138–2153, 2019.
[20] R. P. Padhy, “Cloud Computing : Security
Issues and Research Challenges,” vol. 1,
no. 2, pp. 136–146, 2011.
[21] M. M. Alani, “Security threats in cloud
9
computing,” SpringerBriefs Comput. Sci.,
no. 9783319414102, pp. 25–39, 2016.
[22] A. Verma and S. Kaushal, “Cloud
computing security issues and challenges:
A survey,” Commun. Comput. Inf. Sci.,
vol. 193 CCIS, no. PART 4, pp. 445–454,
2011.
[23] S. More and S. Chaudhari, “Third Party
Public Auditing Scheme for Cloud
Storage,” Procedia Comput. Sci., vol. 79,
pp. 69–76, 2016.
[24] O. Harfoushi, B. Alfawwaz, N. A.
Ghatasheh, R. Obiedat, M. M. Abu-Faraj,
and H. Faris, “Data Security Issues and
Challenges in Cloud Computing: A
Conceptual Analysis and Review,”
Commun. Netw., vol. 06, no. 01, pp. 15–
21, 2014.
[25] F. M. Modi, M. R. Desai, and D. R. Soni,
“A Third Party Audit Mechanism for
Cloud Based Storage Using File
Versioning and Change Tracking
Mechanism,” Proc. Int. Conf. Inven. Res.
Comput. Appl. ICIRCA 2018, no. Icirca,
pp. 521–523, 2018.
