ArticlePDF Available

Reviews on Security Issues and Challenges in Cloud Computing

Authors:

Abstract and Figures

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.
Content may be subject to copyright.
This content has been downloaded from IOPscience. Please scroll down to see the full text.
Download details:
IP Address: 181.214.20.8
This content was downloaded on 07/12/2016 at 16:21
Please note that terms and conditions apply.
Reviews on Security Issues and Challenges in Cloud Computing
View the table of contents for this issue, or go to the journal homepage for more
2016 IOP Conf. Ser.: Mater. Sci. Eng. 160 012106
(http://iopscience.iop.org/1757-899X/160/1/012106)
Home Search Collections Journals About Contact us My IOPscience
You may also be interested in:
Climate change and terrorism as security issues: Constructions and comparisons
John Vogler
A code inspection process for security reviews
Gabriele Garzoglio
A novel image block cryptosystem based on a spatiotemporal chaotic system and a chaotic neural
network
Wang Xing-Yuan and Bao Xue-Mei
ARIADNE: a Tracking System for Relationships in LHCb Metadata
I Shapoval, M Clemencic and M Cattaneo
Improving Security in the ATLAS PanDA System
J Caballero, T Maeno, P Nilsson et al.
A secure key agreement protocol based on chaotic maps
Wang Xing-Yuan and Luan Da-Peng
Fast access to the CMS detector condition data employing HTML5 technologies
Giuseppe Antonio Pierro, Francesca Cavallari, Salvatore Di Guida et al.
Comparative Analysis Study of Open Source GIS in Malaysia
Muhammad Zamir Abdul Rasid, Naddia Kamis and Mohd Khuizham Abd Halim
Detector dead-time effects and paralyzability in high-speed quantum key distribution
Daniel J Rogers, Joshua C Bienfang, Anastase Nakassis et al.
Reviews on Security Issues and Challenges in Cloud
Computing
Y Z An, Z F Zaaba & N F Samsudin
School of Computer Sciences, Universiti Sains Malaysia, 11800 Minden, Pulau
Pinang, Malaysia
yzan.ucom14@student.usm.my,
zarulfitri@usm.my,
nfarhana.ucom12@student.usm.my,
Abstract. Cloud computing is an Internet-based computing service provided by the third party
allowing share of resources and data among devices. It is widely used in many organizations
nowadays and becoming more popular because it changes the way of how the Information
Technology (IT) of an organization is organized and managed. It provides lots of benefits such
as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization,
backup and recovery, continuous availability, quality of service, automated software
integration, scalability, flexibility and reliability, easy access to information, elasticity, quick
deployment and lower barrier to entry. While there is increasing use of cloud computing
service in this new era, the security issues of the cloud computing become a challenges. Cloud
computing must be safe and secure enough to ensure the privacy of the users. This paper firstly
lists out the architecture of the cloud computing, then discuss the most common security issues
of using cloud and some solutions to the security issues since security is one of the most
critical aspect in cloud computing due to the sensitivity of user’s data.
1. Introduction
Cloud computing is a relatively new service that allow the users to store and access computing
resources and data over Internet rather than from the local hard drive which might be costly. It help to
increase the storage capacity because users can have more than one cloud service to stored their data
and thus reduce the cost because there is no need to own an expensive computer with a larger memory.
According to the US National Institute of Standards and Technology (NIST), cloud computing is a
model enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider interaction [1]. While
the users are enjoying all the benefits that cloud computing could provide, many of the users did not
realized that there are many threats that might cause a great loss them. Most of them did not even
know how the cloud service provider manage their data and where exactly the data is stored. When
choosing to use cloud computing service, the users are actually handling the confidential data to the
third party who helps the users to keep and backup the data or resources. Based on that, there are some
question that might be asked by the security professionals like “Do you really think that the data is
safe and secure when it is managed by the third party?” and “Do you trust the cloud service that you
International Engineering Research and Innovation Symposium (IRIS) IOP Publishing
IOP Conf. Series: Materials Science and Engineering 160 (2016) 012106 doi:10.1088/1757-899X/160/1/012106
Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution
of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.
Published under licence by IOP Publishing Ltd 1
use?” Security issues and challenges are then arises since there is lack of awareness while the users are
using the cloud service that provided by the cloud service provider [2].
This paper discusses the state of the art of cloud computing domain focuses on the issues and
challenges and the current practices. This paper is organised as follows: Section 2 explores the related
work; Section 3 describes the security issues and challenges of the current issues in cloud computing
studies, Section 4 explains the solutions and practices utilise in overcoming the issues; and finally
Section 5 presents the conclusion and future works of this study.
2. Related Works
The architecture of cloud composed of several service models and deployment models [1].
2.1. Service Model:
i. Software as a service (SaaS)
It is the top layer of cloud service model. The cloud service provider developed and hosts the
software or application on the cloud infrastructure allowing the users to use it with various
devices by using the thin client interface such as web browser. However the underlying cloud
infrastructure, network, servers, operating systems or even individual application capabilities
is not manageable by the users [3]. It helps the users to save cost because of licensing of the
traditional packages is more expensive compared to the monthly fee for renting the application
from cloud service.
ii. Platform as a service (PaaS)
A middle layer of cloud service model that provides a software environment or platform for
the users to design, develop, deploy and test their application without worrying about the
underlying of the cloud infrastructure using the virtual servers of the cloud service provided
[1,3]. Therefore, the users can build their own applications which running on the provider’s
infrastructure and they have control over the deployed application they built.
Table 1. Comparisons of service model and examples [4].
SaaS
PaaS
Iaas
Consume
Build
Host
Consumer
End User
Application Owner
Application Owner
Type of
Service
Provided
Completed Applications
RunTime scenario
Cloud storage
Integration, etc
Cloud storage
Visual server
Coverage at
Service
Level
Application uptime
Application
performance
Environment
availability
Environment
performance
No application
coverage
Virtual server
availability
Time to provision
No platform or
application coverage
Examples
of Services
Provided
CRM
E-mails
Collaborative
ERP
Application
development
Decision support
Web
Streaming
Caching
Security
Legacy
System management
iii. Infrastructure as a Service (IaaS)
International Engineering Research and Innovation Symposium (IRIS) IOP Publishing
IOP Conf. Series: Materials Science and Engineering 160 (2016) 012106 doi:10.1088/1757-899X/160/1/012106
2
The user allowed to rent the processing, storage and other fundamental computing resources to
deploy and run arbitrary software which include operating system and applications and they
have control over the operating system and network. It provides basic storage and computing
capabilities. It also has a data centre space that can help to handle workload [1].
2.2. Deployment model:
i. Public cloud
The entire infrastructure of this cloud model is located on the premises of the cloud service
provider. The users normally share the same infrastructure pool with limited configuration. It
is accessible by any user and any user can store their data in the same cloud provided by the
cloud service provider. It provides scalable, dynamically provisioned and virtualized resources
available over the Internet.
ii. Private cloud
The cloud infrastructure is owned by only one user and it is not shared with the others. The
user has physical control over the cloud infrastructure and it is more secure compared to the
public cloud where everyone share a same cloud infrastructure. It provides host services on
private network that helps most corporate network and data administrators to become in-house
service provider efficiently. Studies by [5] provides an insights of a private cloud that
addresses the requirements and needs of e-learning and collaboration in university.
iii. Hybrid cloud
Combination of the public, the private or even the community cloud infrastructure which
allowed the transitive information exchange. It increased the flexibility of the cloud
infrastructure where the users can implement the private cloud using the public cloud
resources.
Figure 1: Types of cloud deployment models [6].
iv. Community cloud
The cloud infrastructure is shared among organizations that share the same concerns such as
the mission, security requirement and policy. It may owned by more organization and it can
exist on premises or even off-premises.
Each type of cloud model provides different level of control, flexibility and management. The users
should choose the most suitable type of cloud computing model based on their own situation and their
unique needs. This is very important since using unsuitable cloud model might cause the users to
International Engineering Research and Innovation Symposium (IRIS) IOP Publishing
IOP Conf. Series: Materials Science and Engineering 160 (2016) 012106 doi:10.1088/1757-899X/160/1/012106
3
suffer for a great loss such as reduced organization efficiency and might as well more serious like data
breaches, data loss and corrupted. The summary of cloud development models are depicted in figure 1.
Studies by [7] discussed the security issues for the cloud includes storage security, middleware
security, data security, network security and application security. They also conducted a study
approach where they solve small problems in cloud security hoping to solve the larger problems later.
They discuss three issues which are:
i. How to secure documents published in third party environment.
ii. How secure co-processors may be used to enhance security.
iii. How XACML (eXtensible Access Control Markup Language) may be implemented in
Hadoop environment
They claimed that major aspects in secured cloud computing would be building trusted applications
from untrusted components. The extensive security issues and challenges will be discussed further in
the next section.
3. Security Issues and Challenges
There are numerous security issues and challenges in cloud computing because it encompasses many
technologies such as networks, databases, operating system, virtualization, resource scheduling,
transaction management, concurrent control and memory management [8]. This is very important
because the cloud service provider must ensure that the users is not facing any serious problem like
data loss and data theft which may cause a great loss depending on the sensitivity of the data stored in
cloud. A malicious user may pretend to be the legitimate users and infecting the cloud.
There are a lot of security issues to be discussed:
3.1. Security issues
Data at rest is the major issues in cloud computing because users may store all their common, private,
or even sensitive data in the cloud which can be accessed by anyone anywhere. Data theft is a very
common issues that are facing by the cloud service providers nowadays. Besides, some cloud service
providers even don’t provide their own server because of the cost effectiveness and flexibility. There
are also incidents like data loss which might be also a serious problem for the users. For example, the
server is suddenly shut down and causes data loss of the users. Furthermore, natural disaster might
also cause data to be damaged or corrupted. Therefore, physical data location can be considered one of
the security issues in cloud computing.
3.2. Privacy issues
The cloud computing service provider must enforce their own policies to ensure the safety of the data
users stored in their cloud model. They must make sure that they realize who is actually accessing the
data stored in the cloud and only the authorized person can maintain the cloud service model [9]. The
security of cloud computing should be done on the provider side and also the user side. Cloud service
provider should provide a good layer of security protection for the users while the users should not
tampered with the other user’s data. The cloud computing is a good way to reduce the cost and provide
more storage if and only if the security is done by both provider and user. [10] claimed that regulatory
reform is essential to protect sensitive data in the cloud since one of the most challenging aspect in
cloud computing is to ensures that the consumer have trust in privacy and security of their data.
3.3. Application issues
Monitoring and maintenance should be done by the cloud service provider frequently to ensure that
the cloud is secure and not infected by the malicious code that have been uploaded to the cloud by the
hackers or attackers with the purpose of stealing sensitive information or even damaging the
information of certain users.
3.4. Threats issues
International Engineering Research and Innovation Symposium (IRIS) IOP Publishing
IOP Conf. Series: Materials Science and Engineering 160 (2016) 012106 doi:10.1088/1757-899X/160/1/012106
4
There are lots of security issues regarding the cloud computing that have been widely used nowadays.
There are top nine threat that pose severe danger to the cloud computing in year 2013 according to
“The Notorious Nine: Cloud Computing Top Threat” by the Cloud Security Alliance (CSA) [11]. The
top nine threat that have been mentioned in the white paper are:
i. Data Breaches
Data that stored to the cloud by the users might be important and sensitive. The data store in
cloud might be stole by the unauthorized users and that might poses some level of danger to
the users under attack. It is the top threat to threat to the cloud computing because hackers or
attackers can easily access to the data of the users which store in the cloud. The cloud stored a
pool of confidential information of many users. The cloud service users should also ensure the
quality, reliability and performance of the cloud service providers through Service Level
Agreements (SLAs) negotiated between providers and users [12]. Therefore, data breaches are
the worst problem that the cloud computing service faces.
ii. Data Loss
Data stored in cloud might be damaged or corrupted due to some reasons such as shut down of
server because of financial or legal problem, natural disaster like earthquakes and fire [13].
Data might not be able to recover because back up is not done well and the data of the users
will be lost forever if there are no extra copies of that information.
iii. Account Hijacking
The user’s account is stolen or hijacked and the hackers might impersonate he user to perform
malicious and unauthorized activities which might also harm the user [14]. For example, the
hackers might manipulate the data, provide false information and eavesdropping on
transactions using the stolen account. In addition, no native APIs are used for login and
anyone can register as a cloud service user hence the chances of the account being hijacked is
high [15].
iv. Insecure APIs
Software Interface for the users to interact with the cloud services is also crucial to ensure the
security of the cloud model. The API from the authentication and access control to the
encryption and activity monitoring should be well implemented to protect against both
accidental and malicious attack. For example, [16] propose two stage access control
mechanism using the Role Based Access Control Model (RBAC) in order to provide a strong
API mechanism.
v. Denial of Service
Hacker use this type of attack to flood the machine or network resources of the cloud service
provider which interrupt the users and prevent the users from connecting to the network access
[11,17]. This is also a security issues that might harm the user because cloud service becomes
unavailable to users and they might not get what they need in time.
vi. Malicious Insiders
Employee of the company might also be a big threat. They might be the attacker themselves or
a partner of the hacker who have the better chances of stealing or tampering the data of the
cloud model with intention. These activities cause the sensitive or confidential data of the
users leak to the others which might harm the targeted users. Studies by [18] reveals that
password and other confidential data can be easily obtained by malicious insiders of cloud
service providers. Studies by [19] addresses the problems of malicious insiders where they
claimed that it should be studied in two context which are insider threat in cloud provider (i.e.
insider is malicious employee working for cloud provider) and insider threat in cloud
outsourcer (i.e. employee of an organization which sourced its infrastructure to the cloud).
vii. Abuse of Cloud Service
Most of the cloud computing systems have weak registration system. For example, anyone
with a valid credit card may register and start using the cloud service immediately. Thus,
attackers often conduct the malicious activities by abusing the relative anonymity of the
International Engineering Research and Innovation Symposium (IRIS) IOP Publishing
IOP Conf. Series: Materials Science and Engineering 160 (2016) 012106 doi:10.1088/1757-899X/160/1/012106
5
registration of the cloud computing services. Future areas of concern include password and
key cracking, DDOS attack, launching dynamic attack points and hosting malicious data.
Figure 2: Analysis of causes of data loss.
viii. Insufficient Due Diligence
Many users undertake little due diligence about their cloud service providers (CSPs). They did
not even consider basic due diligence, such as assessing the financial health of the CSP or
determining how long the CSP has been in business [20]. The due diligent should not be
ignored because the cloud service provider might not secure enough and they did not take
responsible to the data stolen from the cloud by some hackers.
ix. Shared Technologies Issue
IaaS vendors deliver their services in a scalable way by sharing infrastructure. It is not
designed to offer strong isolation properties for a multi-tenant architecture.
4. Solution and Practices for Cloud Security Issues
The cloud computing have become more popular because many users start to realize its benefits. It
allows the user to easily shrink the operation and also help to save cost. However, with the increased
adoption rate of the cloud service, the security issues and risk have been increased as well [21]. In
order to make cloud computing a better option to increase the user storage capacity and save their
confidential information securely, there are few solutions and practice that helps.
4.1. Vulnerability shielding
The cloud service provider should improve the patch management. They should check the
vulnerability of their cloud service frequently and always update and maintain the cloud to limit the
possible access point and reduce the risk of attack of the cloud by the hackers. The cloud service
provider might also use the Intrusion Detection System (IDS) to make sure the cloud service provided
is secure and safe.
4.2. Trusted cloud service provider
The user should make sure that they find the right cloud service provider. Each cloud service provider
have different approaches on data management in the cloud. Well established and experienced cloud
service provider is more trust worthy and better choice. Besides, the standards and regulations of the
cloud service provider is also very important. Examples of trusted clouds service providers are
Amazon Web Services (AWS), IBM, Google and Microsoft. [22] shares the comparison of cloud
database so that user can have better understanding of each database and choose the appropriate
database accordingly. In order to guide users in choosing the best cloud service provide, CloudCmp
International Engineering Research and Innovation Symposium (IRIS) IOP Publishing
IOP Conf. Series: Materials Science and Engineering 160 (2016) 012106 doi:10.1088/1757-899X/160/1/012106
6
have been developed in studies by [23]. They claimed that the application compares the cost and
performance of cloud service providers and ensure fairness, representativeness and compliance while
limiting measurement cost structure.
4.3. Use cloud service wisely
The data stored in the cloud should be confidential and even the cloud service provider should not
have access to those information [24]. The data stored in the cloud should be well encrypted to ensure
the security of the users’ information. Anyone who need access to the data in the cloud should ask for
the permission of the users before doing so.
4.4. Security check events
The users should have clear contract with the cloud service provider so that the users can claim if any
accidents or breaches of the sensitive data stored in the cloud. The users must have clear agreement
with the cloud service provider before using the cloud services provided by that particular cloud
service provider. The users should ensure that the cloud service provider give enough details about
fulfilments of promises, break remediation and reporting contingency.
4.5. Data storage regulations
The architecture of the cloud environment is an important aspect to ensure the security of the data
stored in the cloud. The users must understand the concept of the data storage regulations which the
cloud service provider follows. Cloud service provider that provide security solution compliant with
regulations such as HIPAA, PCI DSS, and EU data protection laws are some of the best choice.
4.6. Facilities for recovery
Cloud service provider should take the responsibility to recover the data of the users if there is any
data loss due to certain issues [25]. Cloud service provider should make sure that they have proper
backup and can retrieve and recover the confidential data of the users that might be costly. Moreover,
the cloud service providers can also implement the following solutions to ensure data recovery [26]:
i. Using fastest disk technology in event of disaster for replication of data in danger.
ii. Changing dirty page threshold.
iii. Prediction and replacement of risky devices.
4.7. Enterprise infrastructure
The user must secured the data that they want to keep in the cloud infrastructure. The cloud service
provider should provide an infrastructure that give facilitates for the users to install and configure
hardware components like firewalls, routers, server and proxy server.
4.8. Access control
The cloud service provider should set up the data access control with rights and the users who access
the data should be verified by the cloud service provider every time. The cloud service provider must
ensure that only the authorized users may have access to the data stored in cloud. The method can help
to reduce the risk of the data access by the unauthorized users and thus provide a much secure
environment to store sensitive data. In addition, third party auditing can also be one of the alternatives
to ensure data integrity of the storage in the cloud [27]. However, the auditing procedure should have
the following properties:
i. Confidentiality: Auditing protocols should keep user’s data confidential against auditor.
ii. Dynamic auditing: Auditing protocol should support updates of data in the cloud.
iii. Batch auditing: Auditing protocol shoud support batch auditing for multiple users and
clouds.
International Engineering Research and Innovation Symposium (IRIS) IOP Publishing
IOP Conf. Series: Materials Science and Engineering 160 (2016) 012106 doi:10.1088/1757-899X/160/1/012106
7
4.9. Identification management and authentication
When the user want to access the data stored in the cloud, they must be authenticated not only by
using the username and password but also the digital data. Multi-level authentication technique
introduced by [28] can also be implemented in cloud computing. The technique generates password in
several levels before the user can access the cloud services. Anonymous authentication (i.e. identity of
user is protected from the cloud) can also be implemented where only valid users are able to decrypt
the information [27]. Other than that, proposed scheme by [29] can also be applied in cloud computing
where they claimed that their new password authentication scheme are secured from impersonation ,
off-line guessing and man in the middle attack. Furthermore, leakage-resilient authentication can also
be utilised in order to improve the security of the cloud services [30].
5. Conclusion
Cloud computing is a model that helps to speed up and increase the flexibility of data management
with reduced cost. It is undeniable that cloud computing has brings us lots of benefits and becoming
more popular nowadays. Many large companies start using cloud service in their business. While the
cloud computing is widely used, the security becomes a concern to everyone who use cloud services.
There is a lot of security arises continuously while there are improvement as well on the security
model of the cloud service provided. Despite the increasing use of the cloud service, the user should
use the cloud service provided wisely in a way that always ensure good security practices so that this
technology have the potential to bring the information technology to the next level. Cloud computing
might help us to separate he software from the hardware as more technologies are used as service
using cloud and software might have a highly abstract space with the computer hardware. It is
expected that this paper provides some basis or foundation in regards to issues and challenges in cloud
computing.
References
[1] Armbrust M, Fox A, Griffith R, Joseph A D, Katz R, Konwinski A, Lee G, Patterson D, Rabkin
A, Stoica I and Zaharia M 2010 A view of cloud computing, Communications of the ACM
Magazine, 53 4 50-58
[2] Ashraf I 2014 An overview of service model of cloud computing Int. J. of Multidisciplinary and
Current Research 2 779-783
[3] BalaNarayada Reddy G 2013 Cloud computing-types of cloud Retrieved from
http://bigdatariding.blogspot.my/2013/10/cloud-computing-types-of-cloud.html
[4] Christina A A 2015 Proactive measures on account hijacking in cloud computing network Asian
Journal of Computer Science and Technology 4 2 31-34
[5] Choubey R, Dubey R and Bhattacharjee J 2011 A survey on cloud computing security
challenges and threats International Journal on Computer Science and Engineering (IJCSE)
3 3 1227-1231
[6] Cloud Security Alliance 2013 The notorious nine: Cloud computing top threats in 2013
Retrieved from
https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Clo
ud_Computing_Top_Threats_in_2013.pdf
[7] Dinesha H A and Agrawal V K 2012 Multi-level authentication technique for accessing cloud
services International Journal on Cloud Computing: Services and Architecture (IJCCSA) 2 3
31-39
[8] Doelitzscher F, Sulistio A, Reich C, Kuijs H and Wolf D 2011 Private cloud for collaboration
and e-Learning services: from IaaS to SaaS J. Computing-Cloud Computing 91 1 23-42
[9] Hamlen K, Kantarcioglu M, Khan L and Thuraisingham B 2012 Security issues for cloud
computing Optimizing Information Security and Advancing Privacy Assurance: New
Technologies 8 150-162
[10] Jain S, Kumar R, Kumawat S and Jangir S K 2014 An analysis of security and privacy issues,
International Engineering Research and Innovation Symposium (IRIS) IOP Publishing
IOP Conf. Series: Materials Science and Engineering 160 (2016) 012106 doi:10.1088/1757-899X/160/1/012106
8
Challenges with possible solution in cloud computing Proc. of the National Conf. on
Computational and Mathematical Sciences (COMPUTATIA-IV) 1-7
[11] Kandias M, Virvilis N and Gritzalis D 2011 The insider threat in cloud computing Proc. of 6th
International Conf. on Critical Infrastructure Security 95-106
[12] Khoshkholghi M A, Abdullah A, Latip R, Subramaniam S and Othman M 2014 Disaster
Recovery in Cloud Computing: A Survey Computer and Information Science 7 4 39-54
[13] Khurana S and Verma A G 2013 Comparisons of cloud computing service model: SaaS, PaaS,
IaaS International Journal of Electronics & Communication Technology (IJECT) 4 3 29-32
[14] Kiblin T 2011 How to use cloud computing for disaster recovery Retrieved from
http://www.crn.com/blogs-op-ed/channel-voices/230700011/how-to-use-cloud-computing-
for-disaster-recovery.htm
[15] Kill A 2013 Cloud computing risk: Due diligence and insurance Retrieved from
http://www.metrocorpcounsel.com/articles/17928/cloud-computing-risks-due-diligence-and-
insurance
[16] King N J and Raja V T 2012 Protecting the privacy and security of sensitive customer data in
the cloud Computer law & Security Review 28 308-319
[17] Kuyoro S O, Ibikunie F and Awodele O 2011 Cloud computing security issues and challenges
International Journal of Computer Networks (IJCN) 3 5 247-255
[18] Li A, Yang X, Kandula S and Zhang M 2010 CloudCmp: Comparing public cloud providers
Proc. of the 10th ACM SIGCOMM Conf. on Internet measurements 1-14
[19] Malimi N 2014 Cloud computing Retrieved from http://ngeleki.blogspot.my/2014/03/what-is-
cloud-computing.html
[20] McDowell M 2009 Understanding denial-of-service attack Retrieved from https://www.us-
cert.gov/ncas/tips/ST04-015
[21] Mell P and Grance T 2011 The NIST definition of cloud computing Retrieved from
http://dx.doi.org/10.6028/NIST.SP.800-145
[22] Ramanathan S, Goel S and Alagumalai S 2011 Comparison of cloud database: Amazon’s
SimpleDB and Google’s Bigtable International Journal of Computer Science Issues 8 6 2
243-246.
[23] Rocha F and Correia M 2011 Lucy in the sky without diamonds: Stealing confidential data in
the cloud Proc. of the 1st Int. Workshop on Dependability of Clouds Data Centers and
Virtual Computing Environments (DCDV) 1-6
[24] Mujinga M. 2013 Privacy and legal issus in cloud computing SMME position in South Africa
Proc. Of the 11th Autralian Information Security Management Conf. 49-59
[25] Sekhar R V, Nandini N, Bhanumathy D and Hemalatha M 2015 Identity based authentication
for data stored in cloud International Journal of Advanced Research in Computer Science
and Software Engineering 5 3 243-247
[26] Sen J 2013 Security and privacy issues in cloud computing Retrieved from
arxiv.org/pdf/1303.4814
[27] Sharma S, Soni S and Sengar S 2012 Security in cloud computing National Conf. on Security
Issues in Network Technologies 1-6
[28] Shin S H and Kobara K 2010 Towards secure cloud storage Demo for CloudCom2010
[29] Sirisha A and Kumari G G 2010 API access control in cloud using the role based access control
model Trendz in Information Sciences & Computing (TISC) 135-137
[30] Yassin A A, Jin H, Ibrahim A, Qiang W and Zou D 2012 Efficient password-based two factors
authentication in cloud computing International Journal of Security and Its Applications 6 2
143-148
International Engineering Research and Innovation Symposium (IRIS) IOP Publishing
IOP Conf. Series: Materials Science and Engineering 160 (2016) 012106 doi:10.1088/1757-899X/160/1/012106
9
... Most of the reviewed literature has contributed significantly to the management of cloud security issues [17]. One such survey in [18] explored the common security concerns of cloud use. In addition, the authors presented some solutions to security risks according to user data sensitivity in cloud architecture. ...
... There have been some works performed at two or more levels in cloud infrastructure, such as the studies conducted in [18,22,25]. In addition, the studies in [21,27,29,31], considered all infrastructure levels. ...
... Contribution Data Application Host Network [18] The study reviewed the security issues regarding user data sensitivity on cloud architecture. ...
Article
Full-text available
Cloud computing is currently becoming a well-known buzzword in which business titans, such as Microsoft, Amazon, and Google, among others, are at the forefront in developing and providing sophisticated cloud computing systems to their users in a cost-effective manner. Security is the biggest concern for cloud computing and is a major obstacle to users adopting cloud computing systems. Maintaining the security of cloud computing is important, especially for the infrastructure. Several research works have been conducted in the cloud infrastructure security area; however, some gaps have not been completely addressed, while new challenges continue to arise. This paper presents a comprehensive survey of the security issues at different cloud infrastructure levels (e.g., application, network, host, and data). It investigates the most prominent issues that may affect the cloud computing business model with regard to infrastructure. It further discusses the current solutions proposed in the literature to mitigate the different security issues at each level. To assist in solving the issues, the challenges that are still unsolved are summarized. Based on the exploration of the current challenges, some cloud features such as flexibility, elasticity and the multi-tenancy are found to pose new challenges at each infrastructure level. More specifically, the multi-tenancy is found to have the most impact at all infrastructure levels, as it can lead to several security problems such as unavailability, abuse, data loss and privacy breach. This survey concludes by giving some recommendations for future research.
... The parameters of PRAM may be modified to make sure that Pk is met [16]. PK homes are probabilistically randomized and rebuilt in case you want to provide an expanding sort of correct sizes and extra always offer safety for information inside the cloud [17]. In the Pk way, no person wants to animate which character document originated from which more than I/properly sufficient opportunity [18]. ...
... An et al. [17] addressed protection issues in SaaS which incorporate information protection, organized protection, data place allocation, facts respectability, records isolation, records get proper of entry to, affirmation and approval, information secrecy, internet software safety, records loss, virtualization powerlessness, accessibility, reinforcement, person executives, and sign-on method. ...
Article
Full-text available
Background. As more data becomes available about how frequently the cloud can be updated, a more comprehensive picture of its safety is emerging. The suggested artworks use a cloud-based gradual clustering device to cluster and refresh a large number of informational indexes in a useful manner. Purpose. Anonymization of data is done at the point of collection in order to safeguard the data. More secure than K-Anonymization, Pk-Anonymization is the area’s first randomization method. A cloud service provider (CSP) is an independent company that provides a cloud-based network and computing resources. Customers’ security and connection protection must be verified by an authority before facts may be transferred to cloud servers for storing information. Method. Logical Pk-Anonymization and key era techniques are proposed in this proposed artwork in order to verify the cloud records, as well as to store sensitive information in the cloud. Cloud-based informational indexes are used in the proposed framework, which is effective at handling large amounts of data through MapReduce; a parallel data preparation form is obtained; to get all information as new facts that joins after a while, information anonymization techniques to carry out each protection and immoderate information utilization while updating take place; information loss and clean time is reduced for substantial amounts of data. As a result, the safety and records software might be in sync.
... The authors in [70] highlighted various security challenges of cloud computing, types of cloud, and several service models of cloud computing. In [70] the author proposed some critical cloud challenges and future research directions based on the literature. ...
... The authors in [70] highlighted various security challenges of cloud computing, types of cloud, and several service models of cloud computing. In [70] the author proposed some critical cloud challenges and future research directions based on the literature. Authors in [71] focused on the identification of security issues in cloud computing that is a concern for both cloud service providers and users. ...
Article
Full-text available
Cloud computing provides a flexible architecture where data and resources are dispersed at various locations and are accessible from various industrial environments. Cloud computing has changed the use, storing, and sharing of resources such as data, services, and applications for industrial applications. During the last decade, industries have rapidly switched to cloud computing for having more comprehensive access, reduced cost, and increased performance. In addition, significant improvement has been observed in the internet of things (IoT) with the integration of cloud computing. However, this rapid transition into the cloud raised various security issues and concerns. Traditional security solutions are not directly applicable and sometimes ineffective for cloud-based systems. Cloud platforms’ challenges and security concerns have been addressed during the last three years, despite the successive use and proliferation of multifaceted cyber weapons. The rapid evolution of deep learning (DL) in the artificial intelligence (AI) domain has brought many benefits that can be utilized to address industrial security issues in the cloud. The findings of the proposed research include the following: we present a comprehensive survey of enabling cloud-based IoT architecture, services, configurations, and security models; the classification of cloud security concerns in IoT into four major categories (data, network and service, applications, and people-related security issues), which are discussed in detail; we identify and inspect the latest advancements in cloud-based IoT attacks; we identify, discuss, and analyze significant security issues in each category and present the limitations from general, artificial intelligence and deep learning perspective; we provide the technical challenges identified in the literature and then identify significant research gaps in the IoT-based cloud infrastructure to highlight future research directions to blend cybersecurity in cloud.
... PK properties are probabilistically randomized and, after that, rebuilt. So, it gives increasingly exact measurement and all the more dependably provides security for the data in the cloud [17]. In the PK method, nobody can animate which individual record originated from which more than I/k probability [18]. ...
... Zaaba et al. [17] managed security issues in SaaS are information security, organized security, information region allocation, information respectability, information isolation, information access, confirmation and approval, information secrecy, web application security, information loss, virtualization powerlessness, accessibility, reinforcement, personality the executives and sign-on technique. ...
Article
Full-text available
The significant security assessment is rising because the vast amount of data can be renewed continuously in the cloud. Cloud information is clustered and refreshed productively using a progressive clustering procedure over the data. To verify the security of a user's connection to the cloud, the development of information to the servers could be used. Thus, the trustworthiness of the information plays a vital role in determining the authority of the information. Map Reduce is used to deal with enormous volumes of information, and informational indexes are circulated on the cloud. A parallel information preparation structure is then received, allowing for the collection of current information that joins over time. Information anonymization methods are then used to achieve security and high information utility when an update occurs, resulting in less data loss and refresh time over time.
... However, access to multiple systems may also mean multiple login credentials that users need to possess. This process can add extra pressure on the user to create and remember multiple login credentials, usually in the form of usernames and passwords, as different systems (may) have different constraints [21,22]. Therefore, SSO addresses the problem of multiple login credentials for multiple systems [23]. ...
Article
Full-text available
Continuous and emerging advances in Information and Communication Technology (ICT) have enabled Internet-of-Things (IoT)-to-Cloud applications to be induced by data pipelines and Edge Intelligence-based architectures. Advanced vehicular networks greatly benefit from these architectures due to the implicit functionalities that are focused on realizing the Internet of Vehicle (IoV) vision. However, IoV is susceptible to attacks, where adversaries can easily exploit existing vulnerabilities. Several attacks may succeed due to inadequate or ineffective authentication techniques. Hence, there is a timely need for hardening the authentication process through cutting-edge access control mechanisms. This paper proposes a Blockchain-based Multi-Factor authentication model that uses an embedded Digital Signature (MFBC_eDS) for vehicular clouds and Cloud-enabled IoV. Our proposed MFBC_eDS model consists of a scheme that integrates the Security Assertion Mark-up Language (SAML) to the Single Sign-On (SSO) capabilities for a connected edge to cloud ecosystem. MFBC_eDS draws an essential comparison with the baseline authentication scheme suggested by Karla and Sood. Based on the foundations of Karla and Sood’s scheme, an embedded Probabilistic Polynomial-Time Algorithm (ePPTA) and an additional Hash function for the Pi generated during Karla and Sood’s authentication were proposed and discussed. The preliminary analysis of the proposition shows that the approach is more suitable to counter major adversarial attacks in an IoV-centered environment based on the Dolev–Yao adversarial model while satisfying aspects of the Confidentiality, Integrity, and Availability (CIA) triad.
... Encouraging outcomes have demonstrated that the utilization of agreeable Intrusion Detection Systems (IDSs) can improve the identification exactness contrasted and the conventional single Intrusion Detection Systems. The participation among IDSs that have a place with various Cloud Providers (CP) is accomplished by permitting them to trade their interruption investigation input and endeavour each other's skill to cover obscure danger designs, thereby achieving common economic benefits [2]. A proactive multicloud is planned with IDS that coordinates an Artificial Intelligence based methodology has been proposed to overcome the restrictions. ...
Article
Full-text available
Cloud Computing (CC) is an innovative worldview technique that allows for the registration of resources. Some examples of computing resources are an organization, stockpiling, applications, and administrations when there is an interesting perspective. In CC, the assets are shared by Cloud customers. A registered framework is given by the cloud which is an advanced stage on which clients can build up their applications. Having a limited service, the consumers of the cloud can gain resources from anywhere irrespective of time. One of the topical issues is Edge and Fog computing along with the cloud security that is associated with the processing paradigm, data storage, and managing. When attacks occur on the advancement of fog computing, IoT Cloud figuring, ineradicable and appalling impacts transpire. Subsequently, numerous security frameworks and models have been proposed and executed for security in Fog computing. The proposed model addresses the privacy concerns as many networks are involved, and there are many fog nodes that each end-user is accessible to those nodes. This is due to more sensitive information that is transferred from end-users to the fog nodes. The proposed model uses multi-layered intermittent neural organizations intended to be executed for Fog computing figuring the security that is exceptionally near the end-clients and IoT gadgets. The proposed model utilizes a reasonable adaptation of the difficult dataset such as the NSL-KDD dataset. The performance of the proposed model was evaluated using a range of existing models, features. The research findings and replications are used to demonstrate the robustness and stability of the proposed model in comparison with other types of execution measurements.
Article
Full-text available
People used to carry their documents about on CDs only a few years ago. Many people have recently turned to memory sticks. Cloud computing, in this case, refers to the capacity to access and edit data stored on remote servers from any Internet-connected platform. Cloud computing is a self-service Internet infrastructure that allows people to access computing resources at any location worldwide. The world has altered as a result of cloud computing. Cloud computing can be thought of as a new computing typology that can provide ondemand services at a low cost. By increasing the capacity and flexibility of data storage and providing scalable compute and processing power that fits the dynamic data requirements, cloud computing has aided the advancement of IT to higher heights. In the field of information technology, privacy and data security have long been a serious concern. It becomes more severe in the cloud computing environment because data is stored in multiple locations, often across the globe. Users' primary challenges regarding the cloud technology revolve around data security and privacy. We conduct a thorough assessment of the literature on data security and privacy issues, data encryption technologies, and related countermeasures in cloud storage systems in this study. Ubiquitous network connectivity, location-independent resource pooling, quick resource flexibility, usage-based pricing, and risk transference are all features of cloud computing.
Chapter
Full-text available
Cloud computing transforms the way Information Technology (IT) is consumed and managed, promising improved cost efficiencies, accelerated innovation, faster time-to-market, and the ability to scale applications on demand (Leighton, 2009). According to Gartner, while the hype grew exponentially during 2008 and continued since, it is clear that there is a major shift towards the cloud computing model and that the benefits may be substantial (Gartner Hype-Cycle, 2012). However, as the shape of cloud computing is emerging and developing rapidly both conceptually and in reality, the legal/contractual, economic, service quality, interoperability, security, and privacy issues still pose significant challenges. In this chapter, the authors describe various service and deployment models of cloud computing and identify major challenges. In particular, they discuss three critical challenges: regulatory, security, and privacy issues in cloud computing. Some solutions to mitigate these challenges are also proposed along with a brief presentation on the future trends in cloud computing deployment.
Chapter
Full-text available
Cloud computing transforms the way information technology (IT) is consumed and managed, promising improved cost efficiencies, accelerated innovation, faster time-to-market, and the ability to scale applications on demand (Leighton, 2009). According to Gartner, while the hype grew exponentially during 2008 and continued since, it is clear that there is a major shift towards the cloud computing model and that the benefits may be substantial (Gartner Hype-Cycle, 2012). However, as the shape of the cloud computing is emerging and developing rapidly both conceptually and in reality, the legal/contractual, economic, service quality, interoperability, security and privacy issues still pose significant challenges. In this chapter, we describe various service and deployment models of cloud computing and identify major challenges. In particular, we discuss three critical challenges: regulatory, security and privacy issues in cloud computing. Some solutions to mitigate these challenges are also proposed along with a brief presentation on the future trends in cloud computing deployment.
Article
Full-text available
Cloud computing (CC) brings substantial benefits to organizations and their clients. Information technology (IT) users in developing countries, especially those in underdeveloped communities, are gaining easy and cost-effective access to a variety of services, from entertainment to banking. South Africa has outlined a national e-strategy that aims to improve those communities, by providing frameworks for access to information and communications technology (ICT). The products and services of small-, medium and micro-sized enterprises (SMME) are now reaching a wider audience through the use of technology. CC can go a long way to help government realize the national e-strategy. There are numerous barriers to CC adoption; among the main concerns are security, privacy and availability. CC adoption is rising globally, but in South Africa it hasn't penetrated the mainstream operations of small and large organizations. The major inhibitor is security, though it is losing ground to other factors, especially privacy concerns, and The absence of security and data privacy legislation in South Africa makes it difficult for organizations to adopt CC. The objective of this paper is to highlight CC inhibitors especially privacy and legal issues in the context of South African SMMEs and how they contribute to low rate of CC adoption.
Article
Full-text available
Disaster recovery is a persistent problem in IT platforms. This problem is more crucial in cloud computing, because Cloud Service Providers (CSPs) have to provide the services to their customers even if the data center is down, due to a disaster. In the past few years, researchers have shown interest to disaster recovery using cloud computing, and a considerable amount of literature has been published in this area. However, to the best of our knowledge, there is a lack of precise survey for detailed analysis of cloud-based disaster recovery. To fill this gap, this paper provides an extensive survey of disaster recovery concepts and research in the cloud environments. We present different taxonomy of disaster recovery mechanisms, main challenges and proposed solutions. We also describe the cloud-based disaster recovery platforms and identify open issues related to disaster recovery.
Article
Full-text available
Cloud computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. It advantages to mention but a few include scalability, resilience, flexibility, efficiency and outsourcing non-core activities. Cloud computing offers an innovative business model for organizations to adopt IT services without upfront investment. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it due to security issues and challenges associated with it. Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
Conference Paper
Full-text available
Cloud computing is the delivery of computing as a service rather than a product, whereby IT resources, software, shared resources, and information are provided to computers as well as other devices on demand, like the electricity grid. Cloud computing is also an Internet-based computing where a large pool of systems are connected in private or public networks, and provide dynamically scalable infrastructure for application data as well as file storage. Security of Cloud computing is an evolving sub-domain of network security, computer security and information security. In spite of its vitality, it exhibits many security flaws such as loss of important data, data leakage and something related to cloning, resource pooling etc. Security of Cloud Computing is emerging area for study and this paper presents an overview, characteristics, benefits, advantages and disadvantages of cloud computing. Also include the several security and privacy issues with challenges and includes solution of security issues of cloud computing. The aim of this paper is to show important aspect of security, privacy concerned challenges which the authors and researchers are facing in the security of cloud computing.
Conference Paper
Cloud computing is an emerging technology paradigm, enabling and facilitating the dynamic and versatile provision of computational resources and services. Even though the advantages offered by cloud computing are several, there still exist second thoughts on the security and privacy of the cloud services. Use of cloud services affects the security posture of organizations and critical infrastructures, therefore it is necessary that new threats and risks introduced by this new paradigm are clearly understood and mitigated. In this paper we focus on the insider threat in cloud computing, a topic which has not received research focus, as of now. We address the problem in a holistic way, differentiating between the two possible scenarios: a) defending against a malicious insider working for the cloud provider, and b) defending against an insider working for an organization which chooses to outsource parts or the whole IT infrastructure into the cloud. We identify the potential problems for each scenario and propose the appropriate countermeasures, in an effort to mitigate the problem.
Article
The global ubiquity of cloud computing may expose consumers' sensitive personal data to significant privacy and security threats. A critical challenge for the cloud computing industry is to earn consumers' trust by ensuring adequate privacy and security for sensitive consumer data. Regulating consumer privacy and security also challenges government enforcement of data protection laws that were designed with national borders in mind. From an information privacy perspective, this article analyses how well the regulatory frameworks in place in Europe and the United States help protect the privacy and security of sensitive consumer data in the cloud. It makes suggestions for regulatory reform to protect sensitive information in cloud computing environments and to remove regulatory constraints that limit the growth of this vibrant new industry.