IJWMT Vol. 14, No. 1, 8 Feb. 2024
Cover page and Table of Contents: PDF (size: 570KB)
Full Text (PDF, 570KB), PP.14-28
Views: 0 Downloads: 0
Cloud Computing, Cloud Security, Cloud Security Taxonomies, Authentication, Vulnerabilities, Threats, Countermeasures
Enhancements and extensions in pervasive computing have enabled penetration of cloud computing enabled services into almost all walks of human life. The expansion of computational capabilities into everyday objects and processes optimizes end users requirement to directly interact with computing systems. However, the amalgamation of technologies like Cloud Computing, Internet of Things (IoT), Deep Learning etc are further giving way to creation of smart ecosystem for smart human living. This transformation in the whole pattern of living as well as working in enterprises is generating high expectations as well as performance load on existing cloud implementation as well as cloud services. In this complete scenario, there are simultaneous efforts on optimizing as well as securing cloud services as well as the data available on the cloud.
This manuscript is an attempt at introducing how cloud computing has become pivotal in the current enterprise setting due to its pay-as -you -use character. However, the allurement of using services without having to procure and retain involved hardware and software also has certain risks involved. The main risk involved in choosing cloud is compromising security concerns. Many potential customers avoid migrating towards cloud due to security concerns. Security concerns for the cloud implementations in the recent times have grown exponentially for all the varied stakeholders involved. The aim of this manuscript is to analyze the current security challenges in the existing cloud implementations. We provide a detailed analysis of existing cloud security taxonomies enabling the reader to make an informed decision on what combination of services and technologies could be used or hired to secure their data available on the cloud.
Imran Khan, Tanya Garg, "An Analytical Study of Cloud Security Enhancements", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.14, No.1, pp. 14-28, 2024. DOI:10.5815/ijwmt.2024.01.02
[1] D. Chen and H. Zhao, “Data Security and Privacy Protection Issues in Cloud Computing,” in 2012 International Conference on Computer Science and Electronics Engineering, 2012, pp. 647–651.
[2]“Top 10 Strategic Technology Trends for 2018: Cloud to the Edge.” [Online]. Available: https://www.gartner.com/doc/3865403?ref=mrktg-srch. [Accessed: 31-Jan-2019].
[3]D. Parkhill, “Challenge of the computer utility,” 1966.
[4]J. Yang, Z. C.-C. intelligence and software, and undefined 2010, “Cloud computing research and security issues,” ieeexplore.ieee.org.
[5]K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” J. Internet Serv. Appl., vol. 4, no. 1, p. 5, 2013.
[6]P. Mell and T. Grance, “The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology.”
[7]K. Stanoevska, T. Wozniak, and S. Ristol, Grid and cloud computing: a business perspective on technology and applications. 2009.
[8]G. Christina Oliver, “NIST SP 800-145, The NIST Definition of Cloud Computing.”
[9]D. Zissis, D. L.-F. G. computer systems, and undefined 2012, “Addressing cloud computing security issues,” Elsevier.
[10]N. Gruschka, M. J.-2010 I. 3rd international conference on, and undefined 2010, “Attack surfaces: A taxonomy for attacks on cloud services,” computer.org.
[11]A. Fox, R. Katz, A. Konwinski, and G. Lee, “Above the Clouds: A Berkeley View of Cloud Computing,” 2009.
[12]L. K.-I. S. & Privacy and undefined 2009, “Data security in the world of cloud computing,” ieeexplore.ieee.org.
[13]A. W.- networker and undefined 2007, “Computing in the clouds,” computing.dcu.ie.
[14]S. Zhang, S. Zhang, X. Chen, … X. H.-S. international conference, and undefined 2010, “Cloud computing research and development trend,” computer.org.
[15]G. Zhao et al., “Cloud Computing: A Statistics Aspect of Users,” 2009, pp. 347–358.
[16]A. K.-S. A. and Processing, 2010. ICSAP’10, and undefined 2010, “Cloud computing: Applying issues in small business,” ieeexplore.ieee.org.
[17]M. G. Jaatun, G. Zhao, and C. Rong, Cloud computing : first international conference, CloudCom 2009, Beijing, China, December 1-4, 2009 : proceedings. Springer, 2009.
[18]“Home | Public Website,” 2010. [Online]. Available: https://www.cpni.gov.uk/Documents/Publications/2010/2010007-ISB_cloud_computing.pdf. [Accessed: 31-Jan-2019].
[19]M. Dikaiakos, D. Katsaros, … P. M.-I. I., and undefined 2009, “Cloud computing: Distributed internet computing for IT and scientific research,” ieeexplore.ieee.org.
[20]S. Subashini, V. K.-J. of network and computer applications, and undefined 2011, “A survey on security issues in service delivery models of cloud computing,” Elsevier.
[21]“How to Gain Comfort in Losing Control to the Cloud Randolph Barr CSO - Qualys, Inc SourceBoston, 23. April ppt download.” [Online]. Available: https://slideplayer.com/slide/7248774/. [Accessed: 29-Jan-2019].
[22]J. Rittinghouse and J. Ransome, Cloud computing: implementation, management, and security. 2016.
[23]T. Mather, S. Kumaraswamy, and S. Latif, Cloud security and privacy: an enterprise perspective on risks and compliance. 2009.
[24]W. Li, L. P.-I. I. C. on C. Computing, and undefined 2009, “Trust model to enhance security and interoperability of cloud environment,” Springer.
[25]S. Ramgovind, M. Eloff, … E. S.-S. for S. A., and undefined 2010, “The management of security in cloud computing,” ieeexplore.ieee.org.
[26]K. S.-I. J. of C. Networks and undefined 2011, “Cloud computing security issues and challenges,” researchgate.net.
[27]P. Mell and T. Grance, “The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology.”
[28]T. Dillon, C. Wu, and E. Chang, “Cloud Computing: Issues and Challenges,” in 2010 24th IEEE International Conference on Advanced Information Networking and Applications, 2010, pp. 27–33.
[29]P. Biljanović and E. and M.-M. Croatian Society for Information and Communication Technology, MIPRO 2010 : 33rd International Convention on Information and Communication Technology, Electronics and Microelectronics : May 24-28, 2010, Opatija, Croatia. Croatian Society for Information and Communication Technology, Electronics and Microelectronics, 2010.
[30]J. Yang, Z. C.-C. intelligence and software, and undefined 2010, “Cloud computing research and security issues,” ieeexplore.ieee.org.
[31]Y. Jadeja and K. Modi, “Cloud computing - concepts, architecture and challenges,” in 2012 International Conference on Computing, Electronics and Electrical Technologies (ICCEET), 2012, pp. 877–880.
[32]P. Mathur, N. N. G. C. (PDGC), 2010 1st, and undefined 2010, “Cloud computing: New challenge to the entire computer industry,” ieeexplore.ieee.org.
[33]L. Savu, “Cloud Computing: Deployment Models, Delivery Models, Risks and Research Challenges,” in 2011 International Conference on Computer and Management (CAMAN), 2011, pp. 1–4.
[34]J. Gibson, R. Rondeau, D. Eveleigh, and Q. Tan, “Benefits and challenges of three cloud computing service models,” in 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN), 2012, pp. 198–205.
[35]I. Hashem, I. Yaqoob, N. Anuar, S. Mokhtar, A. G.-I. systems, and undefined 2015, “The rise of ‘big data’ on cloud computing: Review and open research issues,” Elsevier.
[36]“ROUGH TYPE | Nicholas Carr’s blog.” [Online]. Available: http://www.roughtype.com/. [Accessed: 30-Jan-2019].
[37]A. Stanik, M. Hovestadt, and O. Kao, “Hardware as a Service (HaaS): Physical and virtual hardware on demand,” in 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings, 2012, pp. 149–154.
[38]S. Zhang, H. Yan, and X. Chen, “peer-review under responsibility of [name organizer],” Phys. Procedia, vol. 33, pp. 1791–1797, 2012.
[39]J. Ekanayake and G. Fox, “High Performance Parallel Computing with Clouds and Cloud Technologies,” Springer, Berlin, Heidelberg, 2010, pp. 20–38.
[40]F. Lombardi and R. Di Pietro, “Secure virtualization for cloud computing,” J. Netw. Comput. Appl., vol. 34, no. 4, pp. 1113–1122, Jul. 2011.
[41]K. Gai, M. Qiu, and H. Zhao, “Security-Aware Efficient Mass Distributed Storage Approach for Cloud Systems in Big Data,” in 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 2016, pp. 140–145.
[42]R. L. Grossman, “The Case for Cloud Computing,” IT Prof., vol. 11, no. 2, pp. 23–27, Mar. 2009.
[43]S. Sakr, A. Liu, D. M. Batista, and M. Alomari, “A Survey of Large Scale Data Management Approaches in Cloud Environments,” IEEE Commun. Surv. Tutorials, vol. 13, no. 3, pp. 311–336, 2011.
[44]D. Nurmi et al., “The Eucalyptus Open-Source Cloud-Computing System,” in 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, 2009, pp. 124–131.
[45]M. Armbrust et al., “A view of cloud computing,” Commun. ACM, vol. 53, no. 4, p. 50, Apr. 2010.
[46]N. Robinson et al., “The Cloud: Understanding the Security, Privacy and Trust Challenges,” SSRN Electron. J., Nov. 2010.
[47]J. Falkheimer, “Anthony Giddens and public relations: A third way perspective,” Public Relat. Rev., vol. 33, no. 3, pp. 287–293, Sep. 2007.
[48]D. Artz, Y. G.-W. S. Science, S. and A. on the, and undefined 2007, “A survey of trust in computer science and the semantic web,” Elsevier.
[49]A. Nagarajan and V. Varadharajan, “Dynamic trust enhanced security model for trusted platform based services,” Futur. Gener. Comput. Syst., vol. 27, no. 5, pp. 564–573, May 2011.
[50]D. L.-C. Communications and undefined 2003, “Establishing and managing trust within the Public Key Infrastructure,” Elsevier.
[51]D. Chen, H. Z.-C. S. and Electronics, and undefined 2012, “Data security and privacy protection issues in cloud computing,” ieeexplore.ieee.org.
[52]J. B.- Infoworld and undefined 2008, “Gartner: Seven cloud-computing security risks,” idi.ntnu.no.
[53]T.-S. Chou, “Security Threats on Cloud Computing Vulnerabilities,” Int. J. Comput. Sci. Inf. Technol., vol. 5, no. 3, pp. 79–88, Jun. 2013.
[54]S. Subashini, V. K.-J. of network and computer applications, and undefined 2011, “A survey on security issues in service delivery models of cloud computing,” Elsevier.
[55]W. Bin, H. Yuan, L. Xi, X. M.-B. Engineering, undefined 2009, and undefined 2009, “Open identity management framework for SaaS ecosystem,” ieeexplore.ieee.org.
[56]E. Fong and V. Okun, “Web Application Scanners: Definitions and Functions,” in 2007 40th Annual Hawaii International Conference on System Sciences (HICSS’07), 2007, p. 280b–280b.
[57]H. Demirkan and D. Delen, “Leveraging the capabilities of service-oriented decision support systems: Putting analytics and big data in cloud,” Decis. Support Syst., vol. 55, no. 1, pp. 412–421, Apr. 2013.
[58]B. Prabadevi and N. Jeyanthi, “Distributed Denial of service attacks and its effects on Cloud environment- a survey,” in The 2014 International Symposium on Networks, Computers and Communications, 2014, pp. 1–5.
[59]D. Catteddu, “Cloud Computing: Benefits, Risks and Recommendations for Information Security,” 2010, pp. 17–17.
[60]A. Alqahtani and H. Gull, “Cloud Computing and Security Issues-A Review of Amazon Web Services,” 2018.
[61]A. Choudhary, M. D.-I. J. of Computer, and undefined 2012, “CIDT: Detection of malicious code injection attacks on web application,” researchgate.net.
[62]M. McIntosh, P. A.-P. of the 2005 workshop on Secure, and undefined 2005, “XML signature element wrapping attacks and countermeasures,” dl.acm.org.
[63]N. Gruschka, L. I.-W. Services, 2009. ICWS 2009. IEEE, and undefined 2009, “Vulnerable cloud: Soap message security validation revisited,” ieeexplore.ieee.org.
[64]A. Gupta, P. Dhyani, O. R.-I. J. of, and undefined 2013, “Cloud based e-voting: one step ahead for good governance in India,” pdfs.semanticscholar.org.
[65]A. Bisong, S. S. M. Rahman, and M. Rahman, “An Overview Of The Security Concerns In Enterprise Cloud Computing,” Int. J. Netw. Secur. Its Appl., vol. 3, no. 1, pp. 30–45, Jan. 2011.
[66]A. Dubey, D. W.-T. M. Quarterly, and undefined 2007, “Delivering software as a service,” pocsolutions.net.
[67]D. Zissis, D. L.-F. G. computer systems, and undefined 2012, “Addressing cloud computing security issues,” Elsevier.
[68]R. S.-C. & Security and undefined 1992, “Distributed systems security,” Elsevier.
[69]M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, “On Technical Security Issues in Cloud Computing,” in 2009 IEEE International Conference on Cloud Computing, 2009, pp. 109–116.
[70]W. Voorsluys, J. Broberg, and R. Buyya, “Introduction to Cloud Computing,” in Cloud Computing, Hoboken, NJ, USA: John Wiley & Sons, Inc., 2011, pp. 1–41.
[71]J. Heiser, M. N.-G. Report, and undefined 2008, “Assessing the security risks of cloud computing,” academia.edu.
[72]F. S.-S. and N. (ICCSN), 2011 IEEE 3rd, and undefined 2011, “Cloud computing security threats and responses,” ieeexplore.ieee.org.
[73]“About Us | Trend Micro.” [Online]. Available: https://www.trendmicro.com/en_us/about.html. [Accessed: 30-Jan-2019].
[74]A. Kumar Gupta and S. Prakash, “SERVICE ENHANCEMENT USING CLOUD COMPUTING.”
[75]M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, “On Technical Security Issues in Cloud Computing,” in 2009 IEEE International Conference on Cloud Computing, 2009, pp. 109–116.
[76]C. Pfleeger and S. Pfleeger, Security in computing. 2002.
[77]D. Zissis, D. L.-F. G. computer systems, and undefined 2012, “Addressing cloud computing security issues,” Elsevier.
[78]C. Uikey and D. S. Bhilare, “Security and trust life cycle of multi-domain cloud environment,” in 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS), 2017, pp. 2670–2678.
[79]“Shibboleth | Internet2.” [Online]. Available: https://www.internet2.edu/products-services/trust-identity/shibboleth/. [Accessed: 07-Feb-2019].
[80]“UK federation information centre | Documents / AvailableServices browse.” [Online]. Available: https://www.ukfederation.org.uk/content/Documents/AvailableServices. [Accessed: 07-Feb-2019].
[81]K. Stanoevska, T. Wozniak, and S. Ristol, Grid and cloud computing: a business perspective on technology and applications. 2009.
[82]B. Lang, I. Foster, F. Siebenlist, R. Ananthakrishnan, and T. Freeman, “A Flexible Attribute Based Access Control Method for Grid Computing,” J. Grid Comput., vol. 7, no. 2, pp. 169–180, Jun. 2009.
[83]“Security models for web-based applications,” dl.acm.org.
[84]M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou, “Security and Privacy in Cloud Computing: A Survey,” in 2010 Sixth International Conference on Semantics, Knowledge and Grids, 2010, pp. 105–112.
[85]International journal of engineering and computer science IJECS. .
[86]M. Al Morsy, J. Grundy, and I. Müller, “An Analysis of the Cloud Computing Security Problem.”
[87]R. E.-G.-I. W. C. on T. and and undefined 2014, “A literature review on cloud computing adoption issues in enterprises,” Springer.
[88]S. Yoshikawa and S. Sasaki, “R&D Strategy of Fujitsu Laboratories-Toward a Human-Centric Networked Society,” 2010.
[89]R. Chow et al., “Controlling data in the cloud,” in Proceedings of the 2009 ACM workshop on Cloud computing security - CCSW ’09, 2009, p. 85.
[90]G. Christina Oliver, “NIST SP 800-145, The NIST Definition of Cloud Computing.”
[91]A. Beloglazov and R. Buyya, “Energy Efficient Resource Management in Virtualized Cloud Data Centers,” in 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, 2010, pp. 826–831.
[92]P. Chatterjee and N. De, “CLOUD COMPUTING IS GENERATING ECONOMIC GROWTH AND EMPLOYMENT OPPORTUNITIES IN INDIA.”
[93]S. H. Patil, A. C. Adamuthe, V. D. Salunkhe, and G. T. Thampi, “Cloud Computing-A market Perspective and Research Directions,” Inf. Technol. Comput. Sci., vol. 10, pp. 42–53, 2015.
[94]D. G. Chandra and R. S. Bhadoria, “Cloud Computing Model for National E-governance Plan (NeGP),” in 2012 Fourth International Conference on Computational Intelligence and Communication Networks, 2012, pp. 520–524.
[95]G. F. Knolmayer and P. Asprion, “Assuring Compliance in IT Subcontracting and Cloud Computing,” Springer, Berlin, Heidelberg, 2011, pp. 21–45.
[96]S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang, and A. Ghalsasi, “Cloud computing — The business perspective,” Decis. Support Syst., vol. 51, no. 1, pp. 176–189, Apr. 2011.
[97]A. Lele, “Cloud Computing,” Springer, Singapore, 2019, pp. 167–185.
[98]D. Evans and D. C. Yen, “E-Government: Evolving relationship of citizens and government, domestic, and international development,” Gov. Inf. Q., vol. 23, no. 2, pp. 207–235, Jan. 2006.
[99]N. Kshetri, T. Torbjörn Fredriksson, D. C. Rojas Torres, T. Fredriksson, and D. C. R. Torres, Big Data and Cloud Computing for Development. New York, NY : Routledge, 2017.: Routledge, 2017.
[100] L. A. Tawalbeh, W. Bakheder, and H. Song, “A Mobile Cloud Computing Model Using the Cloudlet Scheme for Big Data Applications,” in 2016 IEEE First International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE), 2016, pp. 73–77.
[101] A. Khajeh-Hosseini, D. Greenwood, and I. Sommerville, “Cloud Migration: A Case Study of Migrating an Enterprise IT System to IaaS,” in 2010 IEEE 3rd International Conference on Cloud Computing, 2010, pp. 450–457.