Abstract
Nowadays, cloud computing is considered as most cost-effective platform which provides business and consumer services in IT over the Internet. But security is recognized as the main stammer block for wider adoption due to outsourcing of services from third party. Keeping in view the same, security issues in three service models of cloud computing namely SaaS, PaaS, and IaaS have been discussed. The present paper provides a qualitative analysis of all vulnerabilities and related threats corresponding to each service model. In last section countermeasures have been proposed to enhance the security in Cloud computing.
Similar content being viewed by others
References
Gonzalez et al (2012) A quantitative analysis of current security concerns and solutions for cloud computing. J Cloud Comput Adv Syst Appl 1:11
Catteddu D, Hogben G (2009) Benefits, risks and recommendations for information security. Tech. rep., European Network and Information Security Agency, enisa.europa.eu/act/rm/files/deliverables/cloudcomputing-risk-assessment
CSA (2009) Security guidance for critical areas of focus in cloud computing. Tech. rep., Cloud Security Alliance
Hashizume et al (2013) An analysis of security issues for cloud computing. J Int Serv Appl 4:5
Rittinghouse JW, Ransome JF (2009) Security in the cloud. In: Cloud computing. implementation, management, and security. CRC Press
Kitchenham B (2004) Procedures for performing systematic review, software engineering group. Department of Computer Science Keele University, United Kingdom and Empirical Software Engineering, National ICT Australia Ltd, Australia. TR/SE-0401
Kitchenham B, Charters S (2007) Guidelines for performing systematic literature reviews in software engineering, Version 2.3. University of Keele (software engineering group, school of computer science and mathematics) and Durham, Department of Computer Science, UK
Brereton P, Kitchenham BA, Budgen D, Turner M, Khalil M (2007) Lessons from applying the systematic literature review process within the software engineering domain. J Syst Softw 80(4):571–583
Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11
Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy. O’Reilly Media Inc, Sebastopol
Xu K, Zhang X, Song M, Song J (2009) Mobile mashup: architecture, challenges and suggestions. In: International conference on management and service science. MASS’09. IEEE Computer Society, Washington
Morsy MA, Grundy J, Müller I (2010) An analysis of the Cloud Computing Security problem. In: Proceedings of APSEC 2010 cloud workshop. APSEC, Sydney
Chandramouli R, Mell P (2010) State of security readiness. Crossroads 16(3):23–25
Ju J, Wang Y, Fu J, Wu J, Lin Z (2010) Research on key technology in SaaS. In: International conference on intelligent computing and cognitive informatics (ICICCI), Hangzhou, China. IEEE Computer Society, Washington
Takabi H, Joshi J.B.D, Ahn G.-J (2010), “Secure Cloud: Towards a Comprehensive Security Framework for Cloud Computing Environments,” Proc. 1st IEEE Int’l workshop emerging applications for cloud computing (CloudApp 2010). IEEE CS Press
Wylie J, Bakkaloglu M, Pandurangan V, Bigrigg M, Oguz S, Tew K, Williams C, Ganger G, Khosla P (2001) Selecting the right data distribution scheme for a survivable Storage system. CMU-CS-01-120, Pittsburgh
Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1,” http://www.cloudsecurityalliance.org/csaguide.pdf
Cloud Security Alliance (2010) Top Threats to Cloud Computing. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf. Accessed 21 Mar 2014
Cloud Security Alliance (2012) SecaaS implementation guidance, category 1: identity and access management. https://downloads.cloudsecurityalliance.org/initiatives/secaas/SecaaS_Cat_1_IAM_Implementation_Guidance.pdf. Accessed 8 Oct 2012
Somani U, Lakhani K, Mundra M (2010) Implementing digital signature with RSA encryption algorithm to enhance the data Security of Cloud in Cloud Computing. In: 1st International conference on parallel distributed and grid Computing (PDGC). IEEE Computer Society Washington
Harnik D, Pinkas B, Shulman- Peleg A (2010) Side channels in cloud services: deduplication in cloud storage. IEEE Secur Priv 8(6):40–47
Fong E, Okun V (2007) Web application scanners: definitions and functions. In: Proceedings of the 40th annual Hawaii International conference on system sciences. IEEE Computer Society, Washington
Tebaa M, El Hajji S, El Ghazi A (2012) Homomorphic encryption method applied to cloud computing. In: National days of network security and systems (JNS2). IEEE Computer Society, Washington
Berger S, Cáceres R, Pendarakis D, Sailer R, Valdez E, Perez R, Schildhauer W, Srinivasan D (2008) TVDc: managing Security in the trusted virtual data center. SIGOPS Oper Syst Rev 42(1):40–47
Xiao S, Gong W (2010) Mobility can help: protect user identity with dynamic credential. In: Eleventh international conference on mobile data management (MDM). IEEE Computer Society, Washington
Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society, Washington, DC
Santos N, Gummadi KP, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 conference on hot topics in cloud computing, San Diego, California. USENIX Association Berkeley, CA
Krautheim FJ (2009) Private virtual infrastructure for cloud computing. In: Proceedings of the HOTCLOUD conference 2009. ACM, New York
Ouedraogo et al (2015) Security transparency: the next frontier for security research in the cloud. J Cloud Comput Adv Syst Appl 4:12
Berger S, Cáceres R, Goldman K, Pendarakis D, Perez R, Rao JR, Rom E, Sailer R, Schildhauer W, Srinivasan D, Tal S, Valdez E (2009) Security for the cloud infrastructure: trusted virtual data center implementation. IBM J Res Dev 53(4):6
Naehrig M, Lauter K, Vaikuntanathan V (2011) Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM workshop on cloud computing security workshop. ACM, New York
Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing Security of virtual machine images in a Cloud environment. In: Proceedings of the 2009 ACM workshop on cloud computing security. ACM, New York
Han-zhang W, Liu-sheng H (2010) An improved trusted cloud computing platform model based on DAA and privacy CA scheme. In: International conference on computer application and system modeling (ICCASM), Vol. 13, V13–39. IEEE Computer, Society, Washington, DC
Xiaopeng G, Sumei W, Xianqin C (2010) VNSS: A network security sandbox for virtual computing environment. In: IEEE youth conference on information computing and telecommunications (YC-ICT). IEEE Computer Society, Washington
Wu H, Ding Y, Winer C, Yao L (2010) Network security for virtual machine in cloud computing. In: 5th International conference on computer sciences and convergence information technology (ICCIT). IEEE Computer Society, Washington
Habiba et al (2014) Cloud identity management security issues & solutions: a taxonomy. Complex Adapt Syst Model 2:5
Zhang F, Huang Y, Wang H, Chen H, Zang B (2008) PALM: security preserving VM live migration for systems with VMM-enforced protection. In: Trusted infrastructure technologies conference, 2008. APTC’08, Third Asia-Pacific. IEEE Computer Society, Washington, DC
Author information
Authors and Affiliations
Corresponding authors
Rights and permissions
About this article
Cite this article
Anjana, Singh, A. Security concerns and countermeasures in cloud computing: a qualitative analysis. Int. j. inf. tecnol. 11, 683–690 (2019). https://doi.org/10.1007/s41870-018-0108-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-018-0108-1