Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

A survey on security issues and solutions at different layers of Cloud computing

Abstract

Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

References

  1. 1.

    Abbasy MR, Shanmugam B (2011) Enabling data hiding for resource sharing in cloud computing environments based on dna sequences. In: Proceedings of the 2011 IEEE world congress on services, SERVICES’11, pp 385–390

  2. 2.

    Aws management console. Amazon web services. http://aws.amazon.com/console/

  3. 3.

    Bahram S, Jiang X, Wang Z, Grace M (2010) Dksm: subverting virtual machine introspection for fun and profit. In: Proceedings of the 29th IEEE international symposium on reliable distributed systems

  4. 4.

    Bakshi A, Dujodwala YB (2010) Securing cloud from ddos attacks using intrusion detection system in virtual machine. In: Proceedings of the 2010 second international conference on communication software and networks, ICCSN’10, pp 260–264

  5. 5.

    Balachandra KR, Ramakrishna VP, Rakshit A (2009) Cloud security issues. In: Proceedings of the 2009 IEEE international conference on services computing, SCC’09, pp 517–520

  6. 6.

    Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: Proceedings of the 28th IEEE symposium on security and privacy, pp 1–6

  7. 7.

    Celesti A, Tusa F, Villari M, Puliafito A (2010) Security and cloud computing: intercloud identity management infrastructure. In: WETICE, pp 263–265

  8. 8.

    Chandramouli R, Mell P (2010) State of security readiness. Crossroads 16(3):23–25

  9. 9.

    Cloud computing comparison guide. Web hosting unleashed. http://www.webhostingunleashed.com/whitepaper/cloud-computing-comparison/

  10. 10.

    Comparison guide: Cloud computing. Focus research. http://www.focus.com/research/comparison-guide-cloud-computing/

  11. 11.

    Compliance home. Website (2011) http://www.compliancehome.com/

  12. 12.

    Diallo MH, Hore B, Chang EC, Mehrotra S, Venkatasubramanian N (2012) Cloudprotect: managing data privacy in cloud applications. In: IEEE CLOUD

  13. 13.

    Du J, Wei W, Gu X, Yu T (2009) Toward secure dataflow processing in open distributed systems. In: Proc of ACM scalable trusted computing workshop (STC)

  14. 14.

    Durkee D (2010) Why cloud computing will never be free. Commun ACM 53(5):62–69

  15. 15.

    Echeverría V, Liebrock LM, Shin D (2010) Permission management system: permission as a service in cloud computing. In: COMPSAC workshops, pp 371–375

  16. 16.

    Ei Ei Mon TTN (2011) The privacy-aware access control system using attribute-and role-based access control in private cloud. In: 4th IEEE international conference on broadband network and multimedia technology (IC-BNMT), pp 447–451

  17. 17.

    Ferguson T (2009) Salesforce.com outage hits thousands of businesses. http://www.ludcastle.co.uk/business_resources/Clouded~%20in%

  18. 18.

    Garnkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Proc net and distributed sys sec symp

  19. 19.

    Gens F (2009) New idc it cloud services survey: top benefits and challenges. http://blogs.idc.com/ie/?p=730

  20. 20.

    Halton W (2010) Security issues and solutions in cloud computing. http://wolfhalton.info/2010/06/25/security-issues-and-solutions-in-cloud-computing/

  21. 21.

    Hu L, Ying S, Jia X, Zhao K Towards an approach of semantic access control for cloud computing. In: Proceedings of the 1st international conference on cloud computing, pp 145–156

  22. 22.

    Huang X, Zhang T, Hou Y (2009) Id management among clouds. In: First international conference on future information networks, ICFIN2009, pp 237–241

  23. 23.

    Jager T, Somorovsky J (2011) How to break xml encryption. In: ACM conference on computer and communications security, pp 413–422. http://dblp.uni-trier.de/db/conf/ccs/ccs2011.html#JagerJ11

  24. 24.

    Jensen M, Schwenk JO, Gruschka N, Iacono LL (2009) On technical security issues in cloud computing. In: IEEE international conference on cloud computing, CLOUD-II 2009, pp 109–116

  25. 25.

    Khorshed MT, Ali ABMS, Wasimi SA (2011) Monitoring insiders activities in cloud computing using rule based learning. In: Proceedings of the 2011 IEEE 10th international conference on trust, security and privacy in computing and communications, TRUSTCOM’11, pp 757–764

  26. 26.

    King S, Chen P, Wang YM (2006) Subvirt: implementing malware with virtual machines. In: 2006 IEEE symposium on security and privacy, pp 314–327

  27. 27.

    Kirby G, Deale A, Macdonald A, Fernandes A (2010) An approach to ad hoc cloud computing. http://arxiv.org/abs/1002.4738v1

  28. 28.

    Leu FY, Lin JC, Li MC, Yang CT, Shih PC (2005) Integrating grid with intrusion detection. In: Proceedings of the 19th international conference on advanced information networking and applications, AINA’05, vol 1, pp 304–309

  29. 29.

    Lin D, Squicciarini A (2010) Data protection models for service provisioning in the cloud. In: Proceeding of the ACM symposium on access control models and technologies, SACMAT’10

  30. 30.

    Lo CC, Huang C, Ku J (2010) A cooperative intrusion detection system framework for cloud computing networks. In: Proceedings of the 2010 39th international conference on parallel processing workshops, ICPPW’10, pp 280–284

  31. 31.

    Lombardi F, Pietro RD (2010) Transparent security for cloud. In: Proceedings of the 2010 ACM symposium on applied computing, pp 414–415

  32. 32.

    Mazzariello C, Bifulco R, Canonoco R (2010) Integrating a network ids into an open source cloud computing. In: Sixth international conference on information assurance and security (IAS), pp 265–270

  33. 33.

    Mell P, Grance T (2011) The nist definition of cloud computing (draft). http://csrc.nist.gov/publications/drafts/800–145/Draft-SP-800-145_cloud-definition.pdf

  34. 34.

    Metz C (2009) Ddos attack rains down on Amazon cloud. http://www.theregister.co.uk/2009/10/05/amazon_bitbucket_outage/

  35. 35.

    Metz C (2011) Amazon outage spans clouds ‘insulated’ from each other. http://www.theregister.co.uk/2011/04/21/amazon_web_services_outages_spans_zones/ from each other

  36. 36.

    Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2012) A survey of intrusion detection techniques in cloud. J Netw Comput Appl. doi:10.1016/j.jnca.2012.05.003

  37. 37.

    Morizumi T, Suzuki K, Kinoshita H (2009) Transparent security for cloud system for search, access restriction, and agents in the clouds. In: Proceedings of the 2009 ninth annual international symposium on applications and the Internet, pp 201–204

  38. 38.

    Mowbray M, Pearson S (2009) A client-based privacy manager for cloud computing. In: Proceedings of the fourth international ICST conference on communication system softWAre and middleware, COMSWARE’09, pp 1–8

  39. 39.

    Naruchitparames J, Günes MH (2011) Enhancing data privacy and integrity in the cloud. In: HPCS, pp 427–434

  40. 40.

    National vulnerability database version 2.2. NIST. http://web.nvd.nist.gov/view/vuln/search-results?query=virtual&search%_type=all&cves=on

  41. 41.

    Pauli D (2011) Amazon’s ec2, eucalyptus vulnerability discovered. http://www.crn.com.au/News/278387,amazons-ec2-eucalyptus-vulnerability-discovered.aspx

  42. 42.

    Ponemon (2011) Security of cloud computing providers study. http://www.ca.com/~/media/Files/IndustryResearch/security-of-cloud-computing-providers-final-april-2011.pdf

  43. 43.

    Ranchal R, Bhargava B, Othmane LB, Lilien L, Kim A, Kang M, Linderman M (2010) Protection of identity information in cloud computing without trusted third party. In: Proceedings of the 2010 29th IEEE symposium on reliable distributed systems, SRDS’10, pp 368–372

  44. 44.

    Raykova M, Zhao H, Bellovin SM (2012) Privacy enhanced access control for outsourced data sharing. In: Financial cryptography and data security

  45. 45.

    Rimal BP, Choi E, Lumb I (2009) A taxonomy and survey of cloud computing systems. In: NCM’09: proceedings of the 2009 fifth international joint conference on INC, IMS and IDC, pp 44–51

  46. 46.

    Rutkowska J (2006) Subverting vistatm kernel for fun and profit. In: BlackHat conference

  47. 47.

    Rutkowska J (2007) Security challenges in virtualized environments. http://bluepillproject.org

  48. 48.

    Salmon J (2008) Clouded in uncertainty—the legal pitfalls of cloud computing. http://www.ludcastle.co.uk/business_resources/Clouded~%20in%

  49. 49.

    Sandar SV, Shenai S (2012) Economic denial of sustainability (edos) in cloud services using http and xml based ddos attacks. Int J Comput Appl 41(20):11–16

  50. 50.

    Sanka S, Hota C, Rajarajan M (2010) Secure data access in cloud computing. In: IEEE 4th international conference on Internet multimedia services architecture and application (IMSAA), pp 1–6

  51. 51.

    Security guidance for critical areas of focus in cloud computing V3.0. Cloud Security Alliance (2011) http://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf

  52. 52.

    Security threats. Microsoft. http://technet.microsoft.com/en-us/library/cc723507.aspx

  53. 53.

    Slamanig D (2012) Dynamic accumulator based discretionary access control for outsourced storage with unlinkable access, pp 215–222

  54. 54.

    Software as a service-Wikipedia. Wikipedia. http://en.wikipedia.org/wiki/Software_as_a_service

  55. 55.

    Somorovsky J, Heiderich M, Jensen M, Schwenk J, Gruschka N, Iacono LL (2011) All your clouds are belong to us—security analysis of cloud management interfaces. In: ACM workshop on Cloud computing security

  56. 56.

    Sourya (2011) Should you be concerned? A list of recent cloud computing failures—intuit goes down. http://www.cloudtweaks.com/2011/06/should-you-be-concerned-a-list-of-recent-cloud-computing-failures

  57. 57.

    Sripanidkulchai K, Sahu S, Ruan Y, Shaikh A, Dorai C (2010) Are clouds ready for large distributed applications. SIGOPS Oper Syst Rev 44(2):18–23

  58. 58.

    Stolfo SJ, Salem MB, Keromytis AD (2012) Fog computing: mitigating insider data theft attacks in the cloud. In: 2012 IEEE symposium on security and privacy workshops. IEEE Press, New York, pp 125–128

  59. 59.

    Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34:1–11

  60. 60.

    Tian X, Wang X, Zhou A (2009) Dsp reencryption: a flexible mechanism for access control enforcement management in daas. In: Proc CLOUD’09, SACMAT’10, pp 25–32

  61. 61.

    Top 7 threats to cloud computing. HELP NET SECURITY. http://www.net-security.org/secworld.php?id=8943

  62. 62.

    Volokyta A (2012) Secure virtualization in cloud computing. In: 2012 international conference on modern problems of radio engineering telecommunications and computer science (TCSET), p 395

  63. 63.

    Vulnerability in windows server 2008 hyper-v could allow denial of service (977894). Microsoft security bulletin MS10-010—Important (2010) http://www.microsoft.com/technet/security/bulletin/ms11–047.mspx

  64. 64.

    Wang W, Li Z, Owens R, Bhargava B (2007) Secure and efficient access to outsourced data. In: ACM cloud computing security workshop (CCSW), pp 63–69

  65. 65.

    Wang Q, Wang K, Ren W (2009) Low: ensuring data storage security in cloud computing. In: Proc of IWQoS 2009

  66. 66.

    Wang YJ, Zhao SJ, Le J (2009) Providing privacy preserving in cloud computing. In: International conference on test and measurement, vol 2, pp 213–216

  67. 67.

    Wang B, Li B, Li H (2012) Oruta: Privacy-preserving public auditing for shared data in the cloud. In: IEEE CLOUD

  68. 68.

    Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM workshop on cloud computing security, CCSW’09, pp 91–96

  69. 69.

    What cloud computing really means. InfoWorld. http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031?page=0,0

  70. 70.

    Xarp 2.2.2. filecluster. http://www.filecluster.com/Network-Tools/Network-Monitoring/Download-XArp.html

  71. 71.

    Yan L, Rong C, Zhao G (2009) Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography. In: Proceedings of the 1st international conference on cloud computing, CloudCom’09, pp 167–177

  72. 72.

    Zunnurhain K, Vrbsky S (2010) Security attacks and solutions in clouds. In: Proceedings of the 1st international conference on cloud computing, pp 145–156

Download references

Author information

Correspondence to Chirag Modi.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Modi, C., Patel, D., Borisaniya, B. et al. A survey on security issues and solutions at different layers of Cloud computing. J Supercomput 63, 561–592 (2013). https://doi.org/10.1007/s11227-012-0831-5

Download citation

Keywords

  • Cloud computing
  • Virtualization
  • Security
  • Privacy
  • Vulnerabilities