International Journal of Information Technology

, Volume 11, Issue 4, pp 683–690 | Cite as

Security concerns and countermeasures in cloud computing: a qualitative analysis

  • AnjanaEmail author
  • Ajit SinghEmail author
Original Research


Nowadays, cloud computing is considered as most cost-effective platform which provides business and consumer services in IT over the Internet. But security is recognized as the main stammer block for wider adoption due to outsourcing of services from third party. Keeping in view the same, security issues in three service models of cloud computing namely SaaS, PaaS, and IaaS have been discussed. The present paper provides a qualitative analysis of all vulnerabilities and related threats corresponding to each service model. In last section countermeasures have been proposed to enhance the security in Cloud computing.


Cloud computing Security Threats Vulnerabilities SaaS PaaS IaaS Virtual machine Countermeasures 


  1. 1.
    Gonzalez et al (2012) A quantitative analysis of current security concerns and solutions for cloud computing. J Cloud Comput Adv Syst Appl 1:11CrossRefGoogle Scholar
  2. 2.
    Catteddu D, Hogben G (2009) Benefits, risks and recommendations for information security. Tech. rep., European Network and Information Security Agency, Scholar
  3. 3.
    CSA (2009) Security guidance for critical areas of focus in cloud computing. Tech. rep., Cloud Security AllianceGoogle Scholar
  4. 4.
    Hashizume et al (2013) An analysis of security issues for cloud computing. J Int Serv Appl 4:5CrossRefGoogle Scholar
  5. 5.
    Rittinghouse JW, Ransome JF (2009) Security in the cloud. In: Cloud computing. implementation, management, and security. CRC PressGoogle Scholar
  6. 6.
    Kitchenham B (2004) Procedures for performing systematic review, software engineering group. Department of Computer Science Keele University, United Kingdom and Empirical Software Engineering, National ICT Australia Ltd, Australia. TR/SE-0401Google Scholar
  7. 7.
    Kitchenham B, Charters S (2007) Guidelines for performing systematic literature reviews in software engineering, Version 2.3. University of Keele (software engineering group, school of computer science and mathematics) and Durham, Department of Computer Science, UKGoogle Scholar
  8. 8.
    Brereton P, Kitchenham BA, Budgen D, Turner M, Khalil M (2007) Lessons from applying the systematic literature review process within the software engineering domain. J Syst Softw 80(4):571–583CrossRefGoogle Scholar
  9. 9.
    Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11CrossRefGoogle Scholar
  10. 10.
    Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy. O’Reilly Media Inc, SebastopolGoogle Scholar
  11. 11.
    Xu K, Zhang X, Song M, Song J (2009) Mobile mashup: architecture, challenges and suggestions. In: International conference on management and service science. MASS’09. IEEE Computer Society, WashingtonGoogle Scholar
  12. 12.
    Morsy MA, Grundy J, Müller I (2010) An analysis of the Cloud Computing Security problem. In: Proceedings of APSEC 2010 cloud workshop. APSEC, SydneyGoogle Scholar
  13. 13.
    Chandramouli R, Mell P (2010) State of security readiness. Crossroads 16(3):23–25CrossRefGoogle Scholar
  14. 14.
    Ju J, Wang Y, Fu J, Wu J, Lin Z (2010) Research on key technology in SaaS. In: International conference on intelligent computing and cognitive informatics (ICICCI), Hangzhou, China. IEEE Computer Society, WashingtonGoogle Scholar
  15. 15.
    Takabi H, Joshi J.B.D, Ahn G.-J (2010), “Secure Cloud: Towards a Comprehensive Security Framework for Cloud Computing Environments,” Proc. 1st IEEE Int’l workshop emerging applications for cloud computing (CloudApp 2010). IEEE CS PressGoogle Scholar
  16. 16.
    Wylie J, Bakkaloglu M, Pandurangan V, Bigrigg M, Oguz S, Tew K, Williams C, Ganger G, Khosla P (2001) Selecting the right data distribution scheme for a survivable Storage system. CMU-CS-01-120, PittsburghGoogle Scholar
  17. 17.
    Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1,”
  18. 18.
    Cloud Security Alliance (2010) Top Threats to Cloud Computing. Accessed 21 Mar 2014
  19. 19.
    Cloud Security Alliance (2012) SecaaS implementation guidance, category 1: identity and access management. Accessed 8 Oct 2012
  20. 20.
    Somani U, Lakhani K, Mundra M (2010) Implementing digital signature with RSA encryption algorithm to enhance the data Security of Cloud in Cloud Computing. In: 1st International conference on parallel distributed and grid Computing (PDGC). IEEE Computer Society WashingtonGoogle Scholar
  21. 21.
    Harnik D, Pinkas B, Shulman- Peleg A (2010) Side channels in cloud services: deduplication in cloud storage. IEEE Secur Priv 8(6):40–47CrossRefGoogle Scholar
  22. 22.
    Fong E, Okun V (2007) Web application scanners: definitions and functions. In: Proceedings of the 40th annual Hawaii International conference on system sciences. IEEE Computer Society, WashingtonGoogle Scholar
  23. 23.
    Tebaa M, El Hajji S, El Ghazi A (2012) Homomorphic encryption method applied to cloud computing. In: National days of network security and systems (JNS2). IEEE Computer Society, WashingtonGoogle Scholar
  24. 24.
    Berger S, Cáceres R, Pendarakis D, Sailer R, Valdez E, Perez R, Schildhauer W, Srinivasan D (2008) TVDc: managing Security in the trusted virtual data center. SIGOPS Oper Syst Rev 42(1):40–47CrossRefGoogle Scholar
  25. 25.
    Xiao S, Gong W (2010) Mobility can help: protect user identity with dynamic credential. In: Eleventh international conference on mobile data management (MDM). IEEE Computer Society, WashingtonGoogle Scholar
  26. 26.
    Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society, Washington, DCGoogle Scholar
  27. 27.
    Santos N, Gummadi KP, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 conference on hot topics in cloud computing, San Diego, California. USENIX Association Berkeley, CAGoogle Scholar
  28. 28.
    Krautheim FJ (2009) Private virtual infrastructure for cloud computing. In: Proceedings of the HOTCLOUD conference 2009. ACM, New YorkGoogle Scholar
  29. 29.
    Ouedraogo et al (2015) Security transparency: the next frontier for security research in the cloud. J Cloud Comput Adv Syst Appl 4:12CrossRefGoogle Scholar
  30. 30.
    Berger S, Cáceres R, Goldman K, Pendarakis D, Perez R, Rao JR, Rom E, Sailer R, Schildhauer W, Srinivasan D, Tal S, Valdez E (2009) Security for the cloud infrastructure: trusted virtual data center implementation. IBM J Res Dev 53(4):6CrossRefGoogle Scholar
  31. 31.
    Naehrig M, Lauter K, Vaikuntanathan V (2011) Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM workshop on cloud computing security workshop. ACM, New YorkGoogle Scholar
  32. 32.
    Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing Security of virtual machine images in a Cloud environment. In: Proceedings of the 2009 ACM workshop on cloud computing security. ACM, New YorkGoogle Scholar
  33. 33.
    Han-zhang W, Liu-sheng H (2010) An improved trusted cloud computing platform model based on DAA and privacy CA scheme. In: International conference on computer application and system modeling (ICCASM), Vol. 13, V13–39. IEEE Computer, Society, Washington, DCGoogle Scholar
  34. 34.
    Xiaopeng G, Sumei W, Xianqin C (2010) VNSS: A network security sandbox for virtual computing environment. In: IEEE youth conference on information computing and telecommunications (YC-ICT). IEEE Computer Society, WashingtonGoogle Scholar
  35. 35.
    Wu H, Ding Y, Winer C, Yao L (2010) Network security for virtual machine in cloud computing. In: 5th International conference on computer sciences and convergence information technology (ICCIT). IEEE Computer Society, WashingtonGoogle Scholar
  36. 36.
    Habiba et al (2014) Cloud identity management security issues & solutions: a taxonomy. Complex Adapt Syst Model 2:5CrossRefGoogle Scholar
  37. 37.
    Zhang F, Huang Y, Wang H, Chen H, Zang B (2008) PALM: security preserving VM live migration for systems with VMM-enforced protection. In: Trusted infrastructure technologies conference, 2008. APTC’08, Third Asia-Pacific. IEEE Computer Society, Washington, DCGoogle Scholar

Copyright information

© Bharati Vidyapeeth's Institute of Computer Applications and Management 2018

Authors and Affiliations

  1. 1.Department of CSE & ITBhagat Phool Singh Mahila VishwavidyalayaSonipatIndia

Personalised recommendations