Skip to main content

Security concerns and countermeasures in cloud computing: a qualitative analysis

Abstract

Nowadays, cloud computing is considered as most cost-effective platform which provides business and consumer services in IT over the Internet. But security is recognized as the main stammer block for wider adoption due to outsourcing of services from third party. Keeping in view the same, security issues in three service models of cloud computing namely SaaS, PaaS, and IaaS have been discussed. The present paper provides a qualitative analysis of all vulnerabilities and related threats corresponding to each service model. In last section countermeasures have been proposed to enhance the security in Cloud computing.

This is a preview of subscription content, access via your institution.

References

  1. Gonzalez et al (2012) A quantitative analysis of current security concerns and solutions for cloud computing. J Cloud Comput Adv Syst Appl 1:11

    Article  Google Scholar 

  2. Catteddu D, Hogben G (2009) Benefits, risks and recommendations for information security. Tech. rep., European Network and Information Security Agency, enisa.europa.eu/act/rm/files/deliverables/cloudcomputing-risk-assessment

  3. CSA (2009) Security guidance for critical areas of focus in cloud computing. Tech. rep., Cloud Security Alliance

  4. Hashizume et al (2013) An analysis of security issues for cloud computing. J Int Serv Appl 4:5

    Article  Google Scholar 

  5. Rittinghouse JW, Ransome JF (2009) Security in the cloud. In: Cloud computing. implementation, management, and security. CRC Press

  6. Kitchenham B (2004) Procedures for performing systematic review, software engineering group. Department of Computer Science Keele University, United Kingdom and Empirical Software Engineering, National ICT Australia Ltd, Australia. TR/SE-0401

  7. Kitchenham B, Charters S (2007) Guidelines for performing systematic literature reviews in software engineering, Version 2.3. University of Keele (software engineering group, school of computer science and mathematics) and Durham, Department of Computer Science, UK

  8. Brereton P, Kitchenham BA, Budgen D, Turner M, Khalil M (2007) Lessons from applying the systematic literature review process within the software engineering domain. J Syst Softw 80(4):571–583

    Article  Google Scholar 

  9. Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11

    Article  Google Scholar 

  10. Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy. O’Reilly Media Inc, Sebastopol

    Google Scholar 

  11. Xu K, Zhang X, Song M, Song J (2009) Mobile mashup: architecture, challenges and suggestions. In: International conference on management and service science. MASS’09. IEEE Computer Society, Washington

  12. Morsy MA, Grundy J, Müller I (2010) An analysis of the Cloud Computing Security problem. In: Proceedings of APSEC 2010 cloud workshop. APSEC, Sydney

  13. Chandramouli R, Mell P (2010) State of security readiness. Crossroads 16(3):23–25

    Article  Google Scholar 

  14. Ju J, Wang Y, Fu J, Wu J, Lin Z (2010) Research on key technology in SaaS. In: International conference on intelligent computing and cognitive informatics (ICICCI), Hangzhou, China. IEEE Computer Society, Washington

  15. Takabi H, Joshi J.B.D, Ahn G.-J (2010), “Secure Cloud: Towards a Comprehensive Security Framework for Cloud Computing Environments,” Proc. 1st IEEE Int’l workshop emerging applications for cloud computing (CloudApp 2010). IEEE CS Press

  16. Wylie J, Bakkaloglu M, Pandurangan V, Bigrigg M, Oguz S, Tew K, Williams C, Ganger G, Khosla P (2001) Selecting the right data distribution scheme for a survivable Storage system. CMU-CS-01-120, Pittsburgh

  17. Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1,” http://www.cloudsecurityalliance.org/csaguide.pdf

  18. Cloud Security Alliance (2010) Top Threats to Cloud Computing. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf. Accessed 21 Mar 2014

  19. Cloud Security Alliance (2012) SecaaS implementation guidance, category 1: identity and access management. https://downloads.cloudsecurityalliance.org/initiatives/secaas/SecaaS_Cat_1_IAM_Implementation_Guidance.pdf. Accessed 8 Oct 2012

  20. Somani U, Lakhani K, Mundra M (2010) Implementing digital signature with RSA encryption algorithm to enhance the data Security of Cloud in Cloud Computing. In: 1st International conference on parallel distributed and grid Computing (PDGC). IEEE Computer Society Washington

  21. Harnik D, Pinkas B, Shulman- Peleg A (2010) Side channels in cloud services: deduplication in cloud storage. IEEE Secur Priv 8(6):40–47

    Article  Google Scholar 

  22. Fong E, Okun V (2007) Web application scanners: definitions and functions. In: Proceedings of the 40th annual Hawaii International conference on system sciences. IEEE Computer Society, Washington

  23. Tebaa M, El Hajji S, El Ghazi A (2012) Homomorphic encryption method applied to cloud computing. In: National days of network security and systems (JNS2). IEEE Computer Society, Washington

  24. Berger S, Cáceres R, Pendarakis D, Sailer R, Valdez E, Perez R, Schildhauer W, Srinivasan D (2008) TVDc: managing Security in the trusted virtual data center. SIGOPS Oper Syst Rev 42(1):40–47

    Article  Google Scholar 

  25. Xiao S, Gong W (2010) Mobility can help: protect user identity with dynamic credential. In: Eleventh international conference on mobile data management (MDM). IEEE Computer Society, Washington

  26. Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society, Washington, DC

  27. Santos N, Gummadi KP, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 conference on hot topics in cloud computing, San Diego, California. USENIX Association Berkeley, CA

  28. Krautheim FJ (2009) Private virtual infrastructure for cloud computing. In: Proceedings of the HOTCLOUD conference 2009. ACM, New York

  29. Ouedraogo et al (2015) Security transparency: the next frontier for security research in the cloud. J Cloud Comput Adv Syst Appl 4:12

    Article  Google Scholar 

  30. Berger S, Cáceres R, Goldman K, Pendarakis D, Perez R, Rao JR, Rom E, Sailer R, Schildhauer W, Srinivasan D, Tal S, Valdez E (2009) Security for the cloud infrastructure: trusted virtual data center implementation. IBM J Res Dev 53(4):6

    Article  Google Scholar 

  31. Naehrig M, Lauter K, Vaikuntanathan V (2011) Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM workshop on cloud computing security workshop. ACM, New York

  32. Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing Security of virtual machine images in a Cloud environment. In: Proceedings of the 2009 ACM workshop on cloud computing security. ACM, New York

  33. Han-zhang W, Liu-sheng H (2010) An improved trusted cloud computing platform model based on DAA and privacy CA scheme. In: International conference on computer application and system modeling (ICCASM), Vol. 13, V13–39. IEEE Computer, Society, Washington, DC

  34. Xiaopeng G, Sumei W, Xianqin C (2010) VNSS: A network security sandbox for virtual computing environment. In: IEEE youth conference on information computing and telecommunications (YC-ICT). IEEE Computer Society, Washington

  35. Wu H, Ding Y, Winer C, Yao L (2010) Network security for virtual machine in cloud computing. In: 5th International conference on computer sciences and convergence information technology (ICCIT). IEEE Computer Society, Washington

  36. Habiba et al (2014) Cloud identity management security issues & solutions: a taxonomy. Complex Adapt Syst Model 2:5

    Article  Google Scholar 

  37. Zhang F, Huang Y, Wang H, Chen H, Zang B (2008) PALM: security preserving VM live migration for systems with VMM-enforced protection. In: Trusted infrastructure technologies conference, 2008. APTC’08, Third Asia-Pacific. IEEE Computer Society, Washington, DC

Download references

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Anjana or Ajit Singh.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Anjana, Singh, A. Security concerns and countermeasures in cloud computing: a qualitative analysis. Int. j. inf. tecnol. 11, 683–690 (2019). https://doi.org/10.1007/s41870-018-0108-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41870-018-0108-1

Keywords

  • Cloud computing
  • Security
  • Threats
  • Vulnerabilities
  • SaaS
  • PaaS
  • IaaS
  • Virtual machine
  • Countermeasures