Skip to main content
SpringerLink
Log in

Cloud Computing Security Challenges and Related Defensive Measures: A Survey and Taxonomy

  • Survey Article
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

Existing classification systems of cloud computing security challenges have mostly excluded human error as a major root cause of cloud security issues. Therefore, we propose a new cloud security challenge classification system by adding Human Error as a category and retaining the most relevant categories—Network, Data Access, and Virtualization—from previous research. Through a literature survey, we identified effective defensive measures that are used by experts to combat these security challenges and we provided a mapping of the challenges to their defensive measures. Our findings reveal that there is, indeed, a case for human error to be included as a category in the classification of the security challenges encountered in cloud computing, and if cloud service providers (CSPs) and their customers are fully informed on the security challenges encountered in the cloud, both parties can fully benefit from the advantages this model of computing offers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Rong C, Nguyen ST, Jaatun MG. Beyond lightning: a survey on security challenges in cloud computing. Comput Electr Eng. 2013;39(1):47–54.

    Article  Google Scholar 

  2. Rashid A, Chaturvedi A. Cloud computing characteristics and services a brief review. Int J Comput Sci Eng. 2019;7(2):421–6.

    Google Scholar 

  3. Islam T, Manivannan D, Zeadally S. A classification and characterization of security threats in cloud computing Int. J Next-Gener Comput. 2016;7:3.

    Google Scholar 

  4. Anand P, Ryoo J, Kim H. Addressing security challenges in cloud computing—a pattern-based approach. In: Proc. - 2015 1st Int. Conf. Softw. Secur. Assur. ICSSA 2015, pp. 13–18, 2017.

  5. Parekh DH, Sridaran R. An analysis of security challenges in cloud computing. Int J Adv Comput Sci Appl. 2013;4(1):38–46.

    Google Scholar 

  6. Youssef A. Cloud service providers: a comparative Study. Int J Comput Appl Inf Technol. 2016;5:46–51.

    MathSciNet  Google Scholar 

  7. Youssef A. Exploring Cloud Computing Services and Applications. J Emerg Trends Comput. 2012;3(6):838–47.

    Google Scholar 

  8. Alshammari A, Alhaidari S, Alharbi A, Zohdy M. Security threats and challenges in cloud computing. In: Proc. - 4th IEEE Int. Conf. Cyber Secur. Cloud Comput. CSCloud 2017 3rd IEEE Int. Conf. Scalable Smart Cloud, SSC 2017, pp. 46–51, 2017.

  9. Amara N, Zhiqui H, Ali A. Cloud computing security threats and attacks with their mitigation techniques. In: Proc. - 2017 Int. Conf. Cyber-Enabled Distrib. Comput. Knowl. Discov. CyberC 2017, vol. 2018-Janua, no. October 2017, pp. 244–251, 2017.

  10. Kannaki A, Gnanasekar JM. Cloud computing overview, security threats and solutions—a survey. In: ACM Int. Conf. Proceeding Ser., vol. 25–26-August, pp. 0–5, 2016.

  11. Khalil IM, Khreishah A, Azeem M. Cloud computing security: A survey. Computers. 2014;3(1):1–35.

    Article  Google Scholar 

  12. Kazim M, Kazim M. A survey on top security threats in cloud computing A survey on top security threats in cloud computing. Int J Adv Comput Sci Appl. 2015;6(3):4–9.

  13. Puthal D, Sahoo BPS, Mishra S, Swain S. Cloud computing features, issues, and challenges: a big picture. In: Proc.—1st Int. Conf. Comput. Intell. Networks, CINE 2015, pp. 116–123, 2015.

  14. Subramanian N, Jeyaraj A. Recent security challenges in cloud computing. Comput Electr Eng. 2018;71:28–42.

    Article  Google Scholar 

  15. Cloud Security Alliance. Top Threats to Cloud Computing The Egregious 11. [Online]. https://cloudsecurityalliance.org/press-releases/2019/08/09/csa-releases-new-research-top-threats-to-cloud-computing-egregious-eleven/. Accessed 1 Oct 2020.

  16. Indu I, Anand PMR, Bhaskar V. Identity and access management in cloud environment: Mechanisms and challenges. Eng Sci Technol an Int J. 2018;21(4):574–88.

    Article  Google Scholar 

  17. Kouchaksaraei HR, Chefranov A. Countering wrapping attack on XML signature in SOAP message for cloud computing. Int J Comput Sci Inf Secur. 2013;11(9):1–6.

  18. Siemons F. SQL injection protection in cloud systems. Infosec Resources, 2018. [Online]. https://resources.infosecinstitute.com/topic/sql-injection-protection-cloud-systems/. Accessed 1 Oct 2020.

  19. Yadav S, Jaysawal A. Prevention of MITM attacks in cloud computing by lock box approach using digital signature. Int J Adv Res Comput Sci Softw Eng. 2017;7(5):567–72.

    Article  Google Scholar 

  20. Alani MM. Securing the cloud: threats, attacks and mitigation techniques. J Adv Comput Sci Technol. 2014;3(2):202.

    Article  Google Scholar 

  21. Kosal Kumar B, Sumalatha G. A model to prevent flooding attacks in clouds. Int Res J Eng Technol. 2015;2(8).

  22. Elmrabit N, Yang SH, Yang L. Insider threats in information security categories and approaches. In: 2015 21st Int. Conf. Autom. Comput. Autom. Comput. Manuf. New Econ. Growth, ICAC 2015, no. September, 2015.

  23. Aissaoui K, Ait Idar H, Belhadaoui H, Rifi M.“Survey on data remanence in cloud computing environment. In: 2017 Int. Conf. Wirel. Technol. Embed. Intell. Syst. WITS 2017, no. June, 2017.

  24. Brown WJ, Anderson V, Tan Q. Multitenancy—security risks and countermeasures. In: Proc. 2012 15th Int. Conf. Network-Based Inf. Syst. NBIS 2012, no. January 2018, pp. 7–13, 2012.

  25. Opara-Martins J, Sahandi R, Tian F. Critical analysis of vendor lock-in and its impact on cloud computing migration: a business perspective. J Cloud Comput. 2016;5(1):1–18.

    Article  Google Scholar 

  26. Suryateja PS. Threats and vulnerabilities of cloud computing: a review. Artic Int J Comput Sci Eng. 2018;6:563–567.

    Google Scholar 

  27. Gupta M, Srivastava DK, Chauhan DS. Security challenges of virtualization in cloud computing. In: ACM Int. Conf. Proceeding Ser., vol. 04–05-March, 2016.

  28. Modi CN, Acha K. Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive review. J Supercomput. 2017;73(3):1192–234.

    Article  Google Scholar 

  29. Almutairy NM, Al-Shqeerat KHA, Al Hamad HA. A taxonomy of virtualization security issues in cloud computing environments. Indian J Sci Technol. 2019;12(3):1–19.

    Article  Google Scholar 

  30. R. J. Ismail, “A Secure Session Management Based on Threat Modeling,” vol. 54, no. 4, pp. 1176–1182, 2013.

  31. Rahaman MA, Schaad A, Rits M. Towards secure SOAP message exchange in a SOA. In: Proc. ACM Conf. Comput. Commun. Secur., pp. 77–84, 2006.

  32. CISA. Understanding digital signatures. CISA, DHS; 2020.

    Google Scholar 

  33. Cloudflare. What is SQL Injection? Cloudflare, Inc.; 2020.

  34. Krit SD, Haimoud E. Overview of firewalls: types and policies: managing windows embedded firewall programmatically. In: Proc. - 2017 Int. Conf. Eng. MIS, ICEMIS 2017, vol. 2018–January, no. February, pp. 1–7, 2018.

  35. Gupta BB, Joshi RC, Misra M. Distributed denial of service prevention techniques. Int J Comput Electr Eng. 2010;2(2):268–76.

  36. Adelaiye O, Ajibola A, Faki S. Evaluating advanced persistent threats mitigation effects: a review. Int J Inf Secur Sci. 2018;7(4):159–71.

    Google Scholar 

  37. Dong Y, Lei Z. An access control model for preventing virtual machine hopping attack. Future Internet. 2019;11(3):82.

    Article  MathSciNet  Google Scholar 

  38. Ahirwar MK. Anomaly detection in the services provided by multi cloud architectures: a survey. Int J Res Eng Technol. 2014;03(09):196–200.

    Article  Google Scholar 

  39. Prassanna J, Pawar AR, Neelanarayanan V. A review of existing cloud automation tools. Asian J Pharm Clin Res. 2017;10:471–3.

    Article  Google Scholar 

  40. Cloudflare. Zero Trust Security | What’s a Zero Trust Network? | Cloudflare. 2020.

  41. Hakamian MA, Rahmani AM. Evaluation of isolation in virtual machine environments encounter in effective attacks against memory. Secur Commun Netw. 2015;8(18):4396–406.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Montclair State University, Montclair, USA

    Nnamdi Chuka-Maduji & Vaibhav Anu

Authors
  1. Nnamdi Chuka-Maduji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vaibhav Anu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vaibhav Anu.

Ethics declarations

Conflicts of interest/competing interests

The authors declare that there exist no conflicts of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chuka-Maduji, N., Anu, V. Cloud Computing Security Challenges and Related Defensive Measures: A Survey and Taxonomy. SN COMPUT. SCI. 2, 331 (2021). https://doi.org/10.1007/s42979-021-00732-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-021-00732-3

Keywords

Search

Navigation