Abstract
Cloud computing is among the fastest growing technologies, and it has brought noticeable growth in security concerns. Despite the security challenges, cloud computing has proven pivotal in the development and success of distributed systems. This comes from certain features such as rapid elasticity, on-demand service deployment, and support for self-service. All these features are associated with security challenges such as data breaches, network security, data access, denial of service attacks, hijacking of accounts, and exploitable system vulnerabilities. Regardless of the cloud model, the cloud software development process and the consideration of integrated security features are critical for securing cloud computing. As such, software engineering is required to play an essential role in combating cloud security issues in the future applications. In this paper, we introduce a systematic review of articles in the area of software engineering security challenges on the cloud. The review examines articles that were published between 2014 and 2019. The procedure for article qualification relied on the elucidation of Preferred Reporting Items for Systematic Reviews and Meta-Analyses premises. Meta-analysis checklist was employed to explore the analytical quality of the reviewed papers. Some of the issues considered were included, but were not limited to, cloud models of service delivery, access control, harm detection, and integrity. All these elements are discussed from the perspective of software engineering and its prospect in improving cloud security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I, Zaharia M (2009) Above the clouds: a Berkeley view of cloud computing. EECS Department, University of California, Berkeley. https://doi.org/10.1145/1721654.1721672
Hunt SE, Mooney JG, Williams ML (2014) Cloud computing. In: Computing handbook, 3rd edn. Information systems and information technology. https://doi.org/10.1201/b16768
Foster I, Zhao Y, Raicu I, Lu S (2008) Cloud computing and grid computing 360-degree compared. In: Grid computing environments workshop, GCE 2008. https://doi.org/10.1109/gce.2008.4738445
Marston S, Li Z, Bandyopadhyay S, Zhang J, Ghalsasi A (2011) Cloud computing—the business perspective. Decis Support Syst. https://doi.org/10.1016/j.dss.2010.12.006
Alani MM (2016) Security attacks in cloud computing. In: Elements of cloud computing security. Springer, Berlin, pp 41–50
Hashem IAT, Yaqoob I, Anuar NB, Mokhtar S, Gani A, Ullah Khan S (2015) The rise of “big data” on cloud computing: Review and open research issues. Inf Syst. https://doi.org/10.1016/j.is.2014.07.006
Kalapatapu A, Sarkar M (2017) Cloud computing: an overview. In: Cloud computing: methodology, systems, and applications. https://doi.org/10.1201/b11149
Fernando N, Loke SW, Rahayu W (2013) Mobile cloud computing: a survey. Future Gener Comput Syst 29(1):84–106, Elsevier
Grobauer B, Walloschek T, Stöcker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Priv. https://doi.org/10.1109/msp.2010.115
Xu X (2012) From cloud computing to cloud manufacturing. Robot Comput-Integr Manuf. https://doi.org/10.1016/j.rcim.2011.07.002
Alani MM (2016) What is the cloud? In: Elements of cloud computing security. Springer, Berlin, pp 1–14
Mell P, Grance T et al (2011) The NIST definition of cloud computing. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology
Kaur M, Singh H (2015) A review of cloud computing security issues. Intl J Adv Eng Technol 8(3):397
Alani MM (2016) Elements of cloud computing security: a survey of key practicalities. Springer, Berlin
Shahin M, Babar MA, Zhu L (2017) Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE Access 5:3909–3943. https://doi.org/10.1109/ACCESS.2017.2685629
Mushtaq Z, Rasool G, Shehzad B (2017) Multilingual source code analysis: a systematic literature review. IEEE Access 5:11307–11336. https://doi.org/10.1109/ACCESS.2017.2710421
Moher D, Liberati A, Tetzlaff J, Altman DG (2009) Preferred reporting items for systematic reviews and meta-analyses: the prisma statement. Ann Intern Med 151(4):264–269
Al-Kaseem BR, Al-Dunainawi Y, Al-Raweshidy HS (2019) End-to-end delay enhancement in 6LoWPAN testbed using programmable network concepts. IEEE Internet Things J 1. https://doi.org/10.1109/jiot.2018.2879111
Al-Kaseem BR, Al-Raweshidyhamed HS (2017) SD-NFV as an energy efficient approach for M2M networks using cloud-based 6LoWPAN testbed. IEEE Internet Things J 4(5):1787–1797. https://doi.org/10.1109/JIOT.2017.2704921
Chen T, Bahsoon R (2017) Self-adaptive and online QoS modeling for cloud-based software services. IEEE Trans Softw Eng 43(5):453–475. https://doi.org/10.1109/TSE.2016.2608826
Goodacre J (2017) Innovating the delivery of server technology with Kaleao KMAX. Comput Sci Eng 19(5):77–81. https://doi.org/10.1109/MCSE.2017.3421544
Hu G, Sun X, Liang D, Sun Y (2014) Cloud removal of remote sensing image based on multi-output support vector regression. J Syst Eng Electr 25(6):1082–1088. https://doi.org/10.1109/JSEE.2014.00124
Kantarci B, Mouftah HT (2014) Trustworthy sensing for public safety in cloud-centric internet of things. IEEE Internet Things J 1(4):360–368. https://doi.org/10.1109/JIOT.2014.2337886
Mocskos EH, C.J.B., Castro H, Ramírez DC, Nesmachnow S, Mayo-García R (2018) Boosting advanced computational applications and resources in latin america through collaboration and sharing. Comput Sci Eng 20(3), 39–48 (2018). https://doi.org/10.1109/mcse.2018.03202633
Wang Y, Wang J, Liao H, Chen H (2017) Unsupervised feature selection based on Markov blanket and particle swarm optimization. J Syst Eng Electr 28(1):151–161. https://doi.org/10.21629/JSEE.2017.01.17
Wu Y, He F, Zhang D, Li X (2018) Service-oriented feature-based data exchange for cloud-based design and manufacturing. IEEE Trans Serv Comput 11(2):341–353. https://doi.org/10.1109/TSC.2015.2501981
Xiaolong X, Qitong Z, Yiqi M, Xinyuan L (2018) Server load prediction algorithm based on CM-MC for cloud systems. J Syst Eng Electr 29(5):1069–1078. https://doi.org/10.21629/JSEE.2018.05.17
Yuan H, Bi J, Li B (2015) Workload-aware request routing in cloud data center using software-defined networking. J Syst Eng Electr 26(1):151–160. https://doi.org/10.1109/JSEE.2015.00020
Zhang W, Xie H, Hsu C (2017) Automatic memory control of multiple virtual machines on a consolidated server. IEEE Trans Cloud Comput 5(1):2–14. https://doi.org/10.1109/TCC.2014.2378794
Alnasser A, Sun H, Jiang J. Cyber security challenges and solutions for V2X communications: a survey. Comput Netw. doi S1389128618306157
Brenier JL (1967) The role of the Halsted operation in treatment of breast cancer. Int Surg 47(3):288–290. https://doi.org/arXiv:1609.01107
Cruz L, Abreu R, Lo D (2019) To the attention of mobile software developers: guess what, test your app!. Empirical Softw Eng, 1–31, Springer
Ibrahim AS, Hamlyn J, Grundy J (2010) Emerging security challenges of cloud virtual infrastructure. In: Proceedings of APSEC 2010 cloud workshop. doi 10.1.1.185.603
Li ZH (2014) Research on data security in cloud computing. Adv Mater Res 930(5):2811–2814. doi 10.4028/www.scientific.net/AMR.926-930.2811. http://www.scientific.net/AMR.926-930.2811
Hu P, Dhelim S, Ning H, Qiu T (2017). Survey on fog computing: architecture, key technologies, applications and open issues. J Netw Comput Appl 98:27–42, Elsevier
Tian Z, Su S, Li M, Du X, Guizani M et al (2019) Automated attack and defense framework for 5G security on physical and logical layers. https://doi.org/arXiv:1902.04009
Geng R, Wang X, Liu J (2018) A software defined networking-oriented security scheme for vehicle networks. IEEE Access 6:58195–58203. https://doi.org/10.1109/ACCESS.2018.2875104
Heartfield R, Loukas G, Gan D (2017) An eye for deception: a case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks. In: 2017 IEEE 15th international conference on software engineering research, management and applications (SERA), 371–378. https://doi.org/10.1109/sera.2017.7965754
Martin W, Sarro F, Jia Y, Zhang Y, Harman M (2017) A survey of app store analysis for software engineering. IEEE Trans Software Eng 43(9):817–847. https://doi.org/10.1109/tse.2016.2630689
Siboni S, Sachidananda V, Meidan Y, Bohadana M, Mathov Y, Bhairav S, Shabtai A, Elovici Y (2018) Security testbed for internet-of-things devices. IEEE Trans Reliab 1–22. https://doi.org/10.1109/tr.2018.2864536
Luo M, Zhou X, Li L, Choo KR, He D (2017) Security analysis of two password-authenticated multi-key exchange protocols. IEEE Access 5:8017–8024. https://doi.org/10.1109/ACCESS.2017.2698390
Mingfu X, Aiqun H, Guyue L (2014) Detecting hardware trojan through heuristic partition and activity driven test pattern generation. In: 2014 communications security conference (CSC 2014), pp 1–6. https://doi.org/10.1049/cp.2014.0728
Su Q, He F, Wu N, Lin Z (2018) A method for construction of software protection technology application sequence based on petri net with inhibitor arcs. IEEE Access 6:11988–12000. https://doi.org/10.1109/ACCESS.2018.2812764
Wang B, Chen Y, Zhang S, Wu H (2019) Updating model of software component trustworthiness based on users feedback. IEEE Access 1. https://doi.org/10.1109/access.2019.2892518
Wang S, Wu J, Zhang S, Wang K (2018) SSDS: a smart software-defined security mechanism for vehicle-to-grid using transfer learning. IEEE Access 6:63967–63975. https://doi.org/10.1109/ACCESS.2018.2870955
Cox JH, Chung J, Donovan S, Ivey J, Clark RJ, Riley G, Owen HL (2017) Advancing software-defined networks: a survey. IEEE Access 5:25487–25526. https://doi.org/10.1109/ACCESS.2017.2762291
Zahra S, Alam M, Javaid Q, Wahid A, Javaid N, Malik SUR, Khan MK (2017) Fog computing over IoT: a secure deployment and formal verification. IEEE Access 5:27132–27144. https://doi.org/10.1109/ACCESS.2017.2766180
Sharma PK, Chen M, Park JH (2018) A software defined fog node based distributed blockchain cloud architecture for IoT. IEEE Access 6:115–124. https://doi.org/10.1109/ACCESS.2017.2757955
Wang D, Jiang Y, Song H, He F, Gu M, Sun J (2017) Verification of implementations of cryptographic hash functions. IEEE Access 5:7816–7825. https://doi.org/10.1109/ACCESS.2017.2697918
Ashraf MA, Jamal H, Khan SA, Ahmed Z, Baig MI (2016) A heterogeneous service-oriented deep packet inspection and analysis framework for traffic-aware network management and security systems. IEEE Access 4:5918–5936. https://doi.org/10.1109/ACCESS.2016.2609398
Bangash YA, Rana T, Abbas H, Imran MA, Khan AA (2019) Incast mitigation in a data center storage cluster through a dynamic fair-share buffer policy. IEEE Access 7:10718–10733. https://doi.org/10.1109/ACCESS.2019.2891264
Zou D, Huang Z, Yuan B, Chen H, Jin H (2018) Solving anomalies in NFV-SDN based service function chaining composition for IoT network. IEEE Access 6:62286–62295. https://doi.org/10.1109/ACCESS.2018.2876314
Dehling T, Sunyaev A (2014) Information security and privacy of patient-centered health IT services: what needs to be done? In: 2014 47th Hawaii international conference on system sciences, pp. 2984–2993. https://doi.org/10.1109/hicss.2014.371
Li X, Wang Q, Lan X, Chen X, Zhang N, Chen D (2019) Enhancing cloud-based IoT security through trustworthy cloud service: an integration of security and reputation approach. IEEE Access 7:9368–9383. https://doi.org/10.1109/ACCESS.2018.2890432
Shu X, Yao D, Bertino E (2015) Privacy-preserving detection of sensitive data exposure. IEEE Trans Inf Forens Secur 10(5):1092–1103. https://doi.org/10.1109/TIFS.2015.2398363
Sheikh NA, Malik AA, Mahboob A, Nisa K (2014) Implementing voice over Internet protocol in mobile ad hoc network—analysing its features regarding efficiency, reliability and security. J Eng 2014(5):184–192. https://doi.org/10.1049/joe.2014.0035
Ullah R, Ahmed SH, Kim B (2018) Information-centric networking with edge computing for IoT: research challenges and future directions. IEEE Access 6:73465–73488. https://doi.org/10.1109/ACCESS.2018.2884536
Chin T, Xiong K, Hu C (2018) Phishlimiter: a phishing detection and mitigation approach using software-defined networking. IEEE Access 6:42516–42531. https://doi.org/10.1109/ACCESS.2018.2837889
Sun J, Long X, Zhao Y (2018) A verified capability-based model for information flow security with dynamic policies. IEEE Access 6:16395–16407. https://doi.org/10.1109/ACCESS.2018.2815766
Dorey P (2017) Securing the internet of things. In: Smart cards, tokens, security and applications, 2nd edn. https://doi.org/10.1007/978-3-319-50500-8_16
Jarraya Y, Zanetti G, PietikÄInen A, Obi C, Ylitalo J, Nanda S, Jorgensen MB, Pourzandi M (2017) Securing the cloud. Ericsson review (English edn). https://doi.org/10.1016/c2009-0-30544-9
Biswas K, Muthukkumarasamy V (2017) Securing smart cities using blockchain technology. In: Proceedings—18th IEEE international conference on high performance computing and communications, 14th IEEE international conference on smart city and 2nd IEEE international conference on data science and systems, HPCC/SmartCity/DSS 2016. https://doi.org/10.1109/hpcc-smartcity-dss.2016.0198
Yi S, Li C, Li Q (2015) A survey of fog computing: concepts, applications and issues (#16). In: Proceedings of the 2015 workshop on mobile big data—Mobidata’15. https://doi.org/10.1145/2757384.2757397
Alani MM (2016) General cloud security recommendations. In: Elements of cloud computing security, pp 51–54. Springer, Berlin
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Alloghani, M., Alani, M.M. (2020). Security Challenges in Software Engineering for the Cloud: A Systematic Review. In: Ramachandran, M., Mahmood, Z. (eds) Software Engineering in the Era of Cloud Computing. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-030-33624-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-33624-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33623-3
Online ISBN: 978-3-030-33624-0
eBook Packages: Computer ScienceComputer Science (R0)