Skip to main content
SpringerLink
Log in

Security Challenges in Software Engineering for the Cloud: A Systematic Review

  • Chapter
  • First Online:
Software Engineering in the Era of Cloud Computing

Part of the book series: Computer Communications and Networks ((CCN))

  • 1514 Accesses

Abstract

Cloud computing is among the fastest growing technologies, and it has brought noticeable growth in security concerns. Despite the security challenges, cloud computing has proven pivotal in the development and success of distributed systems. This comes from certain features such as rapid elasticity, on-demand service deployment, and support for self-service. All these features are associated with security challenges such as data breaches, network security, data access, denial of service attacks, hijacking of accounts, and exploitable system vulnerabilities. Regardless of the cloud model, the cloud software development process and the consideration of integrated security features are critical for securing cloud computing. As such, software engineering is required to play an essential role in combating cloud security issues in the future applications. In this paper, we introduce a systematic review of articles in the area of software engineering security challenges on the cloud. The review examines articles that were published between 2014 and 2019. The procedure for article qualification relied on the elucidation of Preferred Reporting Items for Systematic Reviews and Meta-Analyses premises. Meta-analysis checklist was employed to explore the analytical quality of the reviewed papers. Some of the issues considered were included, but were not limited to, cloud models of service delivery, access control, harm detection, and integrity. All these elements are discussed from the perspective of software engineering and its prospect in improving cloud security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I, Zaharia M (2009) Above the clouds: a Berkeley view of cloud computing. EECS Department, University of California, Berkeley. https://doi.org/10.1145/1721654.1721672

    Article  Google Scholar 

  2. Hunt SE, Mooney JG, Williams ML (2014) Cloud computing. In: Computing handbook, 3rd edn. Information systems and information technology. https://doi.org/10.1201/b16768

    Google Scholar 

  3. Foster I, Zhao Y, Raicu I, Lu S (2008) Cloud computing and grid computing 360-degree compared. In: Grid computing environments workshop, GCE 2008. https://doi.org/10.1109/gce.2008.4738445

  4. Marston S, Li Z, Bandyopadhyay S, Zhang J, Ghalsasi A (2011) Cloud computing—the business perspective. Decis Support Syst. https://doi.org/10.1016/j.dss.2010.12.006

    Article  Google Scholar 

  5. Alani MM (2016) Security attacks in cloud computing. In: Elements of cloud computing security. Springer, Berlin, pp 41–50

    Google Scholar 

  6. Hashem IAT, Yaqoob I, Anuar NB, Mokhtar S, Gani A, Ullah Khan S (2015) The rise of “big data” on cloud computing: Review and open research issues. Inf Syst. https://doi.org/10.1016/j.is.2014.07.006

    Article  Google Scholar 

  7. Kalapatapu A, Sarkar M (2017) Cloud computing: an overview. In: Cloud computing: methodology, systems, and applications. https://doi.org/10.1201/b11149

  8. Fernando N, Loke SW, Rahayu W (2013) Mobile cloud computing: a survey. Future Gener Comput Syst 29(1):84–106, Elsevier

    Article  Google Scholar 

  9. Grobauer B, Walloschek T, Stöcker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Priv. https://doi.org/10.1109/msp.2010.115

    Article  Google Scholar 

  10. Xu X (2012) From cloud computing to cloud manufacturing. Robot Comput-Integr Manuf. https://doi.org/10.1016/j.rcim.2011.07.002

    Article  Google Scholar 

  11. Alani MM (2016) What is the cloud? In: Elements of cloud computing security. Springer, Berlin, pp 1–14

    Google Scholar 

  12. Mell P, Grance T et al (2011) The NIST definition of cloud computing. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology

    Google Scholar 

  13. Kaur M, Singh H (2015) A review of cloud computing security issues. Intl J Adv Eng Technol 8(3):397

    Google Scholar 

  14. Alani MM (2016) Elements of cloud computing security: a survey of key practicalities. Springer, Berlin

    Google Scholar 

  15. Shahin M, Babar MA, Zhu L (2017) Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE Access 5:3909–3943. https://doi.org/10.1109/ACCESS.2017.2685629

    Article  Google Scholar 

  16. Mushtaq Z, Rasool G, Shehzad B (2017) Multilingual source code analysis: a systematic literature review. IEEE Access 5:11307–11336. https://doi.org/10.1109/ACCESS.2017.2710421

    Article  Google Scholar 

  17. Moher D, Liberati A, Tetzlaff J, Altman DG (2009) Preferred reporting items for systematic reviews and meta-analyses: the prisma statement. Ann Intern Med 151(4):264–269

    Article  Google Scholar 

  18. Al-Kaseem BR, Al-Dunainawi Y, Al-Raweshidy HS (2019) End-to-end delay enhancement in 6LoWPAN testbed using programmable network concepts. IEEE Internet Things J 1. https://doi.org/10.1109/jiot.2018.2879111

    Article  Google Scholar 

  19. Al-Kaseem BR, Al-Raweshidyhamed HS (2017) SD-NFV as an energy efficient approach for M2M networks using cloud-based 6LoWPAN testbed. IEEE Internet Things J 4(5):1787–1797. https://doi.org/10.1109/JIOT.2017.2704921

    Article  Google Scholar 

  20. Chen T, Bahsoon R (2017) Self-adaptive and online QoS modeling for cloud-based software services. IEEE Trans Softw Eng 43(5):453–475. https://doi.org/10.1109/TSE.2016.2608826

    Article  Google Scholar 

  21. Goodacre J (2017) Innovating the delivery of server technology with Kaleao KMAX. Comput Sci Eng 19(5):77–81. https://doi.org/10.1109/MCSE.2017.3421544

    Article  Google Scholar 

  22. Hu G, Sun X, Liang D, Sun Y (2014) Cloud removal of remote sensing image based on multi-output support vector regression. J Syst Eng Electr 25(6):1082–1088. https://doi.org/10.1109/JSEE.2014.00124

    Article  Google Scholar 

  23. Kantarci B, Mouftah HT (2014) Trustworthy sensing for public safety in cloud-centric internet of things. IEEE Internet Things J 1(4):360–368. https://doi.org/10.1109/JIOT.2014.2337886

    Article  Google Scholar 

  24. Mocskos EH, C.J.B., Castro H, Ramírez DC, Nesmachnow S, Mayo-García R (2018) Boosting advanced computational applications and resources in latin america through collaboration and sharing. Comput Sci Eng 20(3), 39–48 (2018). https://doi.org/10.1109/mcse.2018.03202633

    Article  Google Scholar 

  25. Wang Y, Wang J, Liao H, Chen H (2017) Unsupervised feature selection based on Markov blanket and particle swarm optimization. J Syst Eng Electr 28(1):151–161. https://doi.org/10.21629/JSEE.2017.01.17

    Article  Google Scholar 

  26. Wu Y, He F, Zhang D, Li X (2018) Service-oriented feature-based data exchange for cloud-based design and manufacturing. IEEE Trans Serv Comput 11(2):341–353. https://doi.org/10.1109/TSC.2015.2501981

    Article  Google Scholar 

  27. Xiaolong X, Qitong Z, Yiqi M, Xinyuan L (2018) Server load prediction algorithm based on CM-MC for cloud systems. J Syst Eng Electr 29(5):1069–1078. https://doi.org/10.21629/JSEE.2018.05.17

    Article  Google Scholar 

  28. Yuan H, Bi J, Li B (2015) Workload-aware request routing in cloud data center using software-defined networking. J Syst Eng Electr 26(1):151–160. https://doi.org/10.1109/JSEE.2015.00020

    Article  Google Scholar 

  29. Zhang W, Xie H, Hsu C (2017) Automatic memory control of multiple virtual machines on a consolidated server. IEEE Trans Cloud Comput 5(1):2–14. https://doi.org/10.1109/TCC.2014.2378794

    Article  Google Scholar 

  30. Alnasser A, Sun H, Jiang J. Cyber security challenges and solutions for V2X communications: a survey. Comput Netw. doi S1389128618306157

    Google Scholar 

  31. Brenier JL (1967) The role of the Halsted operation in treatment of breast cancer. Int Surg 47(3):288–290. https://doi.org/arXiv:1609.01107

  32. Cruz L, Abreu R, Lo D (2019) To the attention of mobile software developers: guess what, test your app!. Empirical Softw Eng, 1–31, Springer

    Google Scholar 

  33. Ibrahim AS, Hamlyn J, Grundy J (2010) Emerging security challenges of cloud virtual infrastructure. In: Proceedings of APSEC 2010 cloud workshop. doi 10.1.1.185.603

    Google Scholar 

  34. Li ZH (2014) Research on data security in cloud computing. Adv Mater Res 930(5):2811–2814. doi 10.4028/www.scientific.net/AMR.926-930.2811. http://www.scientific.net/AMR.926-930.2811

    Article  Google Scholar 

  35. Hu P, Dhelim S, Ning H, Qiu T (2017). Survey on fog computing: architecture, key technologies, applications and open issues. J Netw Comput Appl 98:27–42, Elsevier

    Google Scholar 

  36. Tian Z, Su S, Li M, Du X, Guizani M et al (2019) Automated attack and defense framework for 5G security on physical and logical layers. https://doi.org/arXiv:1902.04009

  37. Geng R, Wang X, Liu J (2018) A software defined networking-oriented security scheme for vehicle networks. IEEE Access 6:58195–58203. https://doi.org/10.1109/ACCESS.2018.2875104

    Article  Google Scholar 

  38. Heartfield R, Loukas G, Gan D (2017) An eye for deception: a case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks. In: 2017 IEEE 15th international conference on software engineering research, management and applications (SERA), 371–378. https://doi.org/10.1109/sera.2017.7965754

  39. Martin W, Sarro F, Jia Y, Zhang Y, Harman M (2017) A survey of app store analysis for software engineering. IEEE Trans Software Eng 43(9):817–847. https://doi.org/10.1109/tse.2016.2630689

    Article  Google Scholar 

  40. Siboni S, Sachidananda V, Meidan Y, Bohadana M, Mathov Y, Bhairav S, Shabtai A, Elovici Y (2018) Security testbed for internet-of-things devices. IEEE Trans Reliab 1–22. https://doi.org/10.1109/tr.2018.2864536

    Article  Google Scholar 

  41. Luo M, Zhou X, Li L, Choo KR, He D (2017) Security analysis of two password-authenticated multi-key exchange protocols. IEEE Access 5:8017–8024. https://doi.org/10.1109/ACCESS.2017.2698390

    Article  Google Scholar 

  42. Mingfu X, Aiqun H, Guyue L (2014) Detecting hardware trojan through heuristic partition and activity driven test pattern generation. In: 2014 communications security conference (CSC 2014), pp 1–6. https://doi.org/10.1049/cp.2014.0728

  43. Su Q, He F, Wu N, Lin Z (2018) A method for construction of software protection technology application sequence based on petri net with inhibitor arcs. IEEE Access 6:11988–12000. https://doi.org/10.1109/ACCESS.2018.2812764

    Article  Google Scholar 

  44. Wang B, Chen Y, Zhang S, Wu H (2019) Updating model of software component trustworthiness based on users feedback. IEEE Access 1. https://doi.org/10.1109/access.2019.2892518

    Article  Google Scholar 

  45. Wang S, Wu J, Zhang S, Wang K (2018) SSDS: a smart software-defined security mechanism for vehicle-to-grid using transfer learning. IEEE Access 6:63967–63975. https://doi.org/10.1109/ACCESS.2018.2870955

    Article  Google Scholar 

  46. Cox JH, Chung J, Donovan S, Ivey J, Clark RJ, Riley G, Owen HL (2017) Advancing software-defined networks: a survey. IEEE Access 5:25487–25526. https://doi.org/10.1109/ACCESS.2017.2762291

    Article  Google Scholar 

  47. Zahra S, Alam M, Javaid Q, Wahid A, Javaid N, Malik SUR, Khan MK (2017) Fog computing over IoT: a secure deployment and formal verification. IEEE Access 5:27132–27144. https://doi.org/10.1109/ACCESS.2017.2766180

    Article  Google Scholar 

  48. Sharma PK, Chen M, Park JH (2018) A software defined fog node based distributed blockchain cloud architecture for IoT. IEEE Access 6:115–124. https://doi.org/10.1109/ACCESS.2017.2757955

    Article  Google Scholar 

  49. Wang D, Jiang Y, Song H, He F, Gu M, Sun J (2017) Verification of implementations of cryptographic hash functions. IEEE Access 5:7816–7825. https://doi.org/10.1109/ACCESS.2017.2697918

    Article  Google Scholar 

  50. Ashraf MA, Jamal H, Khan SA, Ahmed Z, Baig MI (2016) A heterogeneous service-oriented deep packet inspection and analysis framework for traffic-aware network management and security systems. IEEE Access 4:5918–5936. https://doi.org/10.1109/ACCESS.2016.2609398

    Article  Google Scholar 

  51. Bangash YA, Rana T, Abbas H, Imran MA, Khan AA (2019) Incast mitigation in a data center storage cluster through a dynamic fair-share buffer policy. IEEE Access 7:10718–10733. https://doi.org/10.1109/ACCESS.2019.2891264

    Article  Google Scholar 

  52. Zou D, Huang Z, Yuan B, Chen H, Jin H (2018) Solving anomalies in NFV-SDN based service function chaining composition for IoT network. IEEE Access 6:62286–62295. https://doi.org/10.1109/ACCESS.2018.2876314

    Article  Google Scholar 

  53. Dehling T, Sunyaev A (2014) Information security and privacy of patient-centered health IT services: what needs to be done? In: 2014 47th Hawaii international conference on system sciences, pp. 2984–2993. https://doi.org/10.1109/hicss.2014.371

  54. Li X, Wang Q, Lan X, Chen X, Zhang N, Chen D (2019) Enhancing cloud-based IoT security through trustworthy cloud service: an integration of security and reputation approach. IEEE Access 7:9368–9383. https://doi.org/10.1109/ACCESS.2018.2890432

    Article  Google Scholar 

  55. Shu X, Yao D, Bertino E (2015) Privacy-preserving detection of sensitive data exposure. IEEE Trans Inf Forens Secur 10(5):1092–1103. https://doi.org/10.1109/TIFS.2015.2398363

    Article  Google Scholar 

  56. Sheikh NA, Malik AA, Mahboob A, Nisa K (2014) Implementing voice over Internet protocol in mobile ad hoc network—analysing its features regarding efficiency, reliability and security. J Eng 2014(5):184–192. https://doi.org/10.1049/joe.2014.0035

    Article  Google Scholar 

  57. Ullah R, Ahmed SH, Kim B (2018) Information-centric networking with edge computing for IoT: research challenges and future directions. IEEE Access 6:73465–73488. https://doi.org/10.1109/ACCESS.2018.2884536

    Article  Google Scholar 

  58. Chin T, Xiong K, Hu C (2018) Phishlimiter: a phishing detection and mitigation approach using software-defined networking. IEEE Access 6:42516–42531. https://doi.org/10.1109/ACCESS.2018.2837889

    Article  Google Scholar 

  59. Sun J, Long X, Zhao Y (2018) A verified capability-based model for information flow security with dynamic policies. IEEE Access 6:16395–16407. https://doi.org/10.1109/ACCESS.2018.2815766

    Article  Google Scholar 

  60. Dorey P (2017) Securing the internet of things. In: Smart cards, tokens, security and applications, 2nd edn. https://doi.org/10.1007/978-3-319-50500-8_16

    Chapter  Google Scholar 

  61. Jarraya Y, Zanetti G, PietikÄInen A, Obi C, Ylitalo J, Nanda S, Jorgensen MB, Pourzandi M (2017) Securing the cloud. Ericsson review (English edn). https://doi.org/10.1016/c2009-0-30544-9

  62. Biswas K, Muthukkumarasamy V (2017) Securing smart cities using blockchain technology. In: Proceedings—18th IEEE international conference on high performance computing and communications, 14th IEEE international conference on smart city and 2nd IEEE international conference on data science and systems, HPCC/SmartCity/DSS 2016. https://doi.org/10.1109/hpcc-smartcity-dss.2016.0198

  63. Yi S, Li C, Li Q (2015) A survey of fog computing: concepts, applications and issues (#16). In: Proceedings of the 2015 workshop on mobile big data—Mobidata’15. https://doi.org/10.1145/2757384.2757397

  64. Alani MM (2016) General cloud security recommendations. In: Elements of cloud computing security, pp 51–54. Springer, Berlin

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Liverpool John-Moores University, Liverpool, UK

    Mohamed Alloghani

  2. Senior Member of the ACM, Abu Dhabi, UAE

    Mohammed M. Alani

Authors
  1. Mohamed Alloghani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed M. Alani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammed M. Alani .

Editor information

Editors and Affiliations

  1. School of Built Environment, Engineering, and Computing, Leeds Beckett University, Leeds, UK

    Muthu Ramachandran

  2. Debesis Education, Derby, UK

    Zaigham Mahmood

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Alloghani, M., Alani, M.M. (2020). Security Challenges in Software Engineering for the Cloud: A Systematic Review. In: Ramachandran, M., Mahmood, Z. (eds) Software Engineering in the Era of Cloud Computing. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-030-33624-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-33624-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-33623-3

  • Online ISBN: 978-3-030-33624-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation