Security Challenges in Software Engineering for the Cloud: A Systematic Review

  • Mohamed Alloghani
  • Mohammed M. AlaniEmail author
Part of the Computer Communications and Networks book series (CCN)


Cloud computing is among the fastest growing technologies, and it has brought noticeable growth in security concerns. Despite the security challenges, cloud computing has proven pivotal in the development and success of distributed systems. This comes from certain features such as rapid elasticity, on-demand service deployment, and support for self-service. All these features are associated with security challenges such as data breaches, network security, data access, denial of service attacks, hijacking of accounts, and exploitable system vulnerabilities. Regardless of the cloud model, the cloud software development process and the consideration of integrated security features are critical for securing cloud computing. As such, software engineering is required to play an essential role in combating cloud security issues in the future applications. In this paper, we introduce a systematic review of articles in the area of software engineering security challenges on the cloud. The review examines articles that were published between 2014 and 2019. The procedure for article qualification relied on the elucidation of Preferred Reporting Items for Systematic Reviews and Meta-Analyses premises. Meta-analysis checklist was employed to explore the analytical quality of the reviewed papers. Some of the issues considered were included, but were not limited to, cloud models of service delivery, access control, harm detection, and integrity. All these elements are discussed from the perspective of software engineering and its prospect in improving cloud security.


Security Software engineering security Service security Security survey 


  1. 1.
    Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I, Zaharia M (2009) Above the clouds: a Berkeley view of cloud computing. EECS Department, University of California, Berkeley. Scholar
  2. 2.
    Hunt SE, Mooney JG, Williams ML (2014) Cloud computing. In: Computing handbook, 3rd edn. Information systems and information technology. Scholar
  3. 3.
    Foster I, Zhao Y, Raicu I, Lu S (2008) Cloud computing and grid computing 360-degree compared. In: Grid computing environments workshop, GCE 2008.
  4. 4.
    Marston S, Li Z, Bandyopadhyay S, Zhang J, Ghalsasi A (2011) Cloud computing—the business perspective. Decis Support Syst. Scholar
  5. 5.
    Alani MM (2016) Security attacks in cloud computing. In: Elements of cloud computing security. Springer, Berlin, pp 41–50Google Scholar
  6. 6.
    Hashem IAT, Yaqoob I, Anuar NB, Mokhtar S, Gani A, Ullah Khan S (2015) The rise of “big data” on cloud computing: Review and open research issues. Inf Syst. Scholar
  7. 7.
    Kalapatapu A, Sarkar M (2017) Cloud computing: an overview. In: Cloud computing: methodology, systems, and applications.
  8. 8.
    Fernando N, Loke SW, Rahayu W (2013) Mobile cloud computing: a survey. Future Gener Comput Syst 29(1):84–106, ElsevierCrossRefGoogle Scholar
  9. 9.
    Grobauer B, Walloschek T, Stöcker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Priv. Scholar
  10. 10.
    Xu X (2012) From cloud computing to cloud manufacturing. Robot Comput-Integr Manuf. Scholar
  11. 11.
    Alani MM (2016) What is the cloud? In: Elements of cloud computing security. Springer, Berlin, pp 1–14Google Scholar
  12. 12.
    Mell P, Grance T et al (2011) The NIST definition of cloud computing. Computer Security Division, Information Technology Laboratory, National Institute of Standards and TechnologyGoogle Scholar
  13. 13.
    Kaur M, Singh H (2015) A review of cloud computing security issues. Intl J Adv Eng Technol 8(3):397Google Scholar
  14. 14.
    Alani MM (2016) Elements of cloud computing security: a survey of key practicalities. Springer, BerlinGoogle Scholar
  15. 15.
    Shahin M, Babar MA, Zhu L (2017) Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE Access 5:3909–3943. Scholar
  16. 16.
    Mushtaq Z, Rasool G, Shehzad B (2017) Multilingual source code analysis: a systematic literature review. IEEE Access 5:11307–11336. Scholar
  17. 17.
    Moher D, Liberati A, Tetzlaff J, Altman DG (2009) Preferred reporting items for systematic reviews and meta-analyses: the prisma statement. Ann Intern Med 151(4):264–269CrossRefGoogle Scholar
  18. 18.
    Al-Kaseem BR, Al-Dunainawi Y, Al-Raweshidy HS (2019) End-to-end delay enhancement in 6LoWPAN testbed using programmable network concepts. IEEE Internet Things J 1. Scholar
  19. 19.
    Al-Kaseem BR, Al-Raweshidyhamed HS (2017) SD-NFV as an energy efficient approach for M2M networks using cloud-based 6LoWPAN testbed. IEEE Internet Things J 4(5):1787–1797. Scholar
  20. 20.
    Chen T, Bahsoon R (2017) Self-adaptive and online QoS modeling for cloud-based software services. IEEE Trans Softw Eng 43(5):453–475. Scholar
  21. 21.
    Goodacre J (2017) Innovating the delivery of server technology with Kaleao KMAX. Comput Sci Eng 19(5):77–81. Scholar
  22. 22.
    Hu G, Sun X, Liang D, Sun Y (2014) Cloud removal of remote sensing image based on multi-output support vector regression. J Syst Eng Electr 25(6):1082–1088. Scholar
  23. 23.
    Kantarci B, Mouftah HT (2014) Trustworthy sensing for public safety in cloud-centric internet of things. IEEE Internet Things J 1(4):360–368. Scholar
  24. 24.
    Mocskos EH, C.J.B., Castro H, Ramírez DC, Nesmachnow S, Mayo-García R (2018) Boosting advanced computational applications and resources in latin america through collaboration and sharing. Comput Sci Eng 20(3), 39–48 (2018). Scholar
  25. 25.
    Wang Y, Wang J, Liao H, Chen H (2017) Unsupervised feature selection based on Markov blanket and particle swarm optimization. J Syst Eng Electr 28(1):151–161. Scholar
  26. 26.
    Wu Y, He F, Zhang D, Li X (2018) Service-oriented feature-based data exchange for cloud-based design and manufacturing. IEEE Trans Serv Comput 11(2):341–353. Scholar
  27. 27.
    Xiaolong X, Qitong Z, Yiqi M, Xinyuan L (2018) Server load prediction algorithm based on CM-MC for cloud systems. J Syst Eng Electr 29(5):1069–1078. Scholar
  28. 28.
    Yuan H, Bi J, Li B (2015) Workload-aware request routing in cloud data center using software-defined networking. J Syst Eng Electr 26(1):151–160. Scholar
  29. 29.
    Zhang W, Xie H, Hsu C (2017) Automatic memory control of multiple virtual machines on a consolidated server. IEEE Trans Cloud Comput 5(1):2–14. Scholar
  30. 30.
    Alnasser A, Sun H, Jiang J. Cyber security challenges and solutions for V2X communications: a survey. Comput Netw. doi S1389128618306157Google Scholar
  31. 31.
    Brenier JL (1967) The role of the Halsted operation in treatment of breast cancer. Int Surg 47(3):288–290.
  32. 32.
    Cruz L, Abreu R, Lo D (2019) To the attention of mobile software developers: guess what, test your app!. Empirical Softw Eng, 1–31, SpringerGoogle Scholar
  33. 33.
    Ibrahim AS, Hamlyn J, Grundy J (2010) Emerging security challenges of cloud virtual infrastructure. In: Proceedings of APSEC 2010 cloud workshop. doi Scholar
  34. 34.
    Li ZH (2014) Research on data security in cloud computing. Adv Mater Res 930(5):2811–2814. doi 10.4028/ Scholar
  35. 35.
    Hu P, Dhelim S, Ning H, Qiu T (2017). Survey on fog computing: architecture, key technologies, applications and open issues. J Netw Comput Appl 98:27–42, ElsevierGoogle Scholar
  36. 36.
    Tian Z, Su S, Li M, Du X, Guizani M et al (2019) Automated attack and defense framework for 5G security on physical and logical layers.
  37. 37.
    Geng R, Wang X, Liu J (2018) A software defined networking-oriented security scheme for vehicle networks. IEEE Access 6:58195–58203. Scholar
  38. 38.
    Heartfield R, Loukas G, Gan D (2017) An eye for deception: a case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks. In: 2017 IEEE 15th international conference on software engineering research, management and applications (SERA), 371–378.
  39. 39.
    Martin W, Sarro F, Jia Y, Zhang Y, Harman M (2017) A survey of app store analysis for software engineering. IEEE Trans Software Eng 43(9):817–847. Scholar
  40. 40.
    Siboni S, Sachidananda V, Meidan Y, Bohadana M, Mathov Y, Bhairav S, Shabtai A, Elovici Y (2018) Security testbed for internet-of-things devices. IEEE Trans Reliab 1–22. Scholar
  41. 41.
    Luo M, Zhou X, Li L, Choo KR, He D (2017) Security analysis of two password-authenticated multi-key exchange protocols. IEEE Access 5:8017–8024. Scholar
  42. 42.
    Mingfu X, Aiqun H, Guyue L (2014) Detecting hardware trojan through heuristic partition and activity driven test pattern generation. In: 2014 communications security conference (CSC 2014), pp 1–6.
  43. 43.
    Su Q, He F, Wu N, Lin Z (2018) A method for construction of software protection technology application sequence based on petri net with inhibitor arcs. IEEE Access 6:11988–12000. Scholar
  44. 44.
    Wang B, Chen Y, Zhang S, Wu H (2019) Updating model of software component trustworthiness based on users feedback. IEEE Access 1. Scholar
  45. 45.
    Wang S, Wu J, Zhang S, Wang K (2018) SSDS: a smart software-defined security mechanism for vehicle-to-grid using transfer learning. IEEE Access 6:63967–63975. Scholar
  46. 46.
    Cox JH, Chung J, Donovan S, Ivey J, Clark RJ, Riley G, Owen HL (2017) Advancing software-defined networks: a survey. IEEE Access 5:25487–25526. Scholar
  47. 47.
    Zahra S, Alam M, Javaid Q, Wahid A, Javaid N, Malik SUR, Khan MK (2017) Fog computing over IoT: a secure deployment and formal verification. IEEE Access 5:27132–27144. Scholar
  48. 48.
    Sharma PK, Chen M, Park JH (2018) A software defined fog node based distributed blockchain cloud architecture for IoT. IEEE Access 6:115–124. Scholar
  49. 49.
    Wang D, Jiang Y, Song H, He F, Gu M, Sun J (2017) Verification of implementations of cryptographic hash functions. IEEE Access 5:7816–7825. Scholar
  50. 50.
    Ashraf MA, Jamal H, Khan SA, Ahmed Z, Baig MI (2016) A heterogeneous service-oriented deep packet inspection and analysis framework for traffic-aware network management and security systems. IEEE Access 4:5918–5936. Scholar
  51. 51.
    Bangash YA, Rana T, Abbas H, Imran MA, Khan AA (2019) Incast mitigation in a data center storage cluster through a dynamic fair-share buffer policy. IEEE Access 7:10718–10733. Scholar
  52. 52.
    Zou D, Huang Z, Yuan B, Chen H, Jin H (2018) Solving anomalies in NFV-SDN based service function chaining composition for IoT network. IEEE Access 6:62286–62295. Scholar
  53. 53.
    Dehling T, Sunyaev A (2014) Information security and privacy of patient-centered health IT services: what needs to be done? In: 2014 47th Hawaii international conference on system sciences, pp. 2984–2993.
  54. 54.
    Li X, Wang Q, Lan X, Chen X, Zhang N, Chen D (2019) Enhancing cloud-based IoT security through trustworthy cloud service: an integration of security and reputation approach. IEEE Access 7:9368–9383. Scholar
  55. 55.
    Shu X, Yao D, Bertino E (2015) Privacy-preserving detection of sensitive data exposure. IEEE Trans Inf Forens Secur 10(5):1092–1103. Scholar
  56. 56.
    Sheikh NA, Malik AA, Mahboob A, Nisa K (2014) Implementing voice over Internet protocol in mobile ad hoc network—analysing its features regarding efficiency, reliability and security. J Eng 2014(5):184–192. Scholar
  57. 57.
    Ullah R, Ahmed SH, Kim B (2018) Information-centric networking with edge computing for IoT: research challenges and future directions. IEEE Access 6:73465–73488. Scholar
  58. 58.
    Chin T, Xiong K, Hu C (2018) Phishlimiter: a phishing detection and mitigation approach using software-defined networking. IEEE Access 6:42516–42531. Scholar
  59. 59.
    Sun J, Long X, Zhao Y (2018) A verified capability-based model for information flow security with dynamic policies. IEEE Access 6:16395–16407. Scholar
  60. 60.
    Dorey P (2017) Securing the internet of things. In: Smart cards, tokens, security and applications, 2nd edn. Scholar
  61. 61.
    Jarraya Y, Zanetti G, PietikÄInen A, Obi C, Ylitalo J, Nanda S, Jorgensen MB, Pourzandi M (2017) Securing the cloud. Ericsson review (English edn).
  62. 62.
    Biswas K, Muthukkumarasamy V (2017) Securing smart cities using blockchain technology. In: Proceedings—18th IEEE international conference on high performance computing and communications, 14th IEEE international conference on smart city and 2nd IEEE international conference on data science and systems, HPCC/SmartCity/DSS 2016.
  63. 63.
    Yi S, Li C, Li Q (2015) A survey of fog computing: concepts, applications and issues (#16). In: Proceedings of the 2015 workshop on mobile big data—Mobidata’15.
  64. 64.
    Alani MM (2016) General cloud security recommendations. In: Elements of cloud computing security, pp 51–54. Springer, BerlinGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Liverpool John-Moores UniversityLiverpoolUK
  2. 2.Senior Member of the ACMAbu DhabiUAE

Personalised recommendations