Advertisement

Security Challenges in Software Engineering for the Cloud: A Systematic Review

  • Mohamed Alloghani
  • Mohammed M. AlaniEmail author
Chapter
  • 109 Downloads
Part of the Computer Communications and Networks book series (CCN)

Abstract

Cloud computing is among the fastest growing technologies, and it has brought noticeable growth in security concerns. Despite the security challenges, cloud computing has proven pivotal in the development and success of distributed systems. This comes from certain features such as rapid elasticity, on-demand service deployment, and support for self-service. All these features are associated with security challenges such as data breaches, network security, data access, denial of service attacks, hijacking of accounts, and exploitable system vulnerabilities. Regardless of the cloud model, the cloud software development process and the consideration of integrated security features are critical for securing cloud computing. As such, software engineering is required to play an essential role in combating cloud security issues in the future applications. In this paper, we introduce a systematic review of articles in the area of software engineering security challenges on the cloud. The review examines articles that were published between 2014 and 2019. The procedure for article qualification relied on the elucidation of Preferred Reporting Items for Systematic Reviews and Meta-Analyses premises. Meta-analysis checklist was employed to explore the analytical quality of the reviewed papers. Some of the issues considered were included, but were not limited to, cloud models of service delivery, access control, harm detection, and integrity. All these elements are discussed from the perspective of software engineering and its prospect in improving cloud security.

Keywords

Security Software engineering security Service security Security survey 

References

  1. 1.
    Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I, Zaharia M (2009) Above the clouds: a Berkeley view of cloud computing. EECS Department, University of California, Berkeley.  https://doi.org/10.1145/1721654.1721672CrossRefGoogle Scholar
  2. 2.
    Hunt SE, Mooney JG, Williams ML (2014) Cloud computing. In: Computing handbook, 3rd edn. Information systems and information technology.  https://doi.org/10.1201/b16768Google Scholar
  3. 3.
    Foster I, Zhao Y, Raicu I, Lu S (2008) Cloud computing and grid computing 360-degree compared. In: Grid computing environments workshop, GCE 2008.  https://doi.org/10.1109/gce.2008.4738445
  4. 4.
    Marston S, Li Z, Bandyopadhyay S, Zhang J, Ghalsasi A (2011) Cloud computing—the business perspective. Decis Support Syst.  https://doi.org/10.1016/j.dss.2010.12.006CrossRefGoogle Scholar
  5. 5.
    Alani MM (2016) Security attacks in cloud computing. In: Elements of cloud computing security. Springer, Berlin, pp 41–50Google Scholar
  6. 6.
    Hashem IAT, Yaqoob I, Anuar NB, Mokhtar S, Gani A, Ullah Khan S (2015) The rise of “big data” on cloud computing: Review and open research issues. Inf Syst.  https://doi.org/10.1016/j.is.2014.07.006CrossRefGoogle Scholar
  7. 7.
    Kalapatapu A, Sarkar M (2017) Cloud computing: an overview. In: Cloud computing: methodology, systems, and applications.  https://doi.org/10.1201/b11149
  8. 8.
    Fernando N, Loke SW, Rahayu W (2013) Mobile cloud computing: a survey. Future Gener Comput Syst 29(1):84–106, ElsevierCrossRefGoogle Scholar
  9. 9.
    Grobauer B, Walloschek T, Stöcker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Priv.  https://doi.org/10.1109/msp.2010.115CrossRefGoogle Scholar
  10. 10.
    Xu X (2012) From cloud computing to cloud manufacturing. Robot Comput-Integr Manuf.  https://doi.org/10.1016/j.rcim.2011.07.002CrossRefGoogle Scholar
  11. 11.
    Alani MM (2016) What is the cloud? In: Elements of cloud computing security. Springer, Berlin, pp 1–14Google Scholar
  12. 12.
    Mell P, Grance T et al (2011) The NIST definition of cloud computing. Computer Security Division, Information Technology Laboratory, National Institute of Standards and TechnologyGoogle Scholar
  13. 13.
    Kaur M, Singh H (2015) A review of cloud computing security issues. Intl J Adv Eng Technol 8(3):397Google Scholar
  14. 14.
    Alani MM (2016) Elements of cloud computing security: a survey of key practicalities. Springer, BerlinGoogle Scholar
  15. 15.
    Shahin M, Babar MA, Zhu L (2017) Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE Access 5:3909–3943.  https://doi.org/10.1109/ACCESS.2017.2685629CrossRefGoogle Scholar
  16. 16.
    Mushtaq Z, Rasool G, Shehzad B (2017) Multilingual source code analysis: a systematic literature review. IEEE Access 5:11307–11336.  https://doi.org/10.1109/ACCESS.2017.2710421CrossRefGoogle Scholar
  17. 17.
    Moher D, Liberati A, Tetzlaff J, Altman DG (2009) Preferred reporting items for systematic reviews and meta-analyses: the prisma statement. Ann Intern Med 151(4):264–269CrossRefGoogle Scholar
  18. 18.
    Al-Kaseem BR, Al-Dunainawi Y, Al-Raweshidy HS (2019) End-to-end delay enhancement in 6LoWPAN testbed using programmable network concepts. IEEE Internet Things J 1.  https://doi.org/10.1109/jiot.2018.2879111CrossRefGoogle Scholar
  19. 19.
    Al-Kaseem BR, Al-Raweshidyhamed HS (2017) SD-NFV as an energy efficient approach for M2M networks using cloud-based 6LoWPAN testbed. IEEE Internet Things J 4(5):1787–1797.  https://doi.org/10.1109/JIOT.2017.2704921CrossRefGoogle Scholar
  20. 20.
    Chen T, Bahsoon R (2017) Self-adaptive and online QoS modeling for cloud-based software services. IEEE Trans Softw Eng 43(5):453–475.  https://doi.org/10.1109/TSE.2016.2608826CrossRefGoogle Scholar
  21. 21.
    Goodacre J (2017) Innovating the delivery of server technology with Kaleao KMAX. Comput Sci Eng 19(5):77–81.  https://doi.org/10.1109/MCSE.2017.3421544CrossRefGoogle Scholar
  22. 22.
    Hu G, Sun X, Liang D, Sun Y (2014) Cloud removal of remote sensing image based on multi-output support vector regression. J Syst Eng Electr 25(6):1082–1088.  https://doi.org/10.1109/JSEE.2014.00124CrossRefGoogle Scholar
  23. 23.
    Kantarci B, Mouftah HT (2014) Trustworthy sensing for public safety in cloud-centric internet of things. IEEE Internet Things J 1(4):360–368.  https://doi.org/10.1109/JIOT.2014.2337886CrossRefGoogle Scholar
  24. 24.
    Mocskos EH, C.J.B., Castro H, Ramírez DC, Nesmachnow S, Mayo-García R (2018) Boosting advanced computational applications and resources in latin america through collaboration and sharing. Comput Sci Eng 20(3), 39–48 (2018).  https://doi.org/10.1109/mcse.2018.03202633CrossRefGoogle Scholar
  25. 25.
    Wang Y, Wang J, Liao H, Chen H (2017) Unsupervised feature selection based on Markov blanket and particle swarm optimization. J Syst Eng Electr 28(1):151–161.  https://doi.org/10.21629/JSEE.2017.01.17CrossRefGoogle Scholar
  26. 26.
    Wu Y, He F, Zhang D, Li X (2018) Service-oriented feature-based data exchange for cloud-based design and manufacturing. IEEE Trans Serv Comput 11(2):341–353.  https://doi.org/10.1109/TSC.2015.2501981CrossRefGoogle Scholar
  27. 27.
    Xiaolong X, Qitong Z, Yiqi M, Xinyuan L (2018) Server load prediction algorithm based on CM-MC for cloud systems. J Syst Eng Electr 29(5):1069–1078.  https://doi.org/10.21629/JSEE.2018.05.17CrossRefGoogle Scholar
  28. 28.
    Yuan H, Bi J, Li B (2015) Workload-aware request routing in cloud data center using software-defined networking. J Syst Eng Electr 26(1):151–160.  https://doi.org/10.1109/JSEE.2015.00020CrossRefGoogle Scholar
  29. 29.
    Zhang W, Xie H, Hsu C (2017) Automatic memory control of multiple virtual machines on a consolidated server. IEEE Trans Cloud Comput 5(1):2–14.  https://doi.org/10.1109/TCC.2014.2378794CrossRefGoogle Scholar
  30. 30.
    Alnasser A, Sun H, Jiang J. Cyber security challenges and solutions for V2X communications: a survey. Comput Netw. doi S1389128618306157Google Scholar
  31. 31.
    Brenier JL (1967) The role of the Halsted operation in treatment of breast cancer. Int Surg 47(3):288–290. https://doi.org/arXiv:1609.01107
  32. 32.
    Cruz L, Abreu R, Lo D (2019) To the attention of mobile software developers: guess what, test your app!. Empirical Softw Eng, 1–31, SpringerGoogle Scholar
  33. 33.
    Ibrahim AS, Hamlyn J, Grundy J (2010) Emerging security challenges of cloud virtual infrastructure. In: Proceedings of APSEC 2010 cloud workshop. doi 10.1.1.185.603Google Scholar
  34. 34.
    Li ZH (2014) Research on data security in cloud computing. Adv Mater Res 930(5):2811–2814. doi 10.4028/www.scientific.net/AMR.926-930.2811. http://www.scientific.net/AMR.926-930.2811CrossRefGoogle Scholar
  35. 35.
    Hu P, Dhelim S, Ning H, Qiu T (2017). Survey on fog computing: architecture, key technologies, applications and open issues. J Netw Comput Appl 98:27–42, ElsevierGoogle Scholar
  36. 36.
    Tian Z, Su S, Li M, Du X, Guizani M et al (2019) Automated attack and defense framework for 5G security on physical and logical layers. https://doi.org/arXiv:1902.04009
  37. 37.
    Geng R, Wang X, Liu J (2018) A software defined networking-oriented security scheme for vehicle networks. IEEE Access 6:58195–58203.  https://doi.org/10.1109/ACCESS.2018.2875104CrossRefGoogle Scholar
  38. 38.
    Heartfield R, Loukas G, Gan D (2017) An eye for deception: a case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks. In: 2017 IEEE 15th international conference on software engineering research, management and applications (SERA), 371–378.  https://doi.org/10.1109/sera.2017.7965754
  39. 39.
    Martin W, Sarro F, Jia Y, Zhang Y, Harman M (2017) A survey of app store analysis for software engineering. IEEE Trans Software Eng 43(9):817–847.  https://doi.org/10.1109/tse.2016.2630689CrossRefGoogle Scholar
  40. 40.
    Siboni S, Sachidananda V, Meidan Y, Bohadana M, Mathov Y, Bhairav S, Shabtai A, Elovici Y (2018) Security testbed for internet-of-things devices. IEEE Trans Reliab 1–22.  https://doi.org/10.1109/tr.2018.2864536CrossRefGoogle Scholar
  41. 41.
    Luo M, Zhou X, Li L, Choo KR, He D (2017) Security analysis of two password-authenticated multi-key exchange protocols. IEEE Access 5:8017–8024.  https://doi.org/10.1109/ACCESS.2017.2698390CrossRefGoogle Scholar
  42. 42.
    Mingfu X, Aiqun H, Guyue L (2014) Detecting hardware trojan through heuristic partition and activity driven test pattern generation. In: 2014 communications security conference (CSC 2014), pp 1–6.  https://doi.org/10.1049/cp.2014.0728
  43. 43.
    Su Q, He F, Wu N, Lin Z (2018) A method for construction of software protection technology application sequence based on petri net with inhibitor arcs. IEEE Access 6:11988–12000.  https://doi.org/10.1109/ACCESS.2018.2812764CrossRefGoogle Scholar
  44. 44.
    Wang B, Chen Y, Zhang S, Wu H (2019) Updating model of software component trustworthiness based on users feedback. IEEE Access 1.  https://doi.org/10.1109/access.2019.2892518CrossRefGoogle Scholar
  45. 45.
    Wang S, Wu J, Zhang S, Wang K (2018) SSDS: a smart software-defined security mechanism for vehicle-to-grid using transfer learning. IEEE Access 6:63967–63975.  https://doi.org/10.1109/ACCESS.2018.2870955CrossRefGoogle Scholar
  46. 46.
    Cox JH, Chung J, Donovan S, Ivey J, Clark RJ, Riley G, Owen HL (2017) Advancing software-defined networks: a survey. IEEE Access 5:25487–25526.  https://doi.org/10.1109/ACCESS.2017.2762291CrossRefGoogle Scholar
  47. 47.
    Zahra S, Alam M, Javaid Q, Wahid A, Javaid N, Malik SUR, Khan MK (2017) Fog computing over IoT: a secure deployment and formal verification. IEEE Access 5:27132–27144.  https://doi.org/10.1109/ACCESS.2017.2766180CrossRefGoogle Scholar
  48. 48.
    Sharma PK, Chen M, Park JH (2018) A software defined fog node based distributed blockchain cloud architecture for IoT. IEEE Access 6:115–124.  https://doi.org/10.1109/ACCESS.2017.2757955CrossRefGoogle Scholar
  49. 49.
    Wang D, Jiang Y, Song H, He F, Gu M, Sun J (2017) Verification of implementations of cryptographic hash functions. IEEE Access 5:7816–7825.  https://doi.org/10.1109/ACCESS.2017.2697918CrossRefGoogle Scholar
  50. 50.
    Ashraf MA, Jamal H, Khan SA, Ahmed Z, Baig MI (2016) A heterogeneous service-oriented deep packet inspection and analysis framework for traffic-aware network management and security systems. IEEE Access 4:5918–5936.  https://doi.org/10.1109/ACCESS.2016.2609398CrossRefGoogle Scholar
  51. 51.
    Bangash YA, Rana T, Abbas H, Imran MA, Khan AA (2019) Incast mitigation in a data center storage cluster through a dynamic fair-share buffer policy. IEEE Access 7:10718–10733.  https://doi.org/10.1109/ACCESS.2019.2891264CrossRefGoogle Scholar
  52. 52.
    Zou D, Huang Z, Yuan B, Chen H, Jin H (2018) Solving anomalies in NFV-SDN based service function chaining composition for IoT network. IEEE Access 6:62286–62295.  https://doi.org/10.1109/ACCESS.2018.2876314CrossRefGoogle Scholar
  53. 53.
    Dehling T, Sunyaev A (2014) Information security and privacy of patient-centered health IT services: what needs to be done? In: 2014 47th Hawaii international conference on system sciences, pp. 2984–2993.  https://doi.org/10.1109/hicss.2014.371
  54. 54.
    Li X, Wang Q, Lan X, Chen X, Zhang N, Chen D (2019) Enhancing cloud-based IoT security through trustworthy cloud service: an integration of security and reputation approach. IEEE Access 7:9368–9383.  https://doi.org/10.1109/ACCESS.2018.2890432CrossRefGoogle Scholar
  55. 55.
    Shu X, Yao D, Bertino E (2015) Privacy-preserving detection of sensitive data exposure. IEEE Trans Inf Forens Secur 10(5):1092–1103.  https://doi.org/10.1109/TIFS.2015.2398363CrossRefGoogle Scholar
  56. 56.
    Sheikh NA, Malik AA, Mahboob A, Nisa K (2014) Implementing voice over Internet protocol in mobile ad hoc network—analysing its features regarding efficiency, reliability and security. J Eng 2014(5):184–192.  https://doi.org/10.1049/joe.2014.0035CrossRefGoogle Scholar
  57. 57.
    Ullah R, Ahmed SH, Kim B (2018) Information-centric networking with edge computing for IoT: research challenges and future directions. IEEE Access 6:73465–73488.  https://doi.org/10.1109/ACCESS.2018.2884536CrossRefGoogle Scholar
  58. 58.
    Chin T, Xiong K, Hu C (2018) Phishlimiter: a phishing detection and mitigation approach using software-defined networking. IEEE Access 6:42516–42531.  https://doi.org/10.1109/ACCESS.2018.2837889CrossRefGoogle Scholar
  59. 59.
    Sun J, Long X, Zhao Y (2018) A verified capability-based model for information flow security with dynamic policies. IEEE Access 6:16395–16407.  https://doi.org/10.1109/ACCESS.2018.2815766CrossRefGoogle Scholar
  60. 60.
    Dorey P (2017) Securing the internet of things. In: Smart cards, tokens, security and applications, 2nd edn.  https://doi.org/10.1007/978-3-319-50500-8_16CrossRefGoogle Scholar
  61. 61.
    Jarraya Y, Zanetti G, PietikÄInen A, Obi C, Ylitalo J, Nanda S, Jorgensen MB, Pourzandi M (2017) Securing the cloud. Ericsson review (English edn).  https://doi.org/10.1016/c2009-0-30544-9
  62. 62.
    Biswas K, Muthukkumarasamy V (2017) Securing smart cities using blockchain technology. In: Proceedings—18th IEEE international conference on high performance computing and communications, 14th IEEE international conference on smart city and 2nd IEEE international conference on data science and systems, HPCC/SmartCity/DSS 2016.  https://doi.org/10.1109/hpcc-smartcity-dss.2016.0198
  63. 63.
    Yi S, Li C, Li Q (2015) A survey of fog computing: concepts, applications and issues (#16). In: Proceedings of the 2015 workshop on mobile big data—Mobidata’15.  https://doi.org/10.1145/2757384.2757397
  64. 64.
    Alani MM (2016) General cloud security recommendations. In: Elements of cloud computing security, pp 51–54. Springer, BerlinGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Liverpool John-Moores UniversityLiverpoolUK
  2. 2.Senior Member of the ACMAbu DhabiUAE

Personalised recommendations