Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet from lightweight portable devices. This would allow multi-fold increase in the capacity and capabilities of the existing and new software. In a cloud computing environment, the entire data resides over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centres may be located in any part of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and addressed. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be addressed with respect to security and privacy in a cloud computing environment. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders associated with it. Keywordsas a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Interoperability, Denial of Service (DoS), Distributed Denial of Service (DDoS), Mobile Cloud Computing (MCC), Optical Character Recognition (OCR), Community of Interest (COI).

[1]  Jonathan Katz,et al.  Efficient cryptographic protocols preventing man-in-the-middle attacks , 2002 .

[2]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[3]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[4]  Ruixuan Li,et al.  SMEF: An Entropy-Based Security Framework for Cloud-Oriented Service Mashup , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[5]  Zhuolin Yang,et al.  Virtualization security for cloud computing service , 2011, 2011 International Conference on Cloud and Service Computing.

[6]  Tzi-cker Chiueh,et al.  Portable and Efficient Continuous Data Protection for Network File Servers , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[7]  A. B. M. Shawkat Ali,et al.  Trust Issues that Create Threats for Cyber Attacks in Cloud Computing , 2011, 2011 IEEE 17th International Conference on Parallel and Distributed Systems.

[8]  Marios D. Dikaiakos,et al.  Cloud Computing: Distributed Internet Computing for IT and Scientific Research , 2009, IEEE Internet Computing.

[9]  Michael Steiner,et al.  SMash: secure component model for cross-domain mashups on unmodified browsers , 2008, WWW.

[10]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[11]  Sugata Sanyal,et al.  A Novel Multipath Approach to Security in Mobile Ad Hoc Networks (MANETs) , 2011, ArXiv.

[12]  Jennifer Rexford,et al.  Autonomous security for autonomous systems , 2008, Comput. Networks.

[13]  Roberto Bifulco,et al.  Integrating a network IDS into an open source Cloud Computing environment , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[14]  Lizhe Wang,et al.  Scientific Cloud Computing: Early Definition and Experience , 2008, 2008 10th IEEE International Conference on High Performance Computing and Communications.

[15]  Robert L. Grossman,et al.  The Case for Cloud Computing , 2009, IT Professional.

[16]  Pradnyesh Rane Securing SaaS Applications: A Cloud Security Perspective for Application Providers , 2011 .

[17]  Dieter Gollmann,et al.  Securing Web applications , 2008, Inf. Secur. Tech. Rep..

[18]  Yang Peng,et al.  CAPTCHA design based on moving object recognition problem , 2010, The 3rd International Conference on Information Sciences and Interaction Sciences.

[19]  Michael Hall,et al.  Security and Control in the Cloud , 2010, Inf. Secur. J. A Glob. Perspect..

[20]  Kai Hwang,et al.  Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[21]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[22]  Dion Hinchcliffe,et al.  Web 2.0 Architectures - What entrepreneurs and information architects need to know , 2009 .

[23]  Chase Qishi Wu,et al.  On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks , 2010, SpringSim.

[24]  Marco Furini,et al.  International Journal of Computer and Applications , 2010 .

[25]  Gurdev Singh,et al.  SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS , 2011 .

[26]  A. Volokyta,et al.  Secure virtualization in cloud computing , 2012, Proceedings of International Conference on Modern Problem of Radio Engineering, Telecommunications and Computer Science.

[27]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[28]  V. N. Venkatakrishnan,et al.  Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[29]  R. Lua,et al.  Mitigating DDoS attacks with transparent and intelligent fast-flux swarm network , 2011, IEEE Network.

[30]  T. Grance,et al.  SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing , 2011 .

[31]  Hiroyuki Sato,et al.  A Cloud Trust Model in a Security Aware Cloud , 2010, 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet.

[32]  Bu-Sung Lee,et al.  Towards Achieving Accountability, Auditability and Trust in Cloud Computing , 2011, ACC.

[33]  Jian Huang,et al.  SaaAS - The mobile agent based service for cloud computing in internet environment , 2010, 2010 Sixth International Conference on Natural Computation.

[34]  Xuezeng Pan,et al.  Use trust management module to achieve effective security mechanisms in cloud environment , 2010, 2010 International Conference on Electronics and Information Engineering.

[35]  R. Chitra,et al.  Securing cloud from ddos attacks using intrusion detection system in virtual machine , 2013 .

[36]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[37]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[38]  Antero Taivalsaari Mashware: the future of web applications , 2009 .

[39]  Justin Clarke,et al.  SQL Injection Attacks and Defense , 2009 .

[40]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[41]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[42]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[43]  Angelos Stavrou,et al.  SQLProb: a proxy-based architecture towards preventing SQL injection attacks , 2009, SAC '09.

[44]  Sugata Sanyal,et al.  A New Trusted and Collaborative Agent Based Approach for Ensuring Cloud Security , 2011, ArXiv.

[45]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.

[46]  Ian Rathie An Approach to Application Security , 2002 .

[47]  Joe Weinman,et al.  The future of Cloud Computing , 2011, 2011 IEEE Technology Time Machine Symposium on Technologies Beyond 2020.

[48]  Jeffrey S. Chase,et al.  Automated control in cloud computing: challenges and opportunities , 2009, ACDC '09.

[49]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[50]  Cong Wang,et al.  Toward publicly auditable secure cloud data storage services , 2010, IEEE Network.

[51]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[52]  Ian Lumb,et al.  A Taxonomy and Survey of Cloud Computing Systems , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[53]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[54]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[55]  Rituparna Chaki,et al.  Handling Write Lock Assignment in Cloud Computing Environment , 2011, CISIM.

[56]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[57]  Shufen Zhang,et al.  Cloud Computing Research and Development Trend , 2010, 2010 Second International Conference on Future Networks.

[58]  Yogesh L. Simmhan,et al.  A survey of data provenance techniques , 2005 .

[59]  Kevin W. Hamlen,et al.  Security Issues for Cloud Computing , 2010, Int. J. Inf. Secur. Priv..

[60]  Sugata Sanyal,et al.  CompChall: addressing password guessing attacks , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[61]  Neal Leavitt,et al.  Is Cloud Computing Really Ready for Prime Time? , 2009, Computer.

[62]  Xi He,et al.  Cloud Computing: a Perspective Study , 2010, New Generation Computing.

[63]  Kai Miao,et al.  A Simple Technique for Securing Data at Rest Stored in a Computing Cloud , 2009, CloudCom.

[64]  Der-Feng Tseng,et al.  A Study of CAPTCHA and Its Application to User Authentication , 2010, ICCCI.

[65]  Farzad Sabahi,et al.  Secure Virtualization for Cloud Environment Using Hypervisor-based Technology , 2012 .

[66]  Sugata Sanyal,et al.  A Multi-Factor Security Protocol for Wireless Payment - Secure Web Authentication using Mobile Devices , 2011, ArXiv.

[67]  Raouf Boutaba,et al.  Cloud computing: state-of-the-art and research challenges , 2010, Journal of Internet Services and Applications.

[68]  San Murugesan,et al.  Understanding Web 2.0 , 2007, IT Professional.

[69]  Daiyuan Peng,et al.  Resource allocation for security services in mobile cloud computing , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[70]  Sharad Singhal,et al.  IT Support Conversation Manager: A Conversation-Centered Approach and Tool for Managing Best Practice IT Processes , 2010, 2010 14th IEEE International Enterprise Distributed Object Computing Conference.

[71]  Yi Ding,et al.  Network security for virtual machine in cloud computing , 2010, 5th International Conference on Computer Sciences and Convergence Information Technology.

[72]  Michael Kretzschmar,et al.  Security management interoperability challenges for Collaborative Clouds , 2010, 2010 4th International DMTF Academic Alliance Workshop on Systems and Virtualization Management.

[73]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[74]  Mounir Frikha,et al.  Malicious sniffing systems detection platform , 2004, 2004 International Symposium on Applications and the Internet. Proceedings..

[75]  Dharma P. Agrawal,et al.  Jigsaw-based secure data transfer over computer networks , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[76]  Meledath Damodaran,et al.  Security in web 2.0 application development , 2008, iiWAS.

[77]  Sakshi Kaushal,et al.  Cloud Computing Security Issues and Challenges: A Survey , 2011, ACC.

[79]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[80]  Chonho Lee,et al.  A survey of mobile cloud computing: architecture, applications, and approaches , 2013, Wirel. Commun. Mob. Comput..

[81]  Richard Wolski,et al.  The Eucalyptus Open-Source Cloud-Computing System , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[82]  J. Reuben,et al.  A Survey on Virtual Machine Security , 2007 .

[83]  Amy Shuen,et al.  Web 2.0 - a strategy guide: business thinking and strategies behind successful Web 2.0 implementations , 2008 .

[84]  L. Youseff,et al.  Toward a Unified Ontology of Cloud Computing , 2008, 2008 Grid Computing Environments Workshop.

[85]  Rich Maggiani Cloud computing is changing how we communicate , 2009, 2009 IEEE International Professional Communication Conference.

[86]  Krishnashree Achuthan,et al.  Preventing Insider Attacks in the Cloud , 2011, ACC.

[87]  Matthew Metheny,et al.  Security and Privacy in Public Cloud Computing , 2013, CloudCom 2013.

[88]  Kevin Lee,et al.  Data Consistency Properties and the Trade-offs in Commercial Cloud Storage: the Consumers' Perspective , 2011, CIDR.

[89]  Prashant J. Shenoy,et al.  The Case for Enterprise-Ready Virtual Private Clouds , 2009, HotCloud.

[90]  Eystein Mathisen,et al.  Security challenges and solutions in cloud computing , 2011, 5th IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2011).

[91]  Liang-Jie Zhang,et al.  CCOA: Cloud Computing Open Architecture , 2009, 2009 IEEE International Conference on Web Services.

[92]  Sawan Kumar,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.