Cloud computing security taxonomy: From an atomistic to a holistic view

Abstract Countless discussions around security challenges affecting cloud computing are often large textual accounts, which can be cumbersome to read and prone to misinterpretation. The growing reliance on cloud computing means that not only should we focus on evaluating its security challenges but devote greater attention towards how challenges are viewed and communicated. With many cloud computing implementations in use and a growing evolution of the cloud paradigm (including fog, edge and cloudlets), comprehending, correlating and classifying diverse perspectives to security challenges increasingly becomes critical. Current classifications are only suited for limited use; both as effective tools for research and countermeasures design. The taxonomic approach has been used as a modeling technique towards classifying concepts across many domains. This paper surveys multiple perspectives of cloud security challenges and systematically develops corresponding graphical taxonomy based upon meta-synthesis of important cloud security concepts in literature. The contributions and significance of this work are as follows: (1) a holistic view simplifies visualization for the reader by providing illustrative graphics of existing textual perspectives, highlighting entity relationships among cloud entities/players thereby exposing security areas at every layer of the cloud. (2) a holistic taxonomy that facilitates the design of enforcement or corrective countermeasures based upon the source or origin of a security incident. (3) a holistic taxonomy highlights security boundary and identifies apt areas to implement security countermeasures.

[1]  Rouven Krebs,et al.  Architectural Concerns in Multi-tenant SaaS Applications , 2012, CLOSER.

[2]  Mark Ryan,et al.  Cloud computing security: The scientific challenge, and a survey of solutions , 2013, J. Syst. Softw..

[3]  Blake Dournaee,et al.  XML Security , 2002 .

[4]  Jan Muntermann,et al.  A method for taxonomy development and its application in information systems , 2013, Eur. J. Inf. Syst..

[5]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..

[6]  Guiran Chang,et al.  A dynamic multi-dimensional trust evaluation model to enhance security of cloud computing environments , 2011 .

[7]  Xiaowei Li,et al.  A survey on server-side approaches to securing web applications , 2014, ACM Comput. Surv..

[8]  Farrukh Shahzad,et al.  State-of-the-art Survey on Cloud Computing Security Challenges, Approaches and Solutions , 2014, EUSPN/ICTH.

[9]  Manuel Díaz,et al.  State-of-the-art, challenges, and open issues in the integration of Internet of things and cloud computing , 2016, J. Netw. Comput. Appl..

[10]  Issa M. Khalil,et al.  Cloud Computing Security: A Survey , 2014, Comput..

[11]  M. Melecký,et al.  Financial Consumer Protection and the Global Financial Crisis , 2011 .

[12]  Kakali Chatterjee,et al.  Cloud security issues and challenges: A survey , 2017, J. Netw. Comput. Appl..

[13]  Athanasios V. Vasilakos,et al.  A Survey of Security and Privacy Challenges in Cloud Computing: Solutions and Future Directions , 2015, J. Comput. Sci. Eng..

[14]  Raouf Boutaba,et al.  Generalized Recovery From Node Failure in Virtual Network Embedding , 2017, IEEE Transactions on Network and Service Management.

[15]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[16]  Tarik Taleb,et al.  On Multi-Access Edge Computing: A Survey of the Emerging 5G Network Edge Cloud Architecture and Orchestration , 2017, IEEE Communications Surveys & Tutorials.

[17]  Hyoungshick Kim,et al.  Security challenges with network functions virtualization , 2017, Future Gener. Comput. Syst..

[18]  K. P. Jevitha,et al.  Web Services Attacks and Security- A Systematic Literature Review , 2016 .

[19]  K. Malterud Qualitative research: standards, challenges, and guidelines , 2001, The Lancet.

[20]  Hong Zhao,et al.  Data Security and Privacy Protection Issues in Cloud Computing , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[21]  Seyed A Shahrestani,et al.  Cloud Computing: Security and Reliability Issues , 2013 .

[22]  A. Leite,et al.  Commentary: Cloud computing - A security problem or solution? , 2011, Inf. Secur. Tech. Rep..

[23]  Subhajyoti Bandyopadhyay,et al.  Cloud computing - The business perspective , 2011, Decis. Support Syst..

[24]  Eduardo B. Fernandez,et al.  Three Misuse Patterns for Cloud Computing , 2013 .

[25]  Paul Humphreys,et al.  A taxonomy of manufacturing strategies in manufacturing companies in Ireland , 2013 .

[26]  Zahid Anwar,et al.  Semantic security against web application attacks , 2014, Inf. Sci..

[27]  Michi Henning API: Design Matters , 2007, ACM Queue.

[28]  A B M Shawkat Ali,et al.  Classifying different denial-of-service attacks in cloud computing using rule-based learning , 2012, Secur. Commun. Networks.

[29]  Muhammad Waseem,et al.  A Critical Analysis on the Security Concerns of Internet of Things (IoT) , 2015 .

[30]  Mário M. Freire,et al.  Security issues in cloud environments: a survey , 2014, International Journal of Information Security.

[31]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[32]  Ernesto Damiani,et al.  From Security to Assurance in the Cloud , 2015, ACM Comput. Surv..

[33]  Martin Gilje Jaatun,et al.  Beyond lightning: A survey on security challenges in cloud computing , 2013, Comput. Electr. Eng..

[34]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[35]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[36]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[37]  B. B. Gupta,et al.  Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment , 2017, Neural Computing and Applications.

[38]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[39]  Rong Yu,et al.  Cooperative Resource Management in Cloud-Enabled Vehicular Networks , 2015, IEEE Transactions on Industrial Electronics.

[40]  Dijiang Huang,et al.  Mobile Cloud Computing Taxonomy , 2018 .

[41]  Syed M. Rahman,et al.  An Overview of the Security Concerns in Enterprise Cloud Computing , 2011, ArXiv.

[42]  Marcos A. Simplício,et al.  A Quantitative Analysis of Current Security Concerns and Solutions for Cloud Computing , 2011, CloudCom.

[43]  S Ramgovind,et al.  The management of security in Cloud computing , 2010, 2010 Information Security for South Africa.

[44]  Marco R. Spruit,et al.  Analysing the Security Risks of Cloud Adoption Using the SeCA Model: A Case Study , 2012, J. Univers. Comput. Sci..

[45]  Roberto Di Pietro,et al.  Secure virtualization for cloud computing , 2011, J. Netw. Comput. Appl..

[46]  Antonio Pescapè,et al.  Integration of Cloud computing and Internet of Things: A survey , 2016, Future Gener. Comput. Syst..

[47]  Kim-Kwang Raymond Choo,et al.  A survey of information security incident handling in the cloud , 2015, Comput. Secur..

[48]  John C. Grundy,et al.  An Analysis of the Cloud Computing Security Problem , 2016, APSEC 2010.

[49]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[50]  Arpan Roy,et al.  Secure the Cloud , 2015, ACM Comput. Surv..

[51]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[52]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..