Security in cloud computing: Opportunities and challenges

The cloud computing exhibits, remarkable potential to provide cost effective, easy to manage, elastic, and powerful resources on the fly, over the Internet. The cloud computing, upsurges the capabilities of the hardware resources by optimal and shared utilization. The above mentioned features encourage the organizations and individual users to shift their applications and services to the cloud. Even the critical infrastructure, for example, power generation and distribution plants are being migrated to the cloud computing paradigm. However, the services provided by third-party cloud service providers entail additional security threats. The migration of user's assets (data, applications, etc.) outside the administrative control in a shared environment where numerous users are collocated escalates the security concerns. This survey details the security issues that arise due to the very nature of cloud computing. Moreover, the survey presents the recent solutions presented in the literature to counter the security issues. Furthermore, a brief view of security vulnerabilities in the mobile cloud computing are also highlighted. In the end, the discussion on the open issues and future research directions is also presented.

[1]  Albert Y. Zomaya,et al.  Trends and challenges in cloud datacenters , 2014, IEEE Cloud Computing.

[2]  Sugata Sanyal,et al.  Secure Authentication of Cloud Data Mining API , 2013, ArXiv.

[3]  Haibo Chen,et al.  Security-Preserving Live Migration of Virtual Machines in the Cloud , 2012, Journal of Network and Systems Management.

[4]  Bu-Sung Lee,et al.  Optimization of Resource Provisioning Cost in Cloud Computing , 2012, IEEE Transactions on Services Computing.

[5]  Antonio Corradi,et al.  VM consolidation: A real case based on OpenStack Cloud , 2014, Future Gener. Comput. Syst..

[6]  Marcos A. Simplício,et al.  A Quantitative Analysis of Current Security Concerns and Solutions for Cloud Computing , 2011, CloudCom.

[7]  Xiangjian He,et al.  Improving cloud network security using the Tree-Rule firewall , 2014, Future Gener. Comput. Syst..

[8]  Jianxin Li,et al.  CyberGuarder: A virtualization security assurance architecture for green cloud computing , 2012, Future Gener. Comput. Syst..

[9]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[10]  Kevin Curran,et al.  Cloud Computing Security , 2011, Int. J. Ambient Comput. Intell..

[11]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[12]  Yang Tang,et al.  Secure Overlay Cloud Storage with Access Control and Assured Deletion , 2012, IEEE Transactions on Dependable and Secure Computing.

[13]  Yongji Wang,et al.  CIVSched: A Communication-Aware Inter-VM Scheduling Technique for Decreased Network Latency between Co-Located VMs , 2014, IEEE Transactions on Cloud Computing.

[14]  Sumit Soni,et al.  A survey of mobile cloud computing architecture, applications, approaches & Current Solution Providers , 2015 .

[15]  R. D. Dhungana,et al.  Identity management framework for cloud networking infrastructure , 2013, 2013 9th International Conference on Innovations in Information Technology (IIT).

[16]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[17]  ZhiHui Lv,et al.  OPS: Offline Patching Scheme for the Images Management in a Secure Cloud Environment , 2013, 2013 IEEE International Conference on Services Computing.

[18]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[19]  Athanasios V. Vasilakos,et al.  Toward Incentivizing Anti-Spoofing Deployment , 2014, IEEE Transactions on Information Forensics and Security.

[20]  Nāgārjuna,et al.  A Secure Erasure Code-Based Cloud Storage System with Secure Data Forwarding , 2014 .

[21]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[22]  Matt Bishop,et al.  Storm Clouds Rising: Security Challenges for IaaS Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[23]  Yulong Zhang,et al.  Improving Virtualization Security by Splitting Hypervisor into Smaller Components , 2012, DBSec.

[24]  Bo Li,et al.  Gearing resource-poor mobile devices with powerful clouds: architectures, challenges, and applications , 2013, IEEE Wireless Communications.

[25]  Mark Ryan,et al.  Cloud computing security: The scientific challenge, and a survey of solutions , 2013, J. Syst. Softw..

[26]  Dave Cliff,et al.  A financial brokerage model for cloud computing , 2011, Journal of Cloud Computing: Advances, Systems and Applications.

[27]  Muttukrishnan Rajarajan,et al.  A survey on security issues and solutions at different layers of Cloud computing , 2012, The Journal of Supercomputing.

[28]  R. K. Bunkar,et al.  Data Security and Privacy Protection Issues in Cloud Computing , 2014 .

[29]  Meng Hua Song Analysis of Risks for Virtualization Technology , 2014 .

[30]  Mário M. Freire,et al.  Security issues in cloud environments: a survey , 2014, International Journal of Information Security.

[31]  Eugene J. Schweitzer,et al.  Reconciliation of the cloud computing model with US federal electronic health record regulations , 2012, J. Am. Medical Informatics Assoc..

[32]  Dorgival Guedes,et al.  DCPortalsNg: Efficient Isolation of Tenant Networks in Virtualized Datacenters , 2014 .

[33]  Jianhua Che,et al.  Study on the Security Models and Strategies of Cloud Computing , 2011 .

[34]  Shahaboddin Shamshirband,et al.  BSS: block-based sharing scheme for secure data storage services in mobile cloud environment , 2014, The Journal of Supercomputing.

[35]  Jiang Wang,et al.  HyperCheck: A Hardware-AssistedIntegrity Monitor , 2014, IEEE Transactions on Dependable and Secure Computing.

[36]  Zhang Chi Review of Cloud Computing Security , 2013 .

[37]  Sebastian Meier,et al.  A Framework for Security Context Migration in a Firewall Secured Virtual Machine Environment , 2012, EUNICE.

[38]  Rajkumar Buyya,et al.  Heterogeneity in Mobile Cloud Computing: Taxonomy and Open Challenges , 2014, IEEE Communications Surveys & Tutorials.

[39]  O S Ogundele,et al.  Elliptic Curve Cryptography for Securing Cloud Computing Applications , 2013 .

[40]  Rajiv Ranjan,et al.  An overview of the commercial cloud monitoring tools: research dimensions, design issues, and state-of-the-art , 2013, Computing.

[41]  Athanasios V. Vasilakos,et al.  Mobile Cloud Computing: A Survey, State of Art and Future Directions , 2013, Mobile Networks and Applications.

[42]  Massimiliano Rak,et al.  Stealthy Denial of Service Strategy in Cloud Computing , 2015, IEEE Transactions on Cloud Computing.

[43]  Dijiang Huang,et al.  SnortFlow: A OpenFlow-Based Intrusion Prevention System in Cloud Environment , 2013, 2013 Second GENI Research and Educational Experiment Workshop.

[44]  John B. Haviland Hey! , 2015, Top. Cogn. Sci..

[45]  Rose F. Gamble,et al.  SecAgreement: Advancing Security Risk Calculations in Cloud Services , 2012, 2012 IEEE Eighth World Congress on Services.

[46]  Muhammad Awais Shibli,et al.  Securing the virtual machine images in cloud computing , 2013, SIN.

[47]  Eduardo B. Fernández,et al.  An analysis of security issues for cloud computing , 2013, Journal of Internet Services and Applications.

[48]  Madjid Merabti,et al.  Secure Cloud Computing for Critical Infrastructure: A Survey , 2012 .

[49]  Siu-Ming Yiu,et al.  SPICE - Simple Privacy-Preserving Identity-Management for Cloud Environment , 2012, ACNS.

[50]  Vladimir Getov Cloud Adoption Issues: Interoperability and Security , 2012, High Performance Computing Workshop.

[51]  M V Patil,et al.  HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING , 2006 .

[52]  Zhi Wang,et al.  Taming Hosted Hypervisors with (Mostly) Deprivileged Execution , 2013, NDSS.

[53]  Jennifer Rexford,et al.  Eliminating the hypervisor attack surface for a more secure cloud , 2011, CCS '11.

[54]  Hanady M. Abdulsalam,et al.  SECaaS: security as a service for cloud-based applications , 2011 .

[55]  Mats Björkman,et al.  Security and Trust Preserving VM Migrations in Public Clouds , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[56]  Mourad Debbabi,et al.  Preservation of Security Configurations in the Cloud , 2014, 2014 IEEE International Conference on Cloud Engineering.

[57]  Haider Abbas,et al.  Cloud Computing Risk Assessment: A Systematic Literature Review , 2014 .

[58]  Sandeep K. Sood,et al.  A combined approach to ensure data security in cloud computing , 2012, J. Netw. Comput. Appl..

[59]  G. Manoj Someswar,et al.  Time-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment , 2015 .

[60]  Martin Gilje Jaatun,et al.  Beyond lightning: A survey on security challenges in cloud computing , 2013, Comput. Electr. Eng..

[61]  Yubin Xia,et al.  Defending against VM rollback attack , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012).

[62]  Mazliza Othman,et al.  A Survey of Mobile Cloud Computing Application Models , 2014, IEEE Communications Surveys & Tutorials.

[63]  Olaf David,et al.  Performance implications of multi-tier application deployments on Infrastructure-as-a-Service clouds: Towards performance modeling , 2013, Future Gener. Comput. Syst..

[64]  Pan Juncheng,et al.  Potential Attacks against k-Anonymity on LBS and Solutions for Defending the Attacks , 2014 .

[65]  Matthew N. O. Sadiku,et al.  Cloud Computing: Opportunities and Challenges , 2014, IEEE Potentials.

[66]  Alowolodu O.D,et al.  Elliptic Curve Cryptography for Securing Cloud Computing Applications , 2013 .

[67]  Engin Kirda,et al.  A security analysis of Amazon's Elastic Compute Cloud service , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012).

[68]  Ramaswamy Chandramouli,et al.  Cryptographic Key Management Issues & Challenges in Cloud Services , 2013 .

[69]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[70]  Jinjun Chen,et al.  CloudGenius: A Hybrid Decision Support Method for Automating the Migration of Web Application Clusters to Public Clouds , 2015, IEEE Transactions on Computers.

[71]  Ghassan O. Karame,et al.  Enabling secure VM-vTPM migration in private clouds , 2011, ACSAC '11.

[72]  J. Wenny Rahayu,et al.  Mobile cloud computing: A survey , 2013, Future Gener. Comput. Syst..

[73]  Xiaolei Dong,et al.  Security and privacy for storage and computation in cloud computing , 2014, Inf. Sci..

[74]  Rakesh Bobba,et al.  Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption , 2009, ESORICS.

[75]  Mário M. Freire,et al.  Cloud Security: State of the Art , 2014 .

[76]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[77]  Neeraj Suri,et al.  Security as a Service Using an SLA-Based Approach via SPECS , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[78]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[79]  Yutao Liu,et al.  Architecture support for guest-transparent VM protection from untrusted hypervisor and physical attacks , 2013, 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA).

[80]  Athanasios V. Vasilakos,et al.  A Survey on Service-Oriented Network Virtualization Toward Convergence of Networking and Cloud Computing , 2012, IEEE Transactions on Network and Service Management.

[81]  Davide Maria Parrilli,et al.  Legal Issues in Grid and Cloud Computing , 2010, Grid and Cloud Computing.

[82]  Niraj K. Jha,et al.  A Trusted Virtual Machine in an Untrusted Management Environment , 2012, IEEE Transactions on Services Computing.

[83]  Vijay Varadharajan,et al.  Counteracting security attacks in virtual machines in the cloud using property based attestation , 2014, J. Netw. Comput. Appl..

[84]  Rose F. Gamble,et al.  Risk propagation of security SLAs in the cloud , 2012, 2012 IEEE Globecom Workshops.

[85]  Bernd Freisleben,et al.  Increasing virtual machine security in cloud environments , 2012, Journal of Cloud Computing: Advances, Systems and Applications.

[86]  Tsern-Huei Lee,et al.  Design and implementation of cloud API access control based on OAuth , 2013, IEEE 2013 Tencon - Spring.

[87]  Sushil Kumar Sah,et al.  A security management for Cloud based applications and services with Diameter-AAA , 2014, 2014 International Conference on Issues and Challenges in Intelligent Computing Techniques (ICICT).

[88]  G Shiva Krishna,et al.  Control Cloud Data Access Privilege and Anonymity with Fully Anonymous Attribute-Based Encryption , 2017 .

[89]  Zhi Wang,et al.  Isolating commodity hosted hypervisors with HyperLock , 2012, EuroSys '12.

[90]  B. C. Brookes,et al.  Information Sciences , 2020, Cognitive Skills You Need for the 21st Century.

[91]  Subhajyoti Bandyopadhyay,et al.  Cloud Computing - The Business Perspective , 2011, 2011 44th Hawaii International Conference on System Sciences.

[92]  Athanasios V. Vasilakos,et al.  MAPCloud: Mobile Applications on an Elastic and Scalable 2-Tier Cloud Architecture , 2012, 2012 IEEE Fifth International Conference on Utility and Cloud Computing.

[93]  Athanasios V. Vasilakos,et al.  SeDaSC: Secure Data Sharing in Clouds , 2017, IEEE Systems Journal.

[94]  Shrisha Rao,et al.  A Mechanism Design Approach to Resource Procurement in Cloud Computing , 2014, IEEE Transactions on Computers.

[95]  Cong Wang,et al.  Toward Secure and Dependable Storage Services in Cloud Computing , 2012, IEEE Transactions on Services Computing.

[96]  Asit Dan,et al.  Web services agreement specification (ws-agreement) , 2004 .

[97]  Wayne A. Jansen,et al.  Cloud Hooks: Security and Privacy Issues in Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[98]  Yangchun Fu,et al.  EXTERIOR: using a dual-VM based external shell for guest-OS introspection, configuration, and recovery , 2013, VEE '13.

[99]  Sherali Zeadally,et al.  Using Cloud Computing to Implement a Security Overlay Network , 2013, IEEE Security & Privacy.

[100]  Abhinav Srivastava,et al.  Trusted VM Snapshots in Untrusted Cloud Infrastructures , 2012, RAID.

[101]  Ruoming Jin,et al.  Efficient location aware intrusion detection to protect mobile devices , 2012, Personal and Ubiquitous Computing.

[102]  Genshe Chen,et al.  Information fusion in a cloud computing era: A systems-level perspective , 2014, IEEE Aerospace and Electronic Systems Magazine.

[103]  P. Santhi Thilagam,et al.  Heuristics based server consolidation with residual resource defragmentation in cloud data centers , 2015, Future Gener. Comput. Syst..

[104]  Chonho Lee,et al.  A survey of mobile cloud computing: architecture, applications, and approaches , 2013, Wirel. Commun. Mob. Comput..

[105]  Rose F. Gamble,et al.  Building a Compliance Vocabulary to Embed Security Controls in Cloud SLAs , 2013, 2013 IEEE Ninth World Congress on Services.

[106]  Peng Ning,et al.  Managing security of virtual machine images in a cloud environment , 2009, CCSW '09.

[107]  Kartik Gopalan,et al.  An Application-Level Approach for Privacy-Preserving Virtual Machine Checkpointing , 2013, 2013 IEEE Sixth International Conference on Cloud Computing.

[108]  Samee Ullah Khan,et al.  Future Generation Computer Systems ( ) – Future Generation Computer Systems a Cloud Based Health Insurance Plan Recommendation System: a User Centered Approach , 2022 .

[109]  Angelos Stavrou,et al.  HyperCheck: A Hardware-AssistedIntegrity Monitor , 2014, IEEE Trans. Dependable Secur. Comput..

[110]  Xiaohong Yuan,et al.  Cloud computing and security challenges , 2012, ACM-SE '12.

[111]  Ramaswamy Chandramouli,et al.  Cryptographic Key Management Issues and Challenges in Cloud Services , 2014, Secure Cloud Computing.

[112]  Akshat Verma,et al.  ImageElves: Rapid and Reliable System Updates in the Cloud , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[113]  Roberto Di Pietro,et al.  Secure virtualization for cloud computing , 2011, J. Netw. Comput. Appl..

[114]  Kartik Gopalan,et al.  SPARC: a security and privacy aware virtual machinecheckpointing mechanism , 2011, WPES.

[115]  Zahir Tari,et al.  Security and Privacy in Cloud Computing , 2014, IEEE Cloud Computing.

[116]  Roberto Di Pietro,et al.  CloRExPa: Cloud resilience via execution path analysis , 2014, Future Gener. Comput. Syst..

[117]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[118]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[119]  Samee Ullah Khan,et al.  Future Generation Computer Systems ( ) – Future Generation Computer Systems towards Secure Mobile Cloud Computing: a Survey , 2022 .

[120]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[121]  Mukaddim Pathan,et al.  Security, Privacy and Trust in Cloud Systems , 2013 .

[122]  Shahaboddin Shamshirband,et al.  Incremental proxy re-encryption scheme for mobile cloud computing environment , 2013, The Journal of Supercomputing.

[123]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[124]  Eui-nam Huh,et al.  A broker-based cooperative security-SLA evaluation methodology for personal cloud computing , 2015, Secur. Commun. Networks.

[125]  Miss Laiha Mat Kiah,et al.  Enhanced dynamic credential generation scheme for protection of user identity in mobile-cloud computing , 2013, The Journal of Supercomputing.

[126]  K. S. Naidu,et al.  Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds , 2017 .

[127]  Yi Ding,et al.  Network security for virtual machine in cloud computing , 2010, 5th International Conference on Computer Sciences and Convergence Information Technology.

[128]  Liang Chen,et al.  An improved vTPM migration protocol based trusted channel , 2012, 2012 International Conference on Systems and Informatics (ICSAI2012).

[129]  Shin-Jer Yang,et al.  Design Role-Based Multi-tenancy Access Control Scheme for Cloud Services , 2013, 2013 International Symposium on Biometrics and Security Technologies.

[130]  Mohamed Almorsy,et al.  CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model , 2011, 2011 5th International Conference on Network and System Security.

[131]  Ejaz Ahmed,et al.  A review on remote data auditing in single cloud server: Taxonomy and open issues , 2014, J. Netw. Comput. Appl..

[132]  Jyoti Shetty,et al.  A framework for secure live migration of virtual machines , 2013, 2013 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[133]  K. Sankar,et al.  On-Demand Security Architecture for Cloud Computing , 2014 .

[134]  Wei Du,et al.  Security-aware intermediate data placement strategy in scientific cloud workflows , 2014, Knowledge and Information Systems.