Systematic Mapping Study On Security Threats in Cloud Computing

Today, Cloud Computing is rising strongly, presenting itself to the market by its main service models, known as IaaS, PaaS and SaaS, that offer advantages in operational investments by means of on-demand costs, where consumers pay by resources used. In face of this growth, security threats also rise, compromising the Confidentiality, Integrity and Availability of the services provided. Our work is a Systematic Mapping where we hope to present metrics about publications available in literature that deal with some of the seven security threats in Cloud Computing, based in the guide entitled "Top Threats to Cloud Computing" from the Cloud Security Alliance (CSA). In our research we identified the more explored threats, distributed the results between fifteen Security Domains and identified the types of solutions proposed for the threats. In face of those results, we highlight the publications that are concerned to fulfill some standard of compliance.

[1]  Lirong Dai,et al.  Using Risk in Access Control for Cloud-Assisted eHealth , 2012, 2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems.

[2]  Barbara Kitchenham,et al.  Procedures for Performing Systematic Reviews , 2004 .

[3]  Tanveer A. Zia,et al.  An empirical study of challenges in managing the security in cloud computing , 2011, AISM 2011.

[4]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[5]  Jennia Hizver,et al.  Automated Discovery of Credit Card Data Flow for PCI DSS Compliance , 2011, 2011 IEEE 30th International Symposium on Reliable Distributed Systems.

[6]  Sanjay Kumar Madria,et al.  Challenges in Secure Sensor-Cloud Computing , 2011, Secure Data Management.

[7]  Политическая система International Traffic in Arms Regulations , 2010 .

[8]  Robert R. Harmon,et al.  Building Trust and Compliance in the Cloud for Services , 2012, 2012 Annual SRII Global Conference.

[9]  M. Sasikumar,et al.  Identity Management in Cloud Computing , 2013 .

[10]  Sadie Creese,et al.  Inadequacies of Current Risk Controls for the Cloud , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[11]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[12]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[13]  Iuon-Chang Lin,et al.  An Improved Digital Signature Scheme with Fault Tolerance in RSA , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[14]  Myong H. Kang,et al.  Security and Architectural Issues for National Security Cloud Computing , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops.

[15]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[16]  Alan H. Karp,et al.  Managing Data Retention Policies at Scale , 2011, IEEE Transactions on Network and Service Management.

[17]  Andrés Marín López,et al.  A Metric-Based Approach to Assess Risk for “On Cloud” Federated Identity Management , 2012, Journal of Network and Systems Management.

[18]  Yongzhao Zhan,et al.  Investigation of IT Security and Compliance Challenges in Security-as-a-Service for Cloud Computing , 2012, 2012 IEEE 15th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops.

[19]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[20]  Daniel Mellado,et al.  A Comparative Review of Cloud Security Proposals with ISO/IEC 27002 , 2011, WOSIS.

[21]  Pearl Brereton,et al.  Using Mapping Studies in Software Engineering , 2008, PPIG.

[22]  Debashis Basak,et al.  Virtualizing networking and security in the cloud , 2010, OPSR.

[23]  Manuel Vega,et al.  Emerging Threats, Risk and Attacks in Distributed Systems: Cloud Computing , 2013 .

[24]  Kristian Beckers,et al.  Pattern-Based Support for Context Establishment and Asset Identification of the ISO 27000 in the Field of Cloud Computing , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[25]  Anthony Sulistio,et al.  Mapping of Cloud Standards to the Taxonomy of Interoperability in IaaS , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[26]  Vikas Kumar,et al.  Cloud security assessment and identity management , 2011, 14th International Conference on Computer and Information Technology (ICCIT 2011).

[27]  Ching-Hao Mao,et al.  Cloud SSDLC: Cloud Security Governance Deployment Framework in Secure System Development Life Cycle , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[28]  Daniel Díaz Sánchez,et al.  Trust-aware federated IdM in consumer cloud computing , 2012, ICCE.

[29]  Lior Rokach,et al.  A Survey of Data Leakage Detection and Prevention Solutions , 2012, SpringerBriefs in Computer Science.

[30]  N. Sairam,et al.  An Implementation of RSA Algorithm in Google Cloud using Cloud SQL , 2012 .

[31]  Gang Zhao Holistic framework of security management for cloud service providers , 2012, IEEE 10th International Conference on Industrial Informatics.

[32]  Kouichi Sakurai,et al.  Towards Countermeasure of Insider Threat in Network Security , 2011, 2011 Third International Conference on Intelligent Networking and Collaborative Systems.

[33]  S. K. Mouleeswaran,et al.  Harnessing and securing cloud in patient health monitoring , 2012, 2012 International Conference on Computer Communication and Informatics.

[34]  Michael Hall,et al.  Security and Control in the Cloud , 2010, Inf. Secur. J. A Glob. Perspect..

[35]  Sasko Ristov,et al.  A new methodology for security evaluation in cloud computing , 2012, 2012 Proceedings of the 35th International Convention MIPRO.

[36]  A Min Tjoa,et al.  Towards a Side Access Free Data Grid Resource by Means of Infrastructure Clouds , 2009, 2009 International Conference on Parallel Processing Workshops.

[37]  A. B. M. Shawkat Ali,et al.  Trust Issues that Create Threats for Cyber Attacks in Cloud Computing , 2011, 2011 IEEE 17th International Conference on Parallel and Distributed Systems.

[38]  David Shaw,et al.  Security of service requests for cloud based m-commerce , 2012, 2012 Proceedings of the 35th International Convention MIPRO.

[39]  Chiang Lung Liu,et al.  Identification of Critical Security Issues for Cloud Computing , 2011 .

[40]  Xin Wang,et al.  Research on the anti-virus system of military network based on cloud security , 2010, 2010 International Conference on Intelligent Computing and Integrated Systems.

[42]  A. B. M. Shawkat Ali,et al.  Above the Trust and Security in Cloud Computing: A Notion Towards Innovation , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[43]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[44]  Rhonda Farrell,et al.  Securing the Cloud—Governance, Risk, and Compliance Issues Reign Supreme , 2010, Inf. Secur. J. A Glob. Perspect..

[45]  Harald P. E. Vranken,et al.  The Impact of Server Virtualization on ITIL Processes , 2011, CLOSER.

[46]  Yuyu Chou,et al.  Risk Assessment for Cloud-Based IT Systems , 2011, Int. J. Grid High Perform. Comput..

[47]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[48]  Kai Petersen,et al.  Systematic Mapping Studies in Software Engineering , 2008, EASE.

[49]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .