A Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies

Cloud computing has become a widely exploited research area in academia and industry. Cloud computing benefits both cloud services providers (CSPs) and consumers. The security challenges associated with cloud computing have been widely studied in the literature. This systematic literature review (SLR) is aimed to review the existing research studies on cloud computing security, threats, and challenges. This SLR examined the research studies published between 2010 and 2020 within the popular digital libraries. We selected 80 papers after a meticulous screening of published works to answer the proposed research questions. The outcomes of this SLR reported seven major security threats to cloud computing services. The results showed that data tampering and leakage were among the highly discussed topics in the chosen literature. Other identified security risks were associated with the data intrusion and data storage in the cloud computing environment. This SLR’s results also indicated that consumers’ data outsourcing remains a challenge for both CSPs and cloud users. Our survey paper identified the blockchain as a partnering technology to alleviate security concerns. The SLR findings reveal some suggestions to be carried out in future works to bring data confidentiality, data integrity, and availability.

[1]  Michael Naehrig,et al.  Elliptic Curve Cryptography in Practice , 2014, Financial Cryptography.

[2]  Jianqiang Li,et al.  Blockchain-Based Edge Computing Resource Allocation in IoT: A Deep Reinforcement Learning Approach , 2021, IEEE Internet of Things Journal.

[3]  N. Kock,et al.  Organizational, technological and extrinsic factors in the implementation of cloud ERP in SMEs , 2018 .

[4]  Rhonda Farrell,et al.  Securing the Cloud—Governance, Risk, and Compliance Issues Reign Supreme , 2010, Inf. Secur. J. A Glob. Perspect..

[5]  Rusli Abdullah,et al.  Security Framework of Cloud Data Storage Based on Multi Agent System Architecture: Semantic Literature Review , 2010, Comput. Inf. Sci..

[6]  Gary B. Wills,et al.  A framework for cloud computing adoption by Saudi government overseas agencies , 2016, 2016 Fifth International Conference on Future Generation Communication Technologies (FGCT).

[7]  Mohammed Alshehri,et al.  An Effective Mechanism for Selection of a Cloud Service Provider Using Cosine Maximization Method , 2019, Arabian Journal for Science and Engineering.

[8]  Luay A. Wahsheh,et al.  Different facets of security in the cloud , 2012, SpringSim.

[9]  Narander Kumar,et al.  A novel intrusion detection system using hybrid clustering-optimization approach in cloud computing , 2020 .

[10]  Prashant Pandey,et al.  Cloud computing , 2010, ICWET.

[11]  Khalid Alsubhi,et al.  Blockchain-Based Secured Access Control in an IoT System , 2021, Applied Sciences.

[12]  Jeonghun Cha,et al.  Blockchain-empowered cloud architecture based on secret sharing for smart city , 2021, J. Inf. Secur. Appl..

[13]  Xinwen Fu,et al.  A cloud computing based system for cyber security management , 2015, Int. J. Parallel Emergent Distributed Syst..

[14]  Vijay K. Vasudevan,et al.  Enhancing Blockchain security in cloud computing with IoT environment using ECIES and cryptography hash algorithm , 2020 .

[15]  Nabil Ahmed Sultan,et al.  Organisational culture and cloud computing: coping with a disruptive innovation , 2012, Technol. Anal. Strateg. Manag..

[16]  Low Tang Jung,et al.  Hybrid Multi-cloud Data Security (HMCDS) Model and Data Classification , 2013, 2013 International Conference on Advanced Computer Science Applications and Technologies.

[17]  Vikas Rao Vadi Cloud Computing: SaaS, PaaS, IaaS, Virtualization, Business Models, Mobile, Security and More , 2015 .

[18]  Mohammed A. Alqarni,et al.  A placement architecture for a container as a service (CaaS) in a cloud environment , 2019, J. Cloud Comput..

[19]  Haiping Huang,et al.  Blockchain-based eHealth system for auditable EHRs manipulation in cloud environments , 2021, J. Parallel Distributed Comput..

[20]  Vipin Saxena,et al.  A Security Algorithm for Online Analytical Processing Data Cube , 2013 .

[21]  Kim-Kwang Raymond Choo,et al.  Situational Crime Prevention and the Mitigation of Cloud Computing Threats , 2017, ATCS/SePrIoT@SecureComm.

[22]  Sunilkumar S. Manvi,et al.  Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey , 2014, J. Netw. Comput. Appl..

[23]  Boris Tomas,et al.  Peer to peer distributed storage and computing cloud system , 2012, Proceedings of the ITI 2012 34th International Conference on Information Technology Interfaces.

[24]  Wu Jigang,et al.  Blockchain-based public auditing for big data in cloud storage , 2020, Inf. Process. Manag..

[25]  Max Mühlhäuser,et al.  Cloud Computing Landscape and Research Challenges Regarding Trust and Reputation , 2010, 2010 7th International Conference on Ubiquitous Intelligence & Computing and 7th International Conference on Autonomic & Trusted Computing.

[26]  Vijay Varadharajan,et al.  Security as a Service Model for Cloud Environment , 2014, IEEE Transactions on Network and Service Management.

[27]  Ganesan,et al.  Data Security in Cloud Architecture Based on Diffie Hellman and Elliptical Curve Cryptography , 2014, IACR Cryptol. ePrint Arch..

[28]  Alowolodu O.D,et al.  Elliptic Curve Cryptography for Securing Cloud Computing Applications , 2013 .

[29]  Fang-Yie Leu,et al.  International Journal of Computer Mathematics , 2022 .

[30]  HuangChangqin,et al.  Systematic literature review of machine learning based software development effort estimation models , 2012 .

[31]  Dan C. Marinescu,et al.  Cloud Computing: Theory and Practice , 2013 .

[32]  Barry Scott,et al.  How a zero trust approach can help to secure your AWS environment , 2018, Netw. Secur..

[33]  Wang Xiaochang,et al.  Blockchain-Enabled Decentralized Trust Management and Secure Usage Control of IoT Big Data , 2020, IEEE Internet of Things Journal.

[34]  Hanim Eken,et al.  Security threats and solutions in cloud computing , 2013, World Congress on Internet Security (WorldCIS-2013).

[35]  Fagen Li,et al.  A blockchain-based attribute-based signcryption scheme to secure data sharing in the cloud , 2020, J. Syst. Archit..

[36]  Tiago M. Fernández-Caramés,et al.  Enabling the Internet of Mobile Crowdsourcing Health Things: A Mobile Fog Computing, Blockchain and IoT Based Continuous Glucose Monitoring System for Diabetes Mellitus Research and Care , 2019, Sensors.

[37]  Eduardo Lalla-Ruiz,et al.  Modeling and solving cloud service purchasing in multi-cloud environments , 2020, Expert Syst. Appl..

[38]  S. S. Islam,et al.  Next generation of computing through cloud computing technology , 2012, 2012 25th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE).

[39]  Anthony T. Chronopoulos,et al.  Computational intelligence intrusion detection techniques in mobile cloud computing environments: Review, taxonomy, and open research issues , 2020, J. Inf. Secur. Appl..

[40]  Qianqian Su,et al.  Revocable Attribute-Based Signature for Blockchain-Based Healthcare System , 2020, IEEE Access.

[41]  Pubudu N. Pathirana,et al.  Blockchain for Secure EHRs Sharing of Mobile Cloud Based E-Health Systems , 2019, IEEE Access.

[42]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[43]  Aurora González-Vidal,et al.  Distributed real-time SlowDoS attacks detection over encrypted traffic using Artificial Intelligence , 2021, J. Netw. Comput. Appl..

[44]  Cees T. A. M. de Laat,et al.  Multi-tenant attribute-based access control for cloud infrastructure services , 2016, J. Inf. Secur. Appl..

[45]  Douglas R. Stinson,et al.  Social secret sharing in cloud computing using a new trust function , 2012, 2012 Tenth Annual International Conference on Privacy, Security and Trust.

[46]  Eui-nam Huh,et al.  An optimal investment scheme based on ATM considering cloud security environment , 2017, IMCOM.

[47]  Daniel M. Batista,et al.  A Survey of Large Scale Data Management Approaches in Cloud Environments , 2011, IEEE Communications Surveys & Tutorials.

[48]  Harit Shah,et al.  Security Issues on Cloud Computing , 2013, ArXiv.

[49]  Pearl Brereton,et al.  Systematic literature reviews in software engineering - A tertiary study , 2010, Inf. Softw. Technol..

[50]  Gongjun Yan,et al.  Security challenges in vehicular cloud computing , 2013, IEEE Transactions on Intelligent Transportation Systems.

[51]  Syed S. Rizvi,et al.  Security evaluation of cloud service providers using third party auditors , 2017, ICC.

[52]  Shengli Xie,et al.  Computing Resource Trading for Edge-Cloud-Assisted Internet of Things , 2019, IEEE Transactions on Industrial Informatics.

[53]  Jie Xu,et al.  Multi-tenancy in Cloud Computing , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[54]  Yong Wang,et al.  Securing Big Data in the Cloud with Integrated Auditing , 2017, 2017 IEEE International Conference on Smart Cloud (SmartCloud).

[55]  Yogesh Kumar Dwivedi,et al.  Smart Monitoring and Controlling of Government Policies Using Social Media and Cloud Computing , 2019, Information Systems Frontiers.

[56]  Rasha M. Ismail,et al.  Integrity and Confidentiality in Cloud Outsourced Data , 2019, Ain Shams Engineering Journal.

[57]  Yongjun Ren,et al.  Multiple cloud storage mechanism based on blockchain in smart homes , 2021, Future Gener. Comput. Syst..

[58]  Yong Hu,et al.  Systematic literature review of machine learning based software development effort estimation models , 2012, Inf. Softw. Technol..

[59]  Yogesh L. Simmhan,et al.  Characterizing application scheduling on edge, fog, and cloud computing resources , 2019, Softw. Pract. Exp..

[60]  Rory Duncan A multi-cloud world requires a multi-cloud security approach , 2020 .

[61]  Paul T. Jaeger,et al.  Cloud Computing and Information Policy: Computing in a Policy Cloud? , 2008 .

[62]  Sherif Abdelwahed,et al.  A risk mitigation approach for autonomous cloud intrusion response system , 2016, Computing.

[63]  Zhenyu Guan,et al.  A decentralized and secure blockchain platform for open fair data trading , 2020, Concurr. Comput. Pract. Exp..

[64]  Philip Moore,et al.  Cloud manufacturing – a critical review of recent development and future trends , 2017, Int. J. Comput. Integr. Manuf..

[65]  Muthu Ramachandran Software security requirements management as an emerging cloud computing service , 2016, Int. J. Inf. Manag..

[66]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[67]  Wei Huang,et al.  Unity: secure and durable personal cloud storage , 2012, CCSW '12.

[68]  Tharam S. Dillon,et al.  Cloud Computing: Issues and Challenges , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[69]  Ahmed Bentajer,et al.  CS-IBE: A Data Confidentiality System in Public Cloud Storage System , 2018, EUSPN/ICTH.

[70]  Haider Abbas,et al.  Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges , 2016, Journal of Medical Systems.

[71]  Adil Al-Yasiri,et al.  Cloud Security Threats and Techniques to Strengthen Cloud Computing Adoption Framework , 2016, Int. J. Inf. Technol. Web Eng..

[72]  Carsten Maple,et al.  Proactive Forensics in IoT: Privacy-Aware Log-Preservation Architecture in Fog-Enabled-Cloud Using Holochain and Containerization Technologies , 2020, Electronics.

[73]  Mohammed El Ghazi,et al.  Cloud computing: Security challenges , 2012, 2012 Colloquium in Information Science and Technology.

[74]  Akira Yamada,et al.  Intrusion Detection for Encrypted Web Accesses , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[75]  Hongli Zhang,et al.  A Privacy-aware Virtual Machine Migration Framework on Hybrid Clouds , 2014, J. Networks.