Identifying the Top Threats in Cloud Computing and Its Suggested Solutions: A Survey
The interest in cloud computing has increased rapidly in the last two decades. This increased interest is attributed to the important role played by cloud computing in the various aspects of our life. Cloud computing is recently emerged as a new paradigm for hosting and delivering services over the Internet. It is attractive to business owners as well as to researchers as it eliminates the requirement for users to plan ahead for provisioning, and allows enterprises to start from the small and increase resources only when there is a rise in service demand. As cloud computing is done through the Internet, it faces several kinds of threats due to its nature, where it depends on the network and its users who are distributed around the world. These threats differ in type, its side effect, its reasons, and its main purposes. This survey presents the most critical threats to cloud computing with its impacts, its reasons, and some suggested solutions. In addition, this survey determines what the main aspects of the cloud and the security attributes that are affected by each one of these threats. As a result of this survey, we order the most critical threats according to the level of its impact.
Najib A. Kofahi,
Areej Rasmi Al-Rabadi,
Identifying the Top Threats in Cloud Computing and Its Suggested Solutions: A Survey, Advances in Networks.
Vol. 6, No. 1,
2018, pp. 1-13.
C. T. S. Xue and F. T. W. Xin, “Benefits and Challenges of the Adoption of Cloud Computing in Business,” Int. J. Cloud Comput. Serv. Archit., vol. 6, no. 6, pp. 01–15, 2016.
S. Kaisler, W. H. Money, and S. J. Cohen, “A Decision Framework for Cloud Computing,” 2012 45th Hawaii Int. Conf. Syst. Sci., pp. 1553–1562, 2012.
I. Ahmad, H. Bakht, and U. Mohan, “Cloud Computing – Threats and Challenges,” J. Comput. Manag. Stud., vol. 1, no. 1, 2017.
Cloud Security Alliance, “The Treacherous 12 Cloud Computing Top Threats in 2016,” Security, no. February, pp. 1–34, 2016.
S. Aldossary and W. Allen, “Data Security, Privacy, Availability and Integrity in Cloud Computing: Issues and Current Solutions,” Int. J. Adv. Comput. Sci. Appl., vol. 7, no. 4, pp. 485–498, 2016.
M. Kazim and S. Zhu, “A Survey on Security Threats in Cloud Computing Technology,” Int. J. Res., vol. 1, no. 8, pp. 1071–1081, 2015.
T. Islam, D. Manivannan, and S. Zeadally, “A Classification and Characterization of Security Threats in Cloud Computing A Classification and Characterization of Security Threats in Cloud Computing,” no. March, 2016.
G. Aswini and R. Mervin, “A Survey on Cloud Security Issues and Techniques,” Int. J. Comput. Sci. Appl., vol. 4, no. 1, pp. 125–132, 2016.
Y. Sun, J. Zhang, Y. Xiong, and G. Zhu, “Data Security and Privacy in Cloud Computing,” Int. J. Distrib. Sens. Networks, vol. 2014, 2014.
K. M. Khan, “Security dynamics of cloud computing,” Cut. IT J., vol. 22, no. 6–7, pp. 38–43, 2009.
M. Al Morsy, J. Grundy, and I. Müller, “An analysis of the cloud computing security problem,” 17th Asia-Pacific Softw. Eng. Conf. (APSEC 2010) Cloud Work. Aust., no. December, p. 7, 2010.
I. Iyoob, E. Zarifoglu, and A. B. Dieker, “Cloud Computing Operations Research,” Serv. Sci., vol. 5, no. 2, pp. 88–101, 2013.
a Omotunde, O. Awodele, O. Kuyoro, and C. Ajaegbu, “Survey of Cloud Computing Issues at Implementation Level,” CIS J., vol. 4, no. 1, pp. 91–96, 2013.
S. Pandey and M. Farik, “Cloud Computing Security : Latest Issues & Countermeasures,” Int. J. Sci., vol. 4, no. 11, pp. 3–6, 2015.
I. Khalil, A. Khreishah, and M. Azeem, “Cloud Computing Security: A Survey,” Computers, vol. 3, no. 1, pp. 1–35, 2014.
Cloud Security Alliance, “Top Threats to Cloud Computing,” Security, no. March, pp. 1–14, 2010.
P. Sareen and T. Singh, “Data Security in Cloud Computing,” Int. J. Comput. Sci. Eng., vol. 2, no. 1, pp. 1–169, 2015.
P. Kumar and L. Kumar, “Threats to Cloud Computing Security,” Int. Technol. Conf., vol. 2014, no. 3, pp. 79–84, 2014.
Y. McDermott, “Conceptualising the right to data protection in an era of Big Data,” Big Data Soc., vol. 4, no. 1, p. 205395171668699, 2017.
M. Xiao, M. Wang, X. Liu, and J. Sun, “Efficient distributed access control for big data in clouds,” Proc. - IEEE INFOCOM, vol. 2010–Augus, no. BigSecurity, pp. 202–207, 2015.
S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” in 2010 Proceedings IEEE INFOCOM, 2010, pp. 1–9.
M. Shahpasand, M.. Rana, R. Mahmod, and N.. Udzir, “Proceedings of the International Conference on Digital Security and Forensics (DigitalSec2014),” in An Evidence Collection and Analysis of Ubuntu File System, 2016, no. JUNE 2014, pp. 105–112.
A. Mahajan and S. Sharma, “The Malicious Insiders Threat in the Cloud,” Int. J. Eng. Res. Gen. Sci., vol. 3, no. 2, pp. 245–256, 2015.
M. Lindner, C. Chapman, S. Clayman, D. Henriksson, and E. Elmorth, “The Cloud Supply Chain : A Framework for Information, Monitoring, Accounting and Billing,” 2nd Int. ICST Conf. Cloud Comput., 2010.
A. Bonguet and M. Bellaiche, “A survey of Denial-of-Service and distributed Denial of Service attacks and defenses in cloud computing,” Futur. Internet, vol. 9, no. 3, 2017.
A. Bakshi and Y. B. Dujodwala, “Securing Cloud from DDOS Attacks Using Intrusion Detection System in Virtual Machine,” in 2010 Second International Conference on Communication Software and Networks, 2010, pp. 260–264.
S. Yu, Y. Tian, S. Guo, and D. O. Wu, “Can We Beat DDoS Attacks in Clouds?,” IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 9, pp. 2245–2254, Sep. 2014.
W. Liu, A. S. Uluagac, and R. Beyah, “MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data,” Proc. - IEEE INFOCOM, pp. 518–523, 2014.
M.. Potey, D. Dhote, and D.. Sharma, “Cloud Computing – Understanding Risk, Threats, Vulnerability and Controls : A Survey What Comprises Cloud Computing ?,” Int. J. Comput. Appl., vol. 67, no. 3, pp. 9–14, 2013.
C. Racuciu, “Security Threats And Risks In Cloud Computing,” Nav. Acad. Sci. Bull., vol. XVIII, no. 1, pp. 105–108, 2015.
Y. Tayyeb and D. S. Bhilare, “Cloud security through Intrusion Detection System (IDS): Review of Existing Solutions,” Int. J. Emerg. Trends Technol. Comput. Sci., vol. 4, no. 6, pp. 213–215, 2015.
Y. A. Hamza and M. D. Omar, “Cloud Computing Security: Abuse and Nefarious Use of Cloud Computing,” Int. J. Comput. Eng. Res., vol. 3, no. 6, pp. 22–27, 2017.
F. Doelitzscher, M. Knahl, C. Reich, and N. Clarke, “Anomaly Detection in IaaS Clouds,” in 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, 2013, pp. 387–394.
J. Szefer and R. B. Lee, “BitDeposit: Deterring attacks and abuses of cloud computing services through economic measures,” Proc. - 13th IEEE/ACM Int. Symp. Clust. Cloud, Grid Comput. CCGrid 2013, no. May, pp. 630–635, 2013.
Cloud Security Alliance, “The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf.” 2013.
M. Ficco and M. Rak, “Stealthy denial of service strategy in cloud computing,” IEEE Trans. Cloud Comput., vol. 3, no. 1, pp. 80–94, 2015.
C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, “A survey of intrusion detection techniques in Cloud,” J. Netw. Comput. Appl., vol. 36, no. 1, pp. 42–57, Jan. 2013.
M. Liu, W. Dou, S. Yu, and Z. Zhang, “A clusterized firewall framework for cloud computing,” in 2014 IEEE International Conference on Communications (ICC), 2014, pp. 3788–3793.
S. Zhao, K. Chen, and W. Zheng, “Defend Against Denial of Service Attack with VMM,” in 2009 Eighth International Conference on Grid and Cooperative Computing, 2009, pp. 91–96.
B. Wang, Y. Zheng, W. Lou, and Y. T. Hou, “DDoS attack protection in the era of cloud computing and Software-Defined Networking,” Comput. Networks, vol. 81, pp. 308–319, Apr. 2015.
D. Kreutz, F. M. V. Ramos, P. Verissimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, “Software-Defined Networking: A Comprehensive Survey,” Proc. IEEE, vol. 103, pp. 1–61, 2014.
A. Rot and B. Olszewski, “Advanced Persistent Threats Attacks in Cyberspace. Threats, Vulnerabilities, Methods of Protection,” in In 2017 Federated Conference on Computer Science and Information Systems, 2017, vol. 13, pp. 113–117.
G. Yang, Z. Tian, and W. Duan, “The prevent of advanced persistent threat,” J. Chem. Pharm. Res., vol. 6, no. 7, pp. 572–576, 2014.