Vulnerabilities and Countermeasures on Cloud: A Survey

Kamal Bunkar¹ , Chhaya Arya²

Section:Survey Paper, Product Type: Journal
Vol.6 , Issue.3 , pp.72-79, Jun-2018

Online published on Jun 30, 2018

Copyright © Kamal Bunkar, Chhaya Arya . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

Abstract :
A system, programme, or process that has a vulnerability or flaw that could be used by bad actors to undermine the security or integrity of that system is said to be vulnerable. Organisations must establish a complete cybersecurity strategy that includes routine security assessments, vulnerability scanning, patch management, employee training, and incident response planning in order to reduce vulnerabilities. Protecting systems and data from potential exploitation requires staying up to date on the newest security threats and best practises. Misconfigurations, software defects, insecure APIs (Application Programming Interfaces), and insufficient access controls are only a few of the causes of cloud vulnerabilities. This review paper reviewed different related studies published from 2010 to 2017 from the academia and industry. They classified the security issues as per defined taxonomy with real-life examples that provided a rationale for discussion and highlighted the related impact of the security issues. Security and privacy were cited as important obstacles to the cloud`s rapid rise in earlier research. However, the narrative evaluation offered in this study offers an integrationist end-to-end mapping of cloud security requirements, detected threats, known vulnerabilities, and recommended responses, which appears to be a first-time presentation of this information in one location.

Key-Words / Index Term :
Attack Classification; Cloud Computing; Threats Classification; Threat Identification; Vulnerabilities

References :
[1] Akhil D More, Shailesh Nelwade, Avinash Chhabra, Nachiket Bhosale and Abha Pathak, Jan. 2016, „A Review on Privacy Preserving Public Auditing for Data Storage Security?, International Journal of Innovative Research in Computer and Communication Engineering, Vol. 4, No. 1, pp. 50 - 56.
[2] Aized Amin Soofi, Irfan Khan, M and Fazal – e – Amin , May 2014, „A Review on Data Security in Cloud Computing?, International Journal of Computer Applications, Vol. 94, No. 5, pp. 26 – 35
[3] H. Takabi, J.B.D. Joshi, G.-J. Ahn, Security and privacy challenges in cloud computing environments, IEEE Secur. Priv. (ISSN: 1540-7993) 8 (6) (2010) 24–31.
[4] Alevitina Dubovitskaya, Visara Urovi, Matteo Vasirani, Karl Aberer and Michael I. Schumacher, 2015, „A Cloud Based eHealth Architecture for Privacy Preserving Data Integration, IFIP, pp. 585 – 598.
[5] B. Grobauer, T. Walloschek, E. Stocker, Understanding cloud computing vulnerabilities, IEEE Secur. Priv. (ISSN: 1540-7993) 9 (2) (2011) 50–57.
[6] S. Subashini, V. Kavitha, A survey on security issues in service delivery models of cloud computing, J. Netw. Comput. Appl. (ISSN: 1084-8045) 34 (1) (2011) 1–11.
[7] Anantha Lakshmi, M and Shaik Mahammad Rasheed, April 2016, “Integrity Constraints for Cloud Auditing Services Using Third Party Services?, International Journal of Advanced Research in Computer and Communication Engineering, Vol. 5, No. 4, pp. 32 – 38
[8] S. Pearson, Privacy, security and trust in cloud computing, in: S. Pearson, G. Yee (Eds.), Privacy and Security for Cloud Computing, Springer, London, UK, ISBN: 978-1-4471-4189-1, 2013, pp. 3–42.
[9] N. Phaphoom, X. Wang, S. Samuel, S. Helmer, P. Abrahamsson, A survey study on major technical barriers affecting the decision to adopt cloud services, J. Syst. Softw. (ISSN: 0164-1212) 103 (2015) 167–181.
[10] K. Hashizume, D.G. Rosado, E. Fernández-Medina, E.B. Fernandez, An analysis of security issues for cloud computing, J. Internet Serv. Appl. (ISSN: 1869-0238) 4 (1) (2013) 1–13.
[11] Ankush R. Nistane, Shubhangi Sapkal and Deshmukh, R.R, Feb. 2016, „Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storage Using Cloud Third Party Auditor?, International Journal of Advanced Engineering, Management and Science, Vol. 2, No. 2, pp. 50 - 56.
[12] C. Modi, D. Patel, B. Borisaniya, A. Patel, M. Rajarajan, A survey on security issues and solutions at different layers of cloud computing, J. Supercomput. (ISSN: 1573-0484) 63 (2) (2013) 561–592.
[13] L. Coppolino, S. DAntonio, G. Mazzeo, L. Romano, Cloud security: Emerging threats and current solutions, Comput. Electr. Eng. (ISSN: 0045-7906) 59 (2017) 126–140.
[14] S. Singh, Y.-S. Jeong, J.H. Park, A survey on cloud computing security: Issues, threats, and solutions, J. Netw. Comput. Appl. 75 (2016) 200–222.
[15] [36] N. Khan, A. Al-Yasiri, Identifying cloud security threats to strengthen cloud computing adoption framework, Procedia Comput. Sci. (ISSN: 1877-0509) 94 (2016) 485–490.
[16] W. Huang, A. Ganjali, B.H. Kim, S. Oh, D. Lie, The state of public infrastructure-as-a-service cloud security, ACM Comput. Surv. (ISSN: 0360-0300) 47 (4) (2015) 1–31.
[17] M. Ali, S.U. Khan, A.V. Vasilakos, Security in cloud computing: Opportunities and challenges, Inform. Sci. (ISSN: 0020-0255) 305 (2015) 357–383.
[18] I.M. Khalil, A. Khreishah, M. Azeem, Cloud computing security: A survey, Computers (ISSN: 2073-431X) 3 (1) (2014) 1–35.
[19] D.A.B. Fernandes, L.F.B. Soares, J.V. Gomes, M.M. Freire, P.R.M. Inácio, Security issues in cloud environments: a survey, Int. J. Inf. Secur. (ISSN: 1615-5270) 13 (2) (2014) 113–170.
[20] Z. Xiao, Y. Xiao, Security and privacy in cloud computing, IEEE Commun. Surv. Tutor. (ISSN: 1553-877X) 15 (2) (2013) 843–859.
[21] D. Zissis, D. Lekkas, Addressing cloud computing security issues, Future Gener. Comput. Syst. (ISSN: 0167-739X) 28 (3) (2012) 583–592.
[22] L.M. Vaquero, L. Rodero-Merino, D. Morán, Locking the sky: a survey on IaaS cloud security, Computing (ISSN: 1436-5057) 91 (1) (2011) 93–118.
[23] M.A. Morsy, J. Grundy, I. Müller, An analysis of the cloud computing security problem, in: Proceedings of APSEC 2010 Cloud Workshop, 2010, pp. 1–6.
[24] Q. Zhang, L. Cheng, R. Boutaba, Cloud computing: state-of-the-art and research challenges, J. Internet Serv. Appl. (ISSN: 1869-0238) 1 (1) (2010) 7–18.
[25] M. Avram, Advantages and challenges of adopting cloud computing from an enterprise perspective, Procedia Technol. (ISSN: 2212-0173) 12 (2014) 529–534.
[26] C.-L. Hsu, J.C.-C. Lin, Factors affecting the adoption of cloud services in enterprises, Inf. Syst. E-bus. Manag. (ISSN: 1617-9846) 14 (4) (2016) 791–822.
[27] F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, D. Leaf, NIST Cloud Computing Reference Architecture (SP 500-292), National Institute of Standards & Technology, Gaithersburg, MD 20899-8930, USA, 2011.
[28] E. Aguiar, Y. Zhang, M. Blanton, An overview of issues and recent developments in cloud computing and storage security, in: K.J. Han, B.-Y. Choi, S. Song (Eds.), High Performance Cloud Auditing and Applications, Springer, New York, NY, USA, ISBN: 978-1-4614-3296-8, 2014, pp. 3–33.
[29] C.A. Ardagna, R. Asal, E. Damiani, Q.H. Vu, From security to assurance in the cloud: A survey, ACM Comput. Surv. (ISSN: 0360-0300) 48 (1) (2015) 1–50.