Vulnerabilities and Countermeasures on Cloud: A Survey

Authors

  • Kamal Bunkar Institute of Computer Science, Vikram University Ujjain
  • Chhaya Arya Pt. JNIBM, Vikram University, Ujjain

Keywords:

Attack Classification, Cloud Computing, Threats Classification, Threat Identification, Vulnerabilities

Abstract

A system, programme, or process that has a vulnerability or flaw that could be used by bad actors to undermine the security or integrity of that system is said to be vulnerable. Organisations must establish a complete cybersecurity strategy that includes routine security assessments, vulnerability scanning, patch management, employee training, and incident response planning in order to reduce vulnerabilities. Protecting systems and data from potential exploitation requires staying up to date on the newest security threats and best practises. Misconfigurations, software defects, insecure APIs (Application Programming Interfaces), and insufficient access controls are only a few of the causes of cloud vulnerabilities. This review paper reviewed different related studies published from 2010 to 2017 from the academia and industry. They classified the security issues as per defined taxonomy with real-life examples that provided a rationale for discussion and highlighted the related impact of the security issues. Security and privacy were cited as important obstacles to the cloud`s rapid rise in earlier research. However, the narrative evaluation offered in this study offers an integrationist end-to-end mapping of cloud security requirements, detected threats, known vulnerabilities, and recommended responses, which appears to be a first-time presentation of this information in one location.

 

References

Akhil D More, Shailesh Nelwade, Avinash Chhabra, Nachiket Bhosale and Abha Pathak, Jan. 2016, „A Review on Privacy Preserving Public Auditing for Data Storage Security?, International Journal of Innovative Research in Computer and Communication Engineering, Vol. 4, No. 1, pp. 50 - 56.

Aized Amin Soofi, Irfan Khan, M and Fazal – e – Amin , May 2014, „A Review on Data Security in Cloud Computing?, International Journal of Computer Applications, Vol. 94, No. 5, pp. 26 – 35

H. Takabi, J.B.D. Joshi, G.-J. Ahn, Security and privacy challenges in cloud computing environments, IEEE Secur. Priv. (ISSN: 1540-7993) 8 (6) (2010) 24–31.

Alevitina Dubovitskaya, Visara Urovi, Matteo Vasirani, Karl Aberer and Michael I. Schumacher, 2015, „A Cloud Based eHealth Architecture for Privacy Preserving Data Integration, IFIP, pp. 585 – 598.

B. Grobauer, T. Walloschek, E. Stocker, Understanding cloud computing vulnerabilities, IEEE Secur. Priv. (ISSN: 1540-7993) 9 (2) (2011) 50–57.

S. Subashini, V. Kavitha, A survey on security issues in service delivery models of cloud computing, J. Netw. Comput. Appl. (ISSN: 1084-8045) 34 (1) (2011) 1–11.

Anantha Lakshmi, M and Shaik Mahammad Rasheed, April 2016, “Integrity Constraints for Cloud Auditing Services Using Third Party Services?, International Journal of Advanced Research in Computer and Communication Engineering, Vol. 5, No. 4, pp. 32 – 38

S. Pearson, Privacy, security and trust in cloud computing, in: S. Pearson, G. Yee (Eds.), Privacy and Security for Cloud Computing, Springer, London, UK, ISBN: 978-1-4471-4189-1, 2013, pp. 3–42.

N. Phaphoom, X. Wang, S. Samuel, S. Helmer, P. Abrahamsson, A survey study on major technical barriers affecting the decision to adopt cloud services, J. Syst. Softw. (ISSN: 0164-1212) 103 (2015) 167–181.

K. Hashizume, D.G. Rosado, E. Fernández-Medina, E.B. Fernandez, An analysis of security issues for cloud computing, J. Internet Serv. Appl. (ISSN: 1869-0238) 4 (1) (2013) 1–13.

Ankush R. Nistane, Shubhangi Sapkal and Deshmukh, R.R, Feb. 2016, „Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storage Using Cloud Third Party Auditor?, International Journal of Advanced Engineering, Management and Science, Vol. 2, No. 2, pp. 50 - 56.

C. Modi, D. Patel, B. Borisaniya, A. Patel, M. Rajarajan, A survey on security issues and solutions at different layers of cloud computing, J. Supercomput. (ISSN: 1573-0484) 63 (2) (2013) 561–592.

L. Coppolino, S. DAntonio, G. Mazzeo, L. Romano, Cloud security: Emerging threats and current solutions, Comput. Electr. Eng. (ISSN: 0045-7906) 59 (2017) 126–140.

S. Singh, Y.-S. Jeong, J.H. Park, A survey on cloud computing security: Issues, threats, and solutions, J. Netw. Comput. Appl. 75 (2016) 200–222.

[36] N. Khan, A. Al-Yasiri, Identifying cloud security threats to strengthen cloud computing adoption framework, Procedia Comput. Sci. (ISSN: 1877-0509) 94 (2016) 485–490.

W. Huang, A. Ganjali, B.H. Kim, S. Oh, D. Lie, The state of public infrastructure-as-a-service cloud security, ACM Comput. Surv. (ISSN: 0360-0300) 47 (4) (2015) 1–31.

M. Ali, S.U. Khan, A.V. Vasilakos, Security in cloud computing: Opportunities and challenges, Inform. Sci. (ISSN: 0020-0255) 305 (2015) 357–383.

I.M. Khalil, A. Khreishah, M. Azeem, Cloud computing security: A survey, Computers (ISSN: 2073-431X) 3 (1) (2014) 1–35.

D.A.B. Fernandes, L.F.B. Soares, J.V. Gomes, M.M. Freire, P.R.M. Inácio, Security issues in cloud environments: a survey, Int. J. Inf. Secur. (ISSN: 1615-5270) 13 (2) (2014) 113–170.

Z. Xiao, Y. Xiao, Security and privacy in cloud computing, IEEE Commun. Surv. Tutor. (ISSN: 1553-877X) 15 (2) (2013) 843–859.

D. Zissis, D. Lekkas, Addressing cloud computing security issues, Future Gener. Comput. Syst. (ISSN: 0167-739X) 28 (3) (2012) 583–592.

L.M. Vaquero, L. Rodero-Merino, D. Morán, Locking the sky: a survey on IaaS cloud security, Computing (ISSN: 1436-5057) 91 (1) (2011) 93–118.

M.A. Morsy, J. Grundy, I. Müller, An analysis of the cloud computing security problem, in: Proceedings of APSEC 2010 Cloud Workshop, 2010, pp. 1–6.

Q. Zhang, L. Cheng, R. Boutaba, Cloud computing: state-of-the-art and research challenges, J. Internet Serv. Appl. (ISSN: 1869-0238) 1 (1) (2010) 7–18.

M. Avram, Advantages and challenges of adopting cloud computing from an enterprise perspective, Procedia Technol. (ISSN: 2212-0173) 12 (2014) 529–534.

C.-L. Hsu, J.C.-C. Lin, Factors affecting the adoption of cloud services in enterprises, Inf. Syst. E-bus. Manag. (ISSN: 1617-9846) 14 (4) (2016) 791–822.

F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, D. Leaf, NIST Cloud Computing Reference Architecture (SP 500-292), National Institute of Standards & Technology, Gaithersburg, MD 20899-8930, USA, 2011.

E. Aguiar, Y. Zhang, M. Blanton, An overview of issues and recent developments in cloud computing and storage security, in: K.J. Han, B.-Y. Choi, S. Song (Eds.), High Performance Cloud Auditing and Applications, Springer, New York, NY, USA, ISBN: 978-1-4614-3296-8, 2014, pp. 3–33.

C.A. Ardagna, R. Asal, E. Damiani, Q.H. Vu, From security to assurance in the cloud: A survey, ACM Comput. Surv. (ISSN: 0360-0300) 48 (1) (2015) 1–50.

IJSRNSC Vol-6, Issue-3 June 2018

Downloads

Published

2018-06-30

How to Cite

[1]
K. Bunkar and C. Arya, “Vulnerabilities and Countermeasures on Cloud: A Survey”, Int. J. Sci. Res. Net. Sec. Comm., vol. 6, no. 3, pp. 72–79, Jun. 2018.

Issue

Vol. 6 No. 3 (2018): June

Section

Survey Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.

Similar Articles

<< < 3 4 5 6 7 8 9 > >> 

You may also start an advanced similarity search for this article.