More Web Proxy on the site http://driver.im/

article

Cloud computing security: challenges and future trends

International Journal of Computer Applications in Technology, Volume 55, Issue 2

Pages 158 - 172

https://doi.org/10.1504/IJCAT.2017.082865

Published: 01 January 2017 Publication History

Abstract

Cloud computing is one of the most trendy terminologies. Cloud providers aim to satisfy clients' requirements for computing resources such as services, applications, networks, storage and servers. They offer the possibility of leasing these resources rather than buying them. Many popular companies, such as Amazon, Google and Microsoft, began to enhance their services and apply the technology of cloud computing to provide cloud environment for their customers. Although there are lots of advantages in using a cloud-based system, some issues must be handled before organisations and individuals have the trust to deploy their systems in cloud computing. Security, privacy, power efficiency, compliance and integrity are among those important issues. In this paper, we focus on cloud computing along with its deployment and delivery models. A comparison between cloud computing with other computing models is presented, this is in addition to a survey on different major security issues, challenges and risks which currently pose threats to the cloud industry. Moreover, we discuss cloud security requirements and their importance for deployment and delivery models. Finally, we present cloud computing security future trends and research openings.

References

[1]

AGIMO (2013) Australian government cloud computing policy maximising the value of cloud. Available online at: http://workspace.unpan.org/sites/internet/Documents/Z6AU13%20Australian%20Government%20Cloud%20Computing%20Policy%20Maximising%20the%20Value%20of%20Cloud.pdf

[2]

Ahmed, K.E.U. and Alexandrov, V. (2011) Identity and Access Management in Cloud Computing, Springer.

[3]

Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W. and Ghafoor, A. (2012) 'A distributed access control architecture for cloud computing', Software, IEEE, Vol. 29, No. 2, pp.36-44.

Digital Library

[4]

AlZain, M., Pardede, E., Soh, B. and Thom, J. (2012) 'Cloud computing security: from single to multi-clouds', System Science (HICSS), 2012 45th Hawaii International Conference on, IEEE, pp.5490-5499.

Digital Library

[5]

Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I. and Zaharia, M. (2009) Above the Clouds: A Berkeley View of Cloud Computing, Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Tech. Rep. UCB/EECS, Vol. 28.

[6]

Boneh, D., Di Crescenzo, G., Ostrovsky, R. and Persiano, G. (2004) 'Public key encryption with keyword search', Advances in Cryptology-Eurocrypt 2004, Springer, pp.506-522.

[7]

Boroujerdi, M.M. and Nazem, S. (2009) 'Cloud computing: changing cogitation about computing', World Academy of Science, Engineering and Technology, Vol. 58, pp.1112-1116.

[8]

Brodkin, J. (2008) 'Gartner: seven cloud-computing security risks', Infoworld, pp.1-3.

[9]

Brunette, G. and Mogull, R. (2009) Security guidance for critical areas of focus in cloud computing v2.1, Cloud Security Alliance, pp.1-76.

[10]

Buyya, R., Yeo, C.S. and Venugopal, S. (2008) 'Market-oriented cloud computing: vision, hype, and reality for delivering it services as computing utilities', High Performance Computing and Communications, 2008, HPCC'08, 10th IEEE International Conference on, pp.5-13.

Digital Library

[11]

Cao, N., Wang, C., Li, M., Ren, K. and Lou, W. (2014) 'Privacy-preserving multi-keyword ranked search over encrypted cloud data', Parallel and Distributed Systems, IEEE Transactions on, Vol. 25, No. 1, pp.222-233.

Digital Library

[12]

Carlin, S. and Curran, K. (2011) 'Cloud computing security', International Journal of Ambient Computing and Intelligence, Vol. 3, No. 1, pp.14-19.

Digital Library

[13]

Carpenter, M., Liston, T. and Skoudis, E. (2007) 'Hiding virtualization from attackers and malware', Security & Privacy, IEEE, Vol. 5, No. 3, pp.62-65.

Digital Library

[14]

Cisco (2013) Byod case study: Brunel university. Available online at: http://www.cisco.com/c/en/us/products/wireless/brunel.html

[15]

Cloud Security (2014) Mobile security (byod). Available online at: http://www.cloudsecuritycorporation.com/productssolutions/mobile-security-byod/

[16]

Cloud Security Alliance (2012) Security guidance for critical areas of mobile computing. Available online at: https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Guidance_v1.pdf

[17]

Cloud Security Alliance (2013) Top Threats to Cloud Computing, Cloud Security Alliance.

[18]

Copeland, R. and Crespi, N. (2012) 'Analyzing consumerization-should enterprise business context determine session policy?' Intelligence in Next Generation Networks (ICIN), 2012 16th International Conference on, IEEE, pp.187-193.

[19]

Costa, P., Migliavacca, M., Pietzuch, P. and Wolf, A.L. (2012) 'Naas: Network as-a-service in the cloud', Proceedings of the 2nd USENIX conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services, USENIX Association, p.1.

[20]

Crampton, J., Martin, K. and Wild, P. (2006) 'On key assignment for hierarchical access control', Computer Security Foundations Workshop, 2006, IEEE, p.14.

Digital Library

[21]

Deepika, K., Prasad, N.N., Balamurugan, S. and Charanyaa, S. (2015) 'Evolution of cloud computing: a state-of-the-art survey', International Journal of Innovative Research in Computer and Communication Engineering, Vol. 3, No. 1.

[22]

Devi, T. and Ganesan, R. (2015) 'Platform-as-a-service (paas): model and security issues', TELKOMNIKA Indonesian Journal of Electrical Engineering, Vol. 15, No. 1.

[23]

Emery, S. (2012) Factors for consideration when developing a bring your own device (byod) strategy in higher education, PhD Dissertation, California College of the Arts.

[24]

Feng, J. and Chen, Y. (2013) 'A fair non-repudiation framework for data integrity in cloud storage services', International Journal of Cloud Computing, Vol. 2, No. 1, pp.20-47.

[25]

Fujitsu (2014) Two years on: The financial services landscape is your organisation super-powered? Available online at: http://www.fujitsu.com/uk/Images/FS-report-2014.pdf

[26]

Gabrielsson, J., Hubertsson, O., Mas, I. and Skog, R. (2010) 'Cloud computing in telecommunications', Ericsson Review, Vol. 1, pp.29-33.

[27]

Gandotra, I., Abrol, P., Gupta, P., Uppal, R. and Singh, S. (2011) 'Cloud computing over cluster, grid computing: a comparative analysis', Journal of Grid and Distributed Computing, Vol. 1, pp.1-4.

[28]

Garfinkel, S. (2011) 'The cloud imperative', MIT Technology Review. Available online at: http://www.technologyreview.com/news/425623/the-cloud-imperative/

[29]

Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M. and Boneh, D. (2003) 'Terra: a virtual machine-based platform for trusted computing', ACM SIGOPS Operating Systems Review, Vol. 37, No. 5, pp.193-206.

Digital Library

[30]

Gentry, C. (2009) A fully homomorphic encryption scheme, PhD Dissertation, Stanford University.

[31]

Giunta, R., Messina, F., Pappalardo, G. and Tramontana, R. (2015) 'Enhancing applications with cloud services by means of aspects', International Journal of Computer Applications in Technology, Vol. 51, No. 4, pp.273-282.

Digital Library

[32]

Gupta, V.O. and Rai, Y. (2015) 'A survey paper: threats and vulnerability in cloud computing', National Conference CONVERGENCE, Vol. 2015, p.28.

[33]

HP (2012) Deliver hp virtual application networks. Available online at: http://h17007.www1.hp.com/docs/interopny/4AA4-3872ENW.pdf

[34]

HP (n.d.) Secure the data - not the cloud. Available online at: http://h30458.www3.hp.com/us/us/ezine/secure-the-data-notthe-cloud.html/title/secure-the-data---not-the-cloud

[35]

Jian, C., Tao, M. and Wang, Y. (2014) 'A particle swarm optimisation algorithm for cloud-oriented workflow scheduling based on reliability', International Journal of Computer Applications in Technology, Vol. 50, Nos. 3/4, pp.220-225.

Digital Library

[36]

Jing, W., Liu, Y. and Shao, H. (2015) 'Reliability-aware dag scheduling with primary-backup in cloud computing', International Journal of Computer Applications in Technology, Vol. 52, No. 1, pp.86-93.

Digital Library

[37]

Kandukuri, B.R., Paturi, V.R. and Rakshit, A. (2009) 'Cloud security issues', Services Computing, SCC'09. IEEE International Conference on, pp.517-520.

[38]

Keizer, G. (2009) Hacker break-in of twitter e-mail yields secret docs. Available online at: http://www.computerworld.com/article/2525865/security0/hacker-break-in-of-twitter-e-mail-yieldssecret-docs.html

[39]

Kimmel, G.D., Domangue, E.L. and Adamouski, F.J. (2010) Information-centric security, U.S. Patent # 7,715,565 May 11.

[40]

Ko, S., Lee, J. and Kim, S. (2012) 'Mobile cloud computing security considerations', Journal of Security Engineering, Vol. 9, No. 2.

[41]

Linthicum, D.S. (2009) Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide, Addison Wesley.

[42]

Lo, H., Wang, R. and Garbini, J. (2009) The state of enterprise software 2009, Forrester Research, Cambridge.

[43]

Lui, S. (2013) Case study: Ballarat grammar uses sdn to fight malware. Available online at: http://www.zdnet.com/au/casestudy-ballarat-grammar-uses-sdn-to-fight-malware-7000015942/

[44]

Markoff, J. (2010) 'Cyberattack on google said to hit password system', The New York Times. Available online at: http://www.nytimes.com/2010/04/20/technology/20google.html?r=0

[45]

Mather, T., Kumaraswamy, S. and Latif, S. (2009) Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, O'Reilly Media.

[46]

Mell, P. and Grance, T. (2011) The nist definition of cloud computing (draft), Vol. 800, NIST Special Publication, p.145.

[47]

Ming, T. and Yongsheng, Z. (2012) 'Analysis of cloud computing and its security', Information Technology in Medicine and Education (ITME), 2012 International Symposium on, Vol. 1, IEEE, pp.379-381.

[48]

Nahrstedt, K. and Campbell, R. (2012) Security for Cloud Computing, Report to the National Science Foundation, Directorate for Computer and Information Science and Engineering (CISE).

[49]

Naresh, T., Lakshmi, A.J. and Reddy, V.K. (2015) 'Resource allocation methods in cloud computing: survey', International Journal of Engineering Trends and Technology, Vol. 2, No. 2.

[50]

OHSU (2013) OHSU notifies patients of 'cloud' health information storage. Available online at: https://news.ohsu.edu/2013/07/28/ohsu-notifies-patients-of-cloud-health-information-storage

[51]

Parkhill, D.F. (1966) The Challenge of the Computer Utility, Addison-Wesley.

[52]

Patil, P. (2015) 'Cloud security issues', Journal of Information Engineering and Applications, Vol. 5, No. 1, pp.31-34.

[53]

Patrascu, A., Maimut, D. and Simion, E. (2012) 'New directions in cloud computing: a security perspective', Communications (COMM), 2012 9th International Conference on, IEEE, pp.289-292.

[54]

Plummer, D. (2009) Experts define cloud computing: can we get a little definition in our definitions? Available online at: http://blogs.gartner.com/daryl_plummer/2009/01/27/expertsdefine-cloud-computing-can-we-get-a-little-definition-in-ourdefinitions/

[55]

Prince, B. (2012) Spam campaign caused by stolen dropbox employee password. Available online at: http://www.eweek.com/c/a/Security/Spam-Campaign-Caused-by-Stolen-Dropbox-Employee-Password-344694/

[56]

Ram, S. (2012) 'Security perspective of cloud computing with survey of security issues', Journal of Global Research in Computer Science, Vol. 3, No. 1, pp.77-82.

[57]

Ramgovind, S., Eloff, M.M. and Smith, E. (2010) 'The management of security in cloud computing', Information Security for South Africa (ISSA), IEEE, pp.1-7.

[58]

Rashid, F.Y. (2011) Honda data breach highlights need to set strong cloud security policies. Available online at: http://www.eweek.com/c/a/Security/Honda-Data-Breach-Highlights-Need-to-Set-Strong-Cloud-Security-Policies-275799/

[59]

Ren, K., Wang, C. and Wang, Q. (2012) 'Security challenges for the public cloud', Internet Computing, IEEE, Vol. 16, No. 1, pp.69-73.

Digital Library

[60]

Sahoo, J., Mohapatra, S. and Lath, R. (2010) 'Virtualization: a survey on concepts, taxonomy and associated security issues', Computer and Network Technology (ICCNT), 2010 Second International Conference on, IEEE, pp.222-226.

Digital Library

[61]

Santos, N., Gummadi, K. and Rodrigues, R. (2009) 'Towards trusted cloud computing', Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, USENIX Association, p.3.

[62]

Sengupta, S., Kaulgud, V. and Sharma, V. (2011) 'Cloud computing security - trends and research directions', Services (SERVICES), 2011 IEEE World Congress on, IEEE, pp.524-531.

Digital Library

[63]

Shanahan, E. (2014) With 30 million healthcare records lost, what's the number 1 cause? Available online at: http://blog.ncryptedcloud.com/30-million-healthcare-records-lost-whats-1-cause/

[64]

Srinivasan, A., Quadir, M.A. and Vijayakumar, V. (2015) 'Era of cloud computing: a new insight to hybrid cloud', Procedia Computer Science, Vol. 50, pp.42-51.

[65]

Stapleton, J. (2011) 'Cryptographic message syntax', Information Security Management Handbook, Vol. 5, p.343.

[66]

Subashini, S. and Kavitha, V. (2011) 'A survey on security issues in service delivery models of cloud computing', Journal of Network and Computer Applications, Vol. 34, No. 1, pp.1-11.

Digital Library

[67]

Sun, W., Lou, W., Hou, Y.T. and Li, H. (2014) 'Privacy-preserving keyword search over encrypted data in cloud computing', in Jajodia, S. et al. (Eds): Secure Cloud Computing, Springer, pp.189-212.

[68]

Symform (2012) Cloud security research. Available online at: http://www.symform.com/about-us/news-reviews/press-releases/cloud-security-research/

[69]

Tay, L. (2010) Data breaches to cost more in the cloud. Available online at: http://www.databreaches.net/data-breaches-to-costmore-in-the-cloud/

[70]

Trend Micro (2013) Embracing byod, are you exposing critical data? Available online at: http://www.trendmicro.com/cloudcontent/us/pdfs/rpt_embracing-byod.pdf

[71]

Van Dijk, M. and Juels, A. (2010) 'On the impossibility of cryptography alone for privacy-preserving cloud computing', Proceedings of the 5th USENIX Conference on Hot Topics in Security, USENIX Association, pp.1-8.

Digital Library

[72]

Walters, R. (2012) 'The cloud challenge: realising the benefits without increasing risk', Computer Fraud & Security, Vol. 2012, No. 8, pp.5-12.

[73]

Wang, C. (2009) Forrester: A close look at cloud computing security issues, CSO Security and Risk.

[74]

Westervelt, R. (2012) Mobile-impacting-cloud-security-issues-sayspanel. Available online at: http://searchcloudsecurity.techtarget.com/news/2240170513/Mobile-impacting-cloud-security-issuessays-panel

[75]

Yu, S., Wang, C., Ren, K. and Lou, W. (2010) 'Achieving secure, scalable, and fine-grained data access control in cloud computing', INFOCOM, 2010 Proceedings IEEE, pp.1-9.

Digital Library

[76]

Zhang, S., Chen, X., Zhang, S. and Huo, X. (2010) 'The comparison between cloud computing and grid computing', Computer Application and System Modeling (ICCASM), 2010 International Conference on, Vol. 11, pp.11-72.

[77]

Zhang, Y., Juels, A., Reiter, M. and Ristenpart, T. (2012) 'Crossvm side channels and their use to extract private keys', Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp.305-316.

Digital Library

Cited By

(2019)A survey on computation offloading in the mobile cloud computing environmentInternational Journal of Computer Applications in Technology10.5555/3319200.331920159:2(106-113)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.5555/3319200.3319201
(2019)Toward a contextual quality of service evaluation approachInternational Journal of Computer Applications in Technology10.5555/3302625.330263459:1(82-94)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.5555/3302625.3302634
Hanini MKafhali SSalah K(2019)Dynamic VM allocation and traffic control to manage QoS and energy consumption in cloud computing environmentInternational Journal of Computer Applications in Technology10.1504/ijcat.2019.10116860:4(307-316)Online publication date: 22-Jul-2019
https://dl.acm.org/doi/10.1504/ijcat.2019.101168
Show More Cited By

Cloud computing security: challenges and future trends
1. Social and professional topics
  1. Computing / technology policy
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures

Recommendations

Cloud Computing Security: Amazon Web Service
ACCT '15: Proceedings of the 2015 Fifth International Conference on Advanced Computing & Communication Technologies

Cloud Computing is a recently emerged model which is becoming popular among almost all enterprises. It involves the concept of on demand services which means using the cloud resources on demand and we can scale the resources as per demand. Cloud ...
Cloud Computing Security: From Single to Multi-clouds
HICSS '12: Proceedings of the 2012 45th Hawaii International Conference on System Sciences

The use of cloud computing has increased rapidly in many organizations. Cloud computing provides many benefits in terms of low cost and accessibility of data. Ensuring the security of cloud computing is a major factor in the cloud computing environment, ...
Cloud Computing Security: Opportunities and Pitfalls

The evolution of modern computing systems has lead to the emergence of Cloud computing. Cloud computing facilitates on-demand establishment of dynamic, large scale, flexible, and highly scalable computing infrastructures. However, as with any other ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image International Journal of Computer Applications in Technology

International Journal of Computer Applications in Technology Volume 55, Issue 2

January 2017

94 pages

ISSN:0952-8091

EISSN:1741-5047

Issue’s Table of Contents

Publisher

Inderscience Publishers

Geneva 15, Switzerland

Publication History

Published: 01 January 2017

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

(2019)A survey on computation offloading in the mobile cloud computing environmentInternational Journal of Computer Applications in Technology10.5555/3319200.331920159:2(106-113)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.5555/3319200.3319201
(2019)Toward a contextual quality of service evaluation approachInternational Journal of Computer Applications in Technology10.5555/3302625.330263459:1(82-94)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.5555/3302625.3302634
Hanini MKafhali SSalah K(2019)Dynamic VM allocation and traffic control to manage QoS and energy consumption in cloud computing environmentInternational Journal of Computer Applications in Technology10.1504/ijcat.2019.10116860:4(307-316)Online publication date: 22-Jul-2019
https://dl.acm.org/doi/10.1504/ijcat.2019.101168
(2018)A real-world online signature verification system based on correlation algorithmInternational Journal of Computer Applications in Technology10.5555/3292726.329273258:4(321-339)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.5555/3292726.3292732
(2018)Performance evaluation of bandwidth for virtual machine migration in cloud computingInternational Journal of Knowledge Engineering and Data Mining10.5555/3282762.32827635:3(139-152)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.5555/3282762.3282763
Marwan MKartit AOuahmane H(2018)A Cloud Based Solution for Collaborative and Secure Sharing of Medical DataInternational Journal of Enterprise Information Systems10.4018/IJEIS.201807010714:3(128-145)Online publication date: 1-Jul-2018
https://dl.acm.org/doi/10.4018/IJEIS.2018070107
(2018)A survey of resource allocation in the mobile cloud computing environmentInternational Journal of Computer Applications in Technology10.1504/IJCAT.2018.1001473157:4(281-290)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJCAT.2018.10014731
(2018)An anomaly-based approach for DDoS attack detection in cloud environmentInternational Journal of Computer Applications in Technology10.1504/IJCAT.2018.1001472957:4(312-324)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJCAT.2018.10014729
(2018)Integrating IoT and cloud in a smart city contextInternational Journal of Computer Applications in Technology10.1504/IJCAT.2018.1001472557:4(267-280)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJCAT.2018.10014725

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents