Literature review of security issues in saas for public cloud computing: a meta-analysis

  • Authors

    • Mohanaad Shakir Alburaimi University college
    • Maytham Hammood Tikrit University
    • Ahmed Kh. Muttar College of Administrative Sciences
    2018-06-23
    https://doi.org/10.14419/ijet.v7i3.13075
  • Cloud Computing, Security Issues in Cloud Computing, Authentication, Encryption, Saas, Security Framework in Cloud Computing, EPSB.

  • Cloud computing is a rapidly growing technology due to its highly flexible uses and applications. It also has other features such as simplicity, quick data access and reduced data storage costs. Consequently, it has been widely used by many organizations. This widespread use of cloud computing among organizations causes many security issues. Moreover, cloud computing layers are likely to be jeopardized by many security risks such as privileged user access, data location, data segregation, and data recovery. This paper aims to prepare an ample debate of a literature review-based studies that provided important insights to researchers in the scope of security cloud computing. The researcher applied a relevant set of keywords. These keywords are limited to the title, abstract and keywords search archives published between 2010 and June 2017. The database search returned a total of 308 publications. In addition, we conducted backward-forward searches from the reference lists of relevant, quality previous works on the security framework in public cloud computing studies. Then, the researcher filtered the publications to only full text access articles that were written in English only. Finally, this study obtained a total of 53 publications. The findings of this paper address many important points such as authentication, data segregation, and encryption which are considered as the top concerns in security cloud computing. In addition, most of authentication layer is considered password as a prime criterion in determining authorizes user.

     

     

  • References

    1. [1] M. M. Boroujerdi and S. Nazem, “Cloud computing: changing cogitation about computing,†World Acad. Sci. Eng. Technol., vol. 58, pp. 1112–1116, 2009.

      [2] I. Foster, Y. Zhao, I. Raicu, and S. Lu, “Cloud computing and grid computing 360-degree compared,†in Grid Computing Environments Workshop, 2008. GCE’08, 2008, pp. 1–10. https://doi.org/10.1109/GCE.2008.4738445.

      [3] V. Kundra, “Federal cloud computing strategy,†2011.

      [4] P. Mell, T. Grance, and others, “The NIST definition of cloud computing,†2011.

      [5] P. Jadhwani, J. Mackinnon, and M. Elrefal, “Cloud Computing Building a Framework for Successful Transition,†GTSI, North. Virginia, 2009.

      [6] L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, “A break in the clouds: towards a cloud definition,†ACM SIGCOMM Comput. Commun. Rev., vol. 39, no. 1, pp. 50–55, 2008. https://doi.org/10.1145/1496091.1496100.

      [7] R. K. L. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M. Kirchberg, Q. Liang, and B. S. Lee, “TrustCloud: A framework for accountability and trust in cloud computing,†in Services (SERVICES), 2011 IEEE World Congress on, 2011, pp. 584–588. https://doi.org/10.1109/SERVICES.2011.91.

      [8] F. Sabahi, “Cloud computing security threats and responses,†in Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on, 2011, pp. 245–249. https://doi.org/10.1109/ICCSN.2011.6014715.

      [9] D. Teneyuca, “Internet cloud security: The illusion of inclusion,†Inf. Secur. Tech. Rep., vol. 16, no. 3, pp. 102–107, 2011. https://doi.org/10.1016/j.istr.2011.08.005.

      [10] M. Carroll, A. Van Der Merwe, and P. Kotze, “Secure cloud computing: Benefits, risks and controls,†in Information Security South Africa (ISSA), 2011, 2011, pp. 1–9.

      [11] K. Popović and Ž. Hocenski, “Cloud computing security issues and challenges,†in MIPRO, 2010 proceedings of the 33rd international convention, 2010, pp. 344–349.

      [12] S. D. Castilho, E. P. Godoy, T. W. L. Castilho, and F. Salmen, “Proposed model to implement high-level Information Security in Internet of Things,†in Fog and Mobile Edge Computing (FMEC), 2017 Second International Conference on, 2017, pp. 165–170.

      [13] Z. Wang, “Security and privacy issues within the Cloud Computing,†in Computational and Information Sciences (ICCIS), 2011 International Conference on, 2011, pp. 175–178. https://doi.org/10.1109/ICCIS.2011.247.

      [14] E. Mathisen, “Security challenges and solutions in cloud computing,†in Digital Ecosystems and Technologies Conference (DEST), 2011 Proceedings of the 5th IEEE International Conference on, 2011, pp. 208–212. https://doi.org/10.1109/DEST.2011.5936627.

      [15] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,†Futur. Gener. Comput. Syst., vol. 28, no. 3, pp. 583–592, 2012. https://doi.org/10.1016/j.future.2010.12.006.

      [16] D. Abraham, “Why 2FA in the cloud?,†Netw. Secur., vol. 2009, no. 9, pp. 4–5, 2009. https://doi.org/10.1016/S1353-4858(09)70097-2.

      [17] F. Scott, M. Itsik, and S. Adi, “Weakness in the key scheduling algorithm of RC4,†in Proceedings of the 8 Annual Workshop on SAC, 2001.

      [18] S. Ramgovind, M. M. Eloff, and E. Smith, “The management of security in cloud computing,†in Information Security for South Africa (ISSA), 2010, 2010, pp. 1–7.

      [19] A. Youssef and M. Alaqeel, “Security Issues in Cloud Computing.,†GSTF J. Comput., vol. 1, no. 3, 2011.

      [20] S. Subashini and V. Kavitha, “A survey on security issues in service delivery models of cloud computing,†J. Netw. Comput. Appl., vol. 34, no. 1, pp. 1–11, 2011. https://doi.org/10.1016/j.jnca.2010.07.006.

      [21] E. C. Amazon, “Amazon elastic compute cloud (Amazon EC2),†Amaz. Elastic Comput. Cloud (Amazon EC2), 2010.

      [22] A. Tripathi and A. Mishra, “Cloud computing security considerations,†in Signal Processing, Communications and Computing (ICSPCC), 2011 IEEE International Conference on, 2011, pp. 1–5. https://doi.org/10.1109/ICSPCC.2011.6061557.

      [23] A. E. Youssef, “Exploring cloud computing services and applications,†J. Emerg. Trends Comput. Inf. Sci., vol. 3, no. 6, pp. 838–847, 2012.

      [24] H. Sato, A. Kanai, and S. Tanimoto, “A cloud trust model in a security aware cloud,†in Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on, 2010, pp. 121–124. https://doi.org/10.1109/SAINT.2010.13.

      [25] Z. Yang, L. Qiao, C. Liu, C. Yang, and G. Wan, “A collaborative trust model of firewall-through based on Cloud Computing,†in Computer Supported Cooperative Work in Design (CSCWD), 2010 14th International Conference on, 2010, pp. 329–334. https://doi.org/10.1109/CSCWD.2010.5471954.

      [26] S. Scott-Hayward, G. O’Callaghan, and S. Sezer, “SDN security: A survey,†in Future Networks and Services (SDN4FNS), 2013 IEEE SDN For, 2013, pp. 1–7.

      [27] P. Schoo, V. Fusenig, V. Souza, M. Melo, P. Murray, H. Debar, H. Medhioub, and D. Zeghlache, “Challenges for Cloud Networking Security,†in MONAMI, 2010, pp. 298–313.

      [28] W. Li, L. Ping, and X. Pan, “Use trust management module to achieve effective security mechanisms in cloud environment,†in Electronics and Information Engineering (ICEIE), 2010 International Conference On, 2010, vol. 1, pp. V1--14. https://doi.org/10.1109/ICEIE.2010.5559829.

      [29] Z. Song, J. Molina, and C. Strong, “Trusted anonymous execution: A model to raise trust in cloud,†in Grid and Cooperative Computing (GCC), 2010 9th International Conference on, 2010, pp. 133–138. https://doi.org/10.1109/GCC.2010.37.

      [30] S. Chen, S. Nepal, and R. Liu, “Secure connectivity for intra-cloud and inter-cloud communication,†in Parallel Processing Workshops (ICPPW), 2011 40th International Conference on, 2011, pp. 154–159.

      [31] X. Recommendation, “509-The Directory: Public-key and attribute certificate frameworks,†Int. Telecommun. Union, 2000.

      [32] S. Sridharan and G. R. Kiran, “Secure authentication model for online health monitoring system,†in Computing, Communications and Networking Technologies (ICCCNT), 2013 Fourth International Conference on, 2013, pp. 1–5. https://doi.org/10.1109/ICCCNT.2013.6726758.

      [33] M. Shakir, A. B. Abubakar, Y. Yousoff, M. Al-Emran, and M. Hammood, “APPLICATION OF CONFIDENCE RANGE ALGORITHM IN RECOGNIZING USER BEHAVIOR THROUGH EPSB IN CLOUD COMPUTING,†J. Theor. Appl. Inf. Technol., vol. 94, no. 2, p. 416, 2016.

      [34] L. F. B. Soares, D. A. B. Fernandes, M. M. Freire, and P. R. M. Inácio, “Secure user authentication in cloud computing management interfaces,†in Performance Computing and Communications Conference (IPCCC), 2013 IEEE 32nd International, 2013, pp. 1–2. https://doi.org/10.1109/PCCC.2013.6742763.

      [35] I. Singh, “Secc: Authentication and Access Control Mechanism for Secure Cloud Networks and Services,†Birla Institute of Technology Mesra, 2015.

      [36] M. Farhatullah, “ALP: An authentication and leak prediction model for Cloud Computing privacy,†in Advance Computing Conference (IACC), 2013 IEEE 3rd International, 2013, pp. 48–51. https://doi.org/10.1109/IAdCC.2013.6514192.

      [37] K. Kaur and S. Vashisht, “Data Separation Issues in Cloud Computing,†Int. J. Adv. Res. Eng. Technol., vol. 1, no. X, pp. 26–29, 2013.

      [38] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, “Toward secure and dependable storage services in cloud computing,†IEEE Trans. Serv. Comput., vol. 5, no. 2, pp. 220–232, 2012. https://doi.org/10.1109/TSC.2011.24.

      [39] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, “Enabling public auditability and data dynamics for storage security in cloud computing,†IEEE Trans. parallel Distrib. Syst., vol. 22, no. 5, pp. 847–859, 2011. https://doi.org/10.1109/TPDS.2010.183.

      [40] S. Srinivasamurthy and D. Q. Liu, “Survey on Cloud Computing Security--Technical Report,†Dep. Comput. Sci. Indiana Univ. Purdue Univ. Fort Wayne, 2010.

      [41] W. Liu, “Research on cloud computing security problem and strategy,†in Consumer Electronics, Communications and Networks (CECNet), 2012 2nd International Conference on, 2012, pp. 1216–1219.

      [42] M. C. Liberatori and J. C. Bonadero, “AES-128 cipher: Minimum area, low cost FPGA implementation,†Lat. Am. Appl. Res., vol. 37, no. 1, pp. 71–77, 2007.

      [43] R. Chalse, A. Selokar, and A. Katara, “A new technique of data integrity for analysis of the cloud computing security,†in Computational Intelligence and Communication Networks (CICN), 2013 5th International Conference on, 2013, pp. 469–473. https://doi.org/10.1109/CICN.2013.103.

      [44] C. Cid, S. Murphy, and M. Robshaw, Algebraic aspects of the advanced encryption standard. Springer Science & Business Media, 2006.

      [45] C. Basescu, A. Carpen-Amarie, C. Leordeanu, A. Costan, and G. Antoniu, “Managing data access on clouds: A generic framework for enforcing security policies,†in Advanced Information Networking and Applications (AINA), 2011 IEEE International Conference on, 2011, pp. 459–466. https://doi.org/10.1109/AINA.2011.61.

      [46] M. Almorsy, J. Grundy, and A. S. Ibrahim, “Collaboration-based cloud computing security management framework,†in Cloud Computing (CLOUD), 2011 IEEE International Conference on, 2011, pp. 364–371.

      [47] M. Shakir, A. B. Abubakar, Y. Bin Yousoff, A. M. Sagher, and H. Alkayali, “DIAGNOSIS SECURITY PROBLEMS IN CLOUD COMPUTING FOR BUSINESS CLOUD,†J. Theor. Appl. Inf. Technol., vol. 90, no. 2, p. 151, 2016.

      [48] N. Robinson, L. Valeri, J. Cave, T. Starkey, H. Graux, S. Creese, and P. P. Hopkins, “The cloud: understanding the security, privacy and trust challenges,†2010.

      [49] R. S. Kumar and A. Saxena, “Data integrity proofs in cloud storage,†in Communication Systems and Networks (COMSNETS), 2011 Third International Conference on, 2011, pp. 1–4.

      [50] J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “A generalized temporal role-based access control model,†IEEE Trans. Knowl. Data Eng., vol. 17, no. 1, pp. 4–23, 2005. https://doi.org/10.1109/TKDE.2005.1.

      [51] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving public auditing for data storage security in cloud computing,†in Infocom, 2010 proceedings ieee, 2010, pp. 1–9.

      [52] G.-J. Ahn, M. Ko, and M. Shehab, “Privacy-enhanced user-centric identity management,†in Communications, 2009. ICC’09. IEEE International Conference on, 2009, pp. 1–5. https://doi.org/10.1109/ICC.2009.5199363.

      [53] X. Zhang, M. Nakae, M. J. Covington, and R. Sandhu, “Toward a usage-based security framework for collaborative computing systems,†ACM Trans. Inf. Syst. Secur., vol. 11, no. 1, p. 3, 2008. https://doi.org/10.1145/1330295.1330298.

      [54] A. Sedgewick, “Framework for Improving Critical Infrastructure Cyber-security,†NIST, 2014.

      [55] M. Basso and J. Mann, “MarketScope for Enterprise File Synchronization and Sharing,†Gartner, 2013.

      [56] N. Grozev and R. Buyya, “Inter-Cloud architectures and application brokering: taxonomy and survey,†Softw. Pract. Exp., vol. 44, no. 3, pp. 369–390, 2014. https://doi.org/10.1002/spe.2168.

      [57] Z. Xin, L. Song-qing, and L. Nai-wen, “Research on cloud computing data security model based on multi-dimension,†in Information Technology in Medicine and Education (ITME), 2012 International Symposium on, 2012, vol. 2, pp. 897–900.

      [58] F. Zhao, C. Li, and C. F. Liu, “A cloud computing security solution based on fully homomorphic encryption,†in Advanced Communication Technology (ICACT), 2014 16th International Conference on, 2014, pp. 485–488. https://doi.org/10.1109/ICACT.2014.6779008.

      [59] H. Suo, Z. Liu, J. Wan, and K. Zhou, “Security and privacy in mobile cloud computing,†in Wireless Communications and Mobile Computing Conference (IWCMC), 2013 9th International, 2013, pp. 655–659. https://doi.org/10.1109/IWCMC.2013.6583635.

      [60] M. Alhamad, T. Dillon, and E. Chang, “Sla-based trust model for cloud computing,†in Network-Based Information Systems (NBiS), 2010 13th International Conference on, 2010, pp. 321–324. https://doi.org/10.1109/NBiS.2010.67.

      [61] V. Mukhin and A. Volokyta, “Notice of violation of IEEE publication principles security risk analysis for cloud computing systems,†in Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2011 IEEE 6th International Conference on, 2011, vol. 2, pp. 737–742. https://doi.org/10.1109/IDAACS.2011.6072868.

      [62] J. Surbiryala, C. Li, and C. Rong, “A framework for improving security in cloud computing,†in 2017 IEEE 2nd International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), 2017, pp. 260–264. https://doi.org/10.1109/ICCCBDA.2017.7951921.

      [63] J. R. Jain and A. Asaduzzaman, “A novel data logging framework to enhance security of Cloud computing,†in SoutheastCon 2016, 2016, pp. 1–6.

      [64] M. M. Potey, C. A. Dhote, and D. H. Sharma, “Homomorphic Encryption for Security of Cloud Data,†Procedia Comput. Sci., vol. 79, pp. 175–181, 2016. https://doi.org/10.1016/j.procs.2016.03.023.

      [65] A. Bhardwaj, G. V. B. Subrahmanyam, V. Avasthi, and H. Sastry, “Security Algorithms for Cloud Computing,†Procedia Comput. Sci., vol. 85, no. Cms, pp. 535–542, 2016.

      [66] G. Brunette, R. Mogull, and others, “Security guidance for critical areas of focus in cloud computing v2. 1,†Cloud Secur. Alliance, pp. 1–76, 2009.

      [67] Al-hashimi, m. u. h. a. n. e. d., et al. "Address The Challenges Of Implementing Electronic Document System In Iraq E-Government-Tikrit City As A Case Study." Journal of Theoretical & Applied Information Technology 95.15 (2017).

      [68] Shakir, M., Abubakar, A. B., Yousoff, Y. B., & Sheker, M. (2016). IMPROVEMENT KEYS OF ADVANCED ENCRYPTION STANDARD (AES) RIJNDAEL_M. Journal of Theoretical & Applied Information Technology, 86(2).

  • Downloads

  • How to Cite

    Shakir, M., Hammood, M., & Kh. Muttar, A. (2018). Literature review of security issues in saas for public cloud computing: a meta-analysis. International Journal of Engineering & Technology, 7(3), 1161-1171. https://doi.org/10.14419/ijet.v7i3.13075