International Journal of Scientific & Technology Research

Home About Us Scope Editorial Board Blog/Latest News Contact Us
10th percentile
Powered by  Scopus
Scopus coverage:
Nov 2018 to May 2020


IJSTR >> Volume 9 - Issue 8, August 2020 Edition

International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616

Security Issues, Threats And Respective Mitigation In Cloud Computing – A Systematic Review

[Full Text]



Mubashir Ali, Shaista Malik, Zainab Khalid, Maham Mehr Awan, Shahbaz Ahmad



Cloud Computing, Security Issues, Threats, Challenges, Vulnerabilities, Solutions



Cloud computing is one of those emerging technologies that has occupied vital importance in today’s age. The proficiency of lessening expenses of computing, growing scalability and flexibility for storage related computer processes has made it to attain prime place in emerging trends. In cloud computing, entire data exist over a set of interconnected resources and is accessed through virtual machines over the network. It provides promising platform that allows efficient usage of numerous applications such as storage resources and computing infrastructure. In spite of all these benefits, there are various challenges to secure the cloud environment from vulnerabilities. Therefore, this state of the art study is conducted to highlight security related issues that arise at different levels of computations using cloud services. Moreover, taxonomy has been formulated by categorizing identified challenges in security issues and security attacks respectively. To identify the security challenges; A Systematic Literature Review (SLR) has also been conducted from the existing literature. Results show that major security issues are related to the client side, network side and at the backend. Furthermore, this study shed some light on the security issues that are encountered in cloud computing at different levels by designing architecture and offering cloud users the elucidations for safeguarding cloud data.



[1] P. Mell and T. Grance, “The NIST definition of cloud computing,” 2011.
[2] D. Nister and H. Stewenius, “Scalable recognition with a vocabulary tree,” in Computer vision and pattern recognition, 2006 IEEE computer society conference on, 2006, vol. 2, pp. 2161–2168.
[3] W. Kim, “Cloud computing architecture,” Int. J. Web Grid Serv., vol. 9, no. 3, pp. 287–303, 2013.
[4] S. Subashini and V. Kavitha, “A survey on security issues in service delivery models of cloud computing,” J. Netw. Comput. Appl., vol. 34, no. 1, pp. 1–11, 2011.
[5] C.-Y. Ku and Y.-S. Chiu, “A Novel Infrastructure for Data Sanitization in Cloud Computing (Research Paper),” in Diversity, Technology, and Innovation for Operational Competitiveness: Proceedings of the 2013 International Conference on Technology Innovation and Industrial Management, 2013, p. S3_25-28.
[6] N. Fotiou, A. Machas, G. C. Polyzos, and G. Xylomenos, “Access control as a service for the Cloud,” J. Internet Serv. Appl., vol. 6, no. 1, pp. 1–15, 2015.
[7] S. S. Gill et al., “Transformative effects of IoT, Blockchain and Artificial Intelligence on cloud computing: Evolution, vision, trends and open challenges,” Internet of Things, p. 100118, 2019.
[8] R. Buyya, J. Broberg, and A. M. Goscinski, Cloud computing: Principles and paradigms, vol. 87. John Wiley & Sons, 2010.
[9] D. Villegas et al., “Cloud federation in a layered service model,” J. Comput. Syst. Sci., vol. 78, no. 5, pp. 1330–1344, 2012.
[10] D. Bermbach, “Quality of Cloud Services: Expect the Unexpected,” IEEE Internet Comput., vol. 21, no. 1, pp. 68–72, 2017.
[11] S. Basu et al., “Cloud computing security challenges & solutions-a survey,” in 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC), 2018, pp. 347–356.
[12] T. Mather, S. Kumaraswamy, and S. Latif, Cloud security and privacy: an enterprise perspective on risks and compliance. “ O’Reilly Media, Inc.,” 2009.
[13] K. Karthiban and S. Smys, “Privacy preserving approaches in cloud computing,” in 2018 2nd International Conference on Inventive Systems and Control (ICISC), 2018, pp. 462–467.
[14] C. Modi, D. Patel, B. Borisaniya, A. Patel, and M. Rajarajan, “A survey on security issues and solutions at different layers of Cloud computing,” J. Supercomput., vol. 63, no. 2, pp. 561–592, 2013.
[15] J. Qaddour, “Security Threat and Challenges Analysis of Cloud Computing with Some Solutions.”
[16] H. Tianfield, “Security issues in cloud computing,” in Systems, Man, and Cybernetics (SMC), 2012 IEEE International Conference on, 2012, pp. 1082–1089.
[17] H. Lo, R. Wang, J. P. Garbani, E. Daley, R. Iqbal, and C. Green, “Forrester report,” State Enterp. Softw., vol. 2009, 2009.
[18] P. BNA, “Privacy & security law report,” 2009.
[19] J. A. Bowen, “Cloud computing: Issues in data privacy/security and commercial considerations,” Comput. INTERNET LAWYER, vol. 28, no. 8, pp. 1–8, 2011.
[20] M. Ter Louw and V. N. Venkatakrishnan, “Blueprint: Robust prevention of cross-site scripting attacks for existing browsers,” in Security and Privacy, 2009 30th IEEE Symposium on, 2009, pp. 331–346.
[21] V. S. K. Maddineni and S. Ragi, “Security Techniques for protecting data in Cloud Computing.” 2012.
[22] B. Kitchenham, O. P. Brereton, D. Budgen, M. Turner, J. Bailey, and S. Linkman, “Systematic literature reviews in software engineering–a systematic literature review,” Inf. Softw. Technol., vol. 51, no. 1, pp. 7–15, 2009.
[23] B. A. Kitchenham, T. Dyba, and M. Jorgensen, “Evidence-based software engineering,” in Proceedings of the 26th international conference on software engineering, 2004, pp. 273–281.
[24] V. Ramesh, R. L. Glass, and I. Vessey, “Research in computer science: an empirical study,” J. Syst. Softw., vol. 70, no. 1, pp. 165–176, 2004.
[25] A. Strauss and J. Corbin, Basics of qualitative research, vol. 15. Newbury Park, CA: Sage, 1990.
[26] M. A. Khan, “A survey of security issues for cloud computing,” J. Netw. Comput. Appl., vol. 71, pp. 11–29, 2016.
[27] D. Chen and H. Zhao, “Data security and privacy protection issues in cloud computing,” in Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on, 2012, vol. 1, pp. 647–651.
[28] S. Singh, Y.-S. Jeong, and J. H. Park, “A survey on cloud computing security: Issues, threats, and solutions,” J. Netw. Comput. Appl., vol. 75, pp. 200–222, 2016.
[29] S. N. Kumar and A. Vajpayee, “A Survey on Secure Cloud: Security and Privacy in Cloud Computing,” Am. J. Syst. Softw., vol. 4, no. 1, pp. 14–26, 2016.
[30] M. A. Khan and K. Salah, “IoT security: Review, blockchain solutions, and open challenges,” Futur. Gener. Comput. Syst., vol. 82, pp. 395–411, May 2018.
[31] N. H. Hussein, A. Khalid, and K. Khanfar, “A Survey of Cryptography Cloud Storage Techniques,” Int. J. Comput. Sci. Mob. Comput. pg, pp. 186–191, 2016.
[32] M. Ali, S. U. Khan, and A. V Vasilakos, “Security in cloud computing: Opportunities and challenges,” Inf. Sci. (Ny)., vol. 305, pp. 357–383, 2015.
[33] Y. Liu, Y. Sun, J. Ryoo, S. Rizvi, and A. V Vasilakos, “A survey of security and privacy challenges in cloud computing: solutions and future directions,” J. Comput. Sci. Eng., vol. 9, no. 3, pp. 119–133, 2015.
[34] R. Charanya, M. Aramudhan, K. Mohan, and S. Nithya, “Levels of security issues in cloud computing,” Int. J. Eng. Technol., vol. 5, no. 2, pp. 1912–1920, 2013.
[35] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” J. Internet Serv. Appl., vol. 4, no. 1, p. 5, 2013.
[36] R. Bhadauria and S. Sanyal, “Survey on security issues in cloud computing and associated mitigation techniques,” arXiv Prepr. arXiv1204.0764, 2012.
[37] M. Z. Meetei and A. Goel, “Security issues in cloud computing,” in Biomedical Engineering and Informatics (BMEI), 2012 5th International Conference on, 2012, pp. 1321–1325.
[38] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,” Futur. Gener. Comput. Syst., vol. 28, no. 3, pp. 583–592, 2012.
[39] M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, “On technical security issues in cloud computing,” in Cloud Computing, 2009. CLOUD’09. IEEE International Conference on, 2009, pp. 109–116.
[40] W.-J. Fan, S.-L. Yang, H. Perros, and J. Pei, “A multi-dimensional trust-aware cloud service selection mechanism based on evidential reasoning approach,” Int. J. Autom. Comput., vol. 12, no. 2, pp. 208–219, 2015.
[41] M. Ouedraogo, S. Mignon, H. Cholez, S. Furnell, and E. Dubois, “Security transparency: the next frontier for security research in the cloud,” J. Cloud Comput., vol. 4, no. 1, p. 12, 2015.
[42] P. Saripalli and B. Walters, “Quirc: A quantitative impact and risk assessment framework for cloud security,” in Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on, 2010, pp. 280–288.
[43] W. A. Jansen, “Cloud hooks: Security and privacy issues in cloud computing,” in System Sciences (HICSS), 2011 44th Hawaii International Conference on, 2011, pp. 1–10.
[44] D. Attas and O. Batrafi, “Efficient integrity checking technique for securing client data in cloud computing,” IJECS, vol. 8282, no. 6105, p. 11, 2011.
[45] F. Lombardi and R. Di Pietro, “Secure virtualization for cloud computing,” J. Netw. Comput. Appl., vol. 34, no. 4, pp. 1113–1122, 2011.
[46] X. Chen, S. Chen, X. Zeng, X. Zheng, Y. Zhang, and C. Rong, “Framework for context-aware computation offloading in mobile cloud computing,” J. Cloud Comput., vol. 6, no. 1, p. 1, 2017.
[47] D. Riquet, G. Grimaud, and M. Hauspie, “Large-scale coordinated attacks: Impact on the cloud security,” in Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2012 Sixth International Conference on, 2012, pp. 558–563.
[48] K. Scarfone and P. Mell, “Guide to intrusion detection and prevention systems (idps),” NIST Spec. Publ., vol. 800, no. 2007, p. 94, 2007.
[49] J. Karlin, S. Forrest, and J. Rexford, “Autonomous security for autonomous systems,” Comput. Networks, vol. 52, no. 15, pp. 2908–2923, 2008.
[50] F. V. Alejandre, N. C. Cortés, and E. A. Anaya, “Feature selection to detect botnets using machine learning algorithms,” in Electronics, Communications and Computers (CONIELECOMP), 2017 International Conference on, 2017, pp. 1–7.
[51] W. Lin and D. Lee, “Traceback Attacks in Cloud--Pebbletrace Botnet,” in Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on, 2012, pp. 417–426.
[52] K. Kourai, T. Azumi, and S. Chiba, “A self-protection mechanism against stepping-stone attacks for IaaS clouds,” in Ubiquitous Intelligence & Computing and 9th International Conference on Autonomic & Trusted Computing (UIC/ATC), 2012 9th International Conference on, 2012, pp. 539–546.
[53] Y. Chen, X. Li, and F. Chen, “Overview and analysis of cloud computing research and application,” in E-Business and E-Government (ICEE), 2011 International Conference on, 2011, pp. 1–4.
[54] G. Doychev, B. Köpf, L. Mauborgne, and J. Reineke, “Cacheaudit: A tool for the static analysis of cache side channels,” ACM Trans. Inf. Syst. Secur., vol. 18, no. 1, p. 4, 2015.
[55] S. Luo, Z. Lin, X. Chen, Z. Yang, and J. Chen, “Virtualization security for cloud computing service,” in Cloud and Service Computing (CSC), 2011 International Conference on, 2011, pp. 174–179.
[56] H. Wu, Y. Ding, C. Winer, and L. Yao, “Network security for virtual machine in cloud computing,” in Computer Sciences and Convergence Information Technology (ICCIT), 2010 5th International Conference on, 2010, pp. 18–21.
[57] K. Vieira, A. Schulter, C. Westphall, and C. Westphall, “Intrusion detection techniques in grid and cloud computing environment,” IT Prof. IEEE Comput. Soc., vol. 12, no. 4, pp. 38–43, 2010.
[58] D. Gollmann, “Securing web applications,” Inf. Secur. Tech. Rep., vol. 13, no. 1, pp. 1–9, 2008.
[59] R. Lua and K. C. Yow, “Mitigating ddos attacks with transparent and intelligent fast-flux swarm network,” IEEE Netw., vol. 25, no. 4, 2011.
[60] A. Bakshi and Y. B. Dujodwala, “Securing cloud from ddos attacks using intrusion detection system in virtual machine,” in Communication Software and Networks, 2010. ICCSN’10. Second International Conference on, 2010, pp. 260–264.
[61] S. Sridhar and S. Smys, “A Survey on Cloud Security Issues and Challenges with Possible Measures,” in International Conference on Inventive Research in Engineering and Technology, 2016, vol. 4.
[62] S. S. Jadhav, P. K. Hagwane, P. C. Labhade, and K. S. Nalawde, “Data Confidentiality in Cloud Computing Using Android Application,” Imp. J. Interdiscip. Res., vol. 2, no. 6, 2016.
[63] D. Pratiba, G. Shobha, S. Tandon, and S. B. Srushti, “Cache based Side Channel Attack on AES in Cloud Computing Environment,” Int. J. Comput. Appl., vol. 119, no. 13, 2015.
[64] M. Godfrey and M. Zulkernine, “A server-side solution to cache-based side-channel attacks in the cloud,” in Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on, 2013, pp. 163–170.
[65] G. Xiaopeng, W. Sumei, and C. Xianqin, “VNSS: a Network Security sandbox for virtual Computing environment,” in Information Computing and Telecommunications (YC-ICT), 2010 IEEE Youth Conference on, 2010, pp. 395–398.
[66] F. Zhou, M. Goel, P. Desnoyers, and R. Sundaram, “Scheduler vulnerabilities and coordinated attacks in cloud computing,” J. Comput. Secur., vol. 21, no. 4, pp. 533–559, 2013.
[67] N. Gruschka and M. Jensen, “Attack surfaces: A taxonomy for attacks on cloud services,” in Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on, 2010, pp. 276–279.
[68] J. Clarke-Salt, SQL injection attacks and defense. Elsevier, 2009.
[69] A. Liu, Y. Yuan, D. Wijesekera, and A. Stavrou, “SQLProb: a proxy-based architecture towards preventing SQL injection attacks,” in Proceedings of the 2009 ACM symposium on Applied Computing, 2009, pp. 2054–2061.
[70] F. Callegati, W. Cerroni, and M. Ramilli, “Man-in-the-Middle Attack to the HTTPS Protocol,” IEEE Secur. Priv., vol. 7, no. 1, pp. 78–81, 2009.