A Review on Cloud Computing Threats, Security and Possible Solutions

Rabia Naz; Hafiz Muhammad Faisal Shehzad; Asia Muneer; Abid Rafiq; Samreen Razzaq; Mudassar Ali Shah Zaidi

Authors

Rabia Naz University of Sargodha
Hafiz Muhammad Faisal Shehzad
Asia Muneer Department of CS and IT, University of Sargodha, Sargodha, Pakistan
Abid Rafiq Department of CS and IT, University of Sargodha, Sargodha, Pakistan
Samreen Razzaq Department of CS and IT, University of Sargodha, Sargodha, Pakistan
Mudassar Ali Shah Zaidi Department of CS and IT, University of Sargodha, Sargodha, Pakistan

Keywords:

Vulnerabilities of Cloud Computing, Security Threats, Data Security, Cloud Computing

Abstract

Cloud computing is increasingly popular, with major companies like Microsoft, Google, and Amazon creating expansive cloud environments to support vast user bases. Despite its benefits, security remains a significant concern, complicating full trust in cloud solutions due to potential hazards and the consequences of security breaches. This study introduces a novel approach to address the gaps in existing frameworks for summarizing and analyzing cloud security issues and requirements. We explored various cloud computing security challenges, assessed the impact of different cloud models, and discussed risk mitigation techniques and policies for both cloud providers and users. Our analysis offers a comprehensive examination of security risks affecting cloud computing, alongside the latest security solutions. Rather than focusing solely on specific issues, we presented a broader perspective on advanced, high-level security frameworks. We outlined multiple strategies for developing a secure, reliable, and cost-effective cloud infrastructure.

References

S. Shamshirband, M. Fathi, A. T. Chronopoulos, A. Montieri, F. Palumbo, and A. Pescapè, “Computational intelligence intrusion detection techniques in mobile cloud computing environments: Review, taxonomy, and open research issues,” J. Inf. Secur. Appl., vol. 55, p. 102582, Dec. 2020, doi: 10.1016/J.JISA.2020.102582.

M. A. R. Al Amin, S. Shetty, L. Njilla, D. K. Tosh, and C. Kamhoua, “Hidden markov model and cyber deception for the prevention of adversarial lateral movement,” IEEE Access, vol. 9, pp. 49662–49682, 2021, doi: 10.1109/ACCESS.2021.3069105.

W. Ahmad, A. Rasool, A. R. Javed, T. Baker, and Z. Jalil, “Cyber Security in IoT-Based Cloud Computing: A Comprehensive Survey,” Electron. 2022, Vol. 11, Page 16, vol. 11, no. 1, p. 16, Dec. 2021, doi: 10.3390/ELECTRONICS11010016.

I. Ahmad, S. Shahabuddin, T. Kumar, J. Okwuibe, A. Gurtov, and M. Ylianttila, “Security for 5G and beyond,” IEEE Commun. Surv. Tutorials, vol. 21, no. 4, pp. 3682–3722, Oct. 2019, doi: 10.1109/COMST.2019.2916180.

S. Bharany et al., “A Systematic Survey on Energy-Efficient Techniques in Sustainable Cloud Computing,” Sustain. 2022, Vol. 14, Page 6256, vol. 14, no. 10, p. 6256, May 2022, doi: 10.3390/SU14106256.

H. Tabrizchi and M. Kuchaki Rafsanjani, “A survey on security challenges in cloud computing: issues, threats, and solutions,” J. Supercomput., vol. 76, no. 12, pp. 9493–9532, Dec. 2020, doi: 10.1007/S11227-020-03213-1/METRICS.

S. Valluripally, A. Gulhane, K. A. Hoque, and P. Calyam, “Modeling and Defense of Social Virtual Reality Attacks Inducing Cybersickness,” IEEE Trans. Dependable Secur. Comput., vol. 19, no. 6, pp. 4127–4144, 2022, doi: 10.1109/TDSC.2021.3121216.

L. Da Xu, Y. Lu, and L. Li, “Embedding Blockchain Technology into IoT for Security: A Survey,” IEEE Internet Things J., vol. 8, no. 13, pp. 10452–10473, Jul. 2021, doi: 10.1109/JIOT.2021.3060508.

F. Khoda Parast, C. Sindhav, S. Nikam, H. Izadi Yekta, K. B. Kent, and S. Hakak, “Cloud computing security: A survey of service-based models,” Comput. Secur., vol. 114, p. 102580, Mar. 2022, doi: 10.1016/J.COSE.2021.102580.

A. Gaurav, B. B. Gupta, and P. K. Panigrahi, “A comprehensive survey on machine learning approaches for malware detection in IoT-based enterprise information system,” Enterp. Inf. Syst., vol. 17, no. 3, Mar. 2023, doi: 10.1080/17517575.2021.2023764.

G. N. Nguyen, N. H. Le Viet, M. Elhoseny, K. Shankar, B. B. Gupta, and A. A. A. El-Latif, “Secure blockchain enabled Cyber–physical systems in healthcare using deep belief network with ResNet model,” J. Parallel Distrib. Comput., vol. 153, pp. 150–160, Jul. 2021, doi: 10.1016/J.JPDC.2021.03.011.

M. H. Sayadnavard, A. Toroghi Haghighat, and A. M. Rahmani, “A multi-objective approach for energy-efficient and reliable dynamic VM consolidation in cloud data centers,” Eng. Sci. Technol. an Int. J., vol. 26, p. 100995, Feb. 2022, doi: 10.1016/J.JESTCH.2021.04.014.

M. A. Elmagzoub, D. Syed, A. Shaikh, N. Islam, A. Alghamdi, and S. Rizwan, “A Survey of Swarm Intelligence Based Load Balancing Techniques in Cloud Computing Environment,” Electron. 2021, Vol. 10, Page 2718, vol. 10, no. 21, p. 2718, Nov. 2021, doi: 10.3390/ELECTRONICS10212718.

J. C. Correa Chica, J. C. Imbachi, and J. F. Botero Vega, “Security in SDN: A comprehensive survey,” J. Netw. Comput. Appl., vol. 159, p. 102595, Jun. 2020, doi: 10.1016/J.JNCA.2020.102595.

A. Singh and B. B. Gupta, “Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms: Issues, Challenges, and Future Research Directions,” https://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/IJSWIS.297143, vol. 18, no. 1, pp. 1–43, Jan. 1AD, doi: 10.4018/IJSWIS.297143.

J. K. Dawson, F. Twum, J. B. H. Acquah, and Y. M. Missah, “PRISMA Archetype-Based Systematic Literature Review of Security Algorithms in the Cloud,” Secur. Commun. Networks, vol. 2023, no. 1, p. 9210803, Jan. 2023, doi: 10.1155/2023/9210803.

A. Masood, D. S. Lakew, and S. Cho, “Security and Privacy Challenges in Connected Vehicular Cloud Computing,” IEEE Commun. Surv. Tutorials, vol. 22, no. 4, pp. 2725–2764, Oct. 2020, doi: 10.1109/COMST.2020.3012961.

W. Elmasry, A. Akbulut, and A. H. Zaim, “A Design of an Integrated Cloud-based Intrusion Detection System with Third Party Cloud Service,” Open Comput. Sci., vol. 11, no. 1, pp. 365–379, Jan. 2021, doi: 10.1515/COMP-2020-0214/ASSET/GRAPHIC/J_COMP-2020-0214_FIG_009.JPG.

A. Ometov, O. L. Molua, M. Komarov, and J. Nurmi, “A Survey of Security in Cloud, Edge, and Fog Computing,” Sensors 2022, Vol. 22, Page 927, vol. 22, no. 3, p. 927, Jan. 2022, doi: 10.3390/S22030927.

M. S. Elsayed, N. A. Le-Khac, S. Dev, and A. D. Jurcut, “DDoSNet: A Deep-Learning Model for Detecting Network Attacks,” Proc. - 21st IEEE Int. Symp. a World Wireless, Mob. Multimed. Networks, WoWMoM 2020, pp. 391–396, Aug. 2020, doi: 10.1109/WOWMOM49955.2020.00072.

W. Shi, S. Zhou, Z. Niu, M. Jiang, and L. Geng, “Joint Device Scheduling and Resource Allocation for Latency Constrained Wireless Federated Learning,” IEEE Trans. Wirel. Commun., vol. 20, no. 1, pp. 453–467, Jan. 2021, doi: 10.1109/TWC.2020.3025446.

N. K. Velayudhan, P. Pradeep, S. N. Rao, A. R. Devidas, and M. V. Ramesh, “IoT-Enabled Water Distribution Systems - A Comparative Technological Review,” IEEE Access, vol. 10, pp. 101042–101070, 2022, doi: 10.1109/ACCESS.2022.3208142.

V. Prakash, A. Williams, L. Garg, C. Savaglio, and S. Bawa, “Cloud and Edge Computing-Based Computer Forensics: Challenges and Open Problems,” Electron. 2021, Vol. 10, Page 1229, vol. 10, no. 11, p. 1229, May 2021, doi: 10.3390/ELECTRONICS10111229.

E. Blancaflor, B. Y. P. Saunar, T. Darrel C. Bilbao, I. H. B. Villarias, and I. Paula V. Mapue, “The Use of Cloud Computing and its Security Risks in a Philippine Education System: A Literature Review,” 2023 11th Int. Conf. Inf. Educ. Technol. ICIET 2023, pp. 66–70, 2023, doi: 10.1109/ICIET56899.2023.10111146.

D. R. Panda, S. K. Behera, and D. Jena, “A Survey on Cloud Computing Security Issues, Attacks and Countermeasures,” pp. 513–524, 2021, doi: 10.1007/978-981-15-5243-4_47.

T. Luo and Y. Shi, “Efficiently Obfuscating Proxy Signature for Protecting Signing Keys on Untrusted Cloud Servers,” 2022 IEEE 25th Int. Conf. Comput. Support. Coop. Work Des. CSCWD 2022, pp. 705–710, 2022, doi: 10.1109/CSCWD54268.2022.9776312.

M. Rady, T. Abdelkader, and R. Ismail, “Integrity and Confidentiality in Cloud Outsourced Data,” Ain Shams Eng. J., vol. 10, no. 2, pp. 275–285, Jun. 2019, doi: 10.1016/J.ASEJ.2019.03.002.

A. Pieroni, N. Scarpato, and L. Felli, “Blockchain and IoT Convergence—A Systematic Survey on Technologies, Protocols and Security,” Appl. Sci. 2020, Vol. 10, Page 6749, vol. 10, no. 19, p. 6749, Sep. 2020, doi: 10.3390/APP10196749.

H. K. Bella and S. Vasundra, “A study of Security Threats and Attacks in Cloud Computing,” pp. 658–666, Feb. 2022, doi: 10.1109/ICSSIT53264.2022.9716317.

M. Aslam et al., “Adaptive Machine Learning Based Distributed Denial-of-Services Attacks Detection and Mitigation System for SDN-Enabled IoT,” Sensors 2022, Vol. 22, Page 2697, vol. 22, no. 7, p. 2697, Mar. 2022, doi: 10.3390/S22072697.

L. F. Eliyan and R. Di Pietro, “DoS and DDoS attacks in Software Defined Networks: A survey of existing solutions and research challenges,” Futur. Gener. Comput. Syst., vol. 122, pp. 149–171, Sep. 2021, doi: 10.1016/J.FUTURE.2021.03.011.

A. Rahman et al., “SmartBlock-SDN: An Optimized Blockchain-SDN Framework for Resource Management in IoT,” IEEE Access, vol. 9, pp. 28361–28376, 2021, doi: 10.1109/ACCESS.2021.3058244.

T. Zhang, C. Xu, B. Zhang, J. Shen, X. Kuang, and L. A. Grieco, “Toward Attack-Resistant Route Mutation for VANETs: An Online and Adaptive Multiagent Reinforcement Learning Approach,” IEEE Trans. Intell. Transp. Syst., vol. 23, no. 12, pp. 23254–23267, Dec. 2022, doi: 10.1109/TITS.2022.3198507.

I. Alam et al., “A Survey of Network Virtualization Techniques for Internet of Things Using SDN and NFV,” ACM Comput. Surv., vol. 53, no. 2, Apr. 2020, doi: 10.1145/3379444.

Y. Cao, Y. Zhao, Q. Wang, J. Zhang, S. X. Ng, and L. Hanzo, “The Evolution of Quantum Key Distribution Networks: On the Road to the Qinternet,” IEEE Commun. Surv. Tutorials, vol. 24, no. 2, pp. 839–894, 2022, doi: 10.1109/COMST.2022.3144219.

D. Pliatsios, P. Sarigiannidis, T. Lagkas, and A. G. Sarigiannidis, “A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics,” IEEE Commun. Surv. Tutorials, vol. 22, no. 3, pp. 1942–1976, Jul. 2020, doi: 10.1109/COMST.2020.2987688.

T. Jafarian, M. Masdari, A. Ghaffari, and K. Majidzadeh, “A survey and classification of the security anomaly detection mechanisms in software defined networks,” Cluster Comput., vol. 24, no. 2, pp. 1235–1253, Jun. 2021, doi: 10.1007/S10586-020-03184-1/METRICS.

D. Yu, Y. Jin, Y. Zhang, and X. Zheng, “A survey on security issues in services communication of Microservices-enabled fog applications,” Concurr. Comput. Pract. Exp., vol. 31, no. 22, p. e4436, Nov. 2019, doi: 10.1002/CPE.4436.

D. Venkata, S. Kaja, Y. Fatima, and A. B. Mailewa, “Data Integrity Attacks in Cloud Computing: A Review of Identifying and Protecting Techniques,” Int. J. Res. Publ. Rev. J. homepage www.ijrpr.com, vol. 3, no. 2, pp. 713–720, 2022, doi: 10.55248/gengpi.2022.3.2.8.

S. Mahdavi Hezavehi and R. Rahmani, “An anomaly-based framework for mitigating effects of DDoS attacks using a third party auditor in cloud computing environments,” Cluster Comput., vol. 23, no. 4, pp. 2609–2627, Dec. 2020, doi: 10.1007/S10586-019-03031-Y/METRICS.

N. Saxena, E. Hayes, E. Bertino, P. Ojo, K. K. R. Choo, and P. Burnap, “Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses,” Electron. 2020, Vol. 9, Page 1460, vol. 9, no. 9, p. 1460, Sep. 2020, doi: 10.3390/ELECTRONICS9091460.

S. H. Gill et al., “Security and Privacy Aspects of Cloud Computing: A Smart Campus Case Study,” Intell. Autom. Soft Comput., vol. 31, no. 1, pp. 117–128, Sep. 2021, doi: 10.32604/IASC.2022.016597.

P. Goyal, H. Makwana, and N. Karankar, “MD5 and ECC Encryption based framework for Cloud Computing Services,” Proc. 3rd Int. Conf. Inven. Syst. Control. ICISC 2019, pp. 195–200, Jan. 2019, doi: 10.1109/ICISC44355.2019.9036447.