Information
- Author Services
Initiatives
You are accessing a machine-readable page. In order to be human-readable, please install an RSS reader.
All articles published by MDPI are made immediately available worldwide under an open access license. No special permission is required to reuse all or part of the article published by MDPI, including figures and tables. For articles published under an open access Creative Common CC BY license, any part of the article may be reused without permission provided that the original article is clearly cited. For more information, please refer to https://www.mdpi.com/openaccess .
Feature papers represent the most advanced research with significant potential for high impact in the field. A Feature Paper should be a substantial original Article that involves several techniques or approaches, provides an outlook for future research directions and describes possible research applications.
Feature papers are submitted upon individual invitation or recommendation by the scientific editors and must receive positive feedback from the reviewers.
Editor’s Choice articles are based on recommendations by the scientific editors of MDPI journals from around the world. Editors select a small number of articles recently published in the journal that they believe will be particularly interesting to readers, or important in the respective research area. The aim is to provide a snapshot of some of the most exciting work published in the various research areas of the journal.
Original Submission Date Received: .
- Active Journals
- Find a Journal
- Journal Proposal
- Proceedings Series
- For Authors
- For Reviewers
- For Editors
- For Librarians
- For Publishers
- For Societies
- For Conference Organizers
- Open Access Policy
- Institutional Open Access Program
- Special Issues Guidelines
- Editorial Process
- Research and Publication Ethics
- Article Processing Charges
- Testimonials
- Preprints.org
- SciProfiles
- Encyclopedia
Article Menu
- Subscribe SciFeed
- Recommended Articles
- Google Scholar
- on Google Scholar
- Table of Contents
Find support for a specific problem in the support section of our website.
Please let us know what you think of our products and services.
Visit our dedicated information section to learn more about MDPI.
JSmol Viewer
Security and privacy in cloud computing: technical review.
1. Introduction
- Understanding of the cloud computing concept in relation to user privacy and security.
- Classification of cloud components, threats, and security implementations based on the STRIDE model.
- Providing security and privacy classifications based on attack mitigation and adaptiveness.
- Providing different approaches to what and how existing works in the literature have provided solutions to cloud computing security and privacy.
2. Background
2.1. cloud computing service delivery models.
- Cloud Infrastructure as a Service (IaaS): IaaS provides aggregated resources managed physically. Service delivery is in the form of storage or computational capability. The IaaS platform offers storage, provision processing and networks for consumers to run and deploy arbitrary software for applications and operating systems. The platform user might not have absolute control over the underlying infrastructure but control the deployed applications, operating system, and network components. The IaaS layer represents the pillar for which most cloud computing architectures have been built [ 41 ]. As a result of high advancement in technology, computational power, storage devices and high-end communication, the IaaS layer has become the most efficient platform on which the PaaS and SaaS rely.
- Cloud Platform as a Service (PaaS): PaaS provides platforms and programming environments for cloud infrastructure services. Examples of PaaS includes Google App Engine, Dipper, Yahoo and Salesforce. PaaS also refers to the application developed by a programming language and hosted by a CSP in the cloud [ 41 ]. PaaS is the service abstraction of the cloud that deals with the creation and modification of applications that already exist. The advantage of PaaS is provisioning platform environments with full operational and developmental features for application deployment. Furthermore, PaaS provides a trusted environment for users’ secure storage and processing of confidential information, leveraged by the cryptographic co-processors [ 42 ] that protect against unauthorised access. The central design and goal of the PaaS are maximising user control when managing features related to the privacy of sensitive information, accomplished through user data privacy methods and self-installed configurable software.
- Cloud Software as a Service (SaaS): SaaS provides confinement for client flexibility by providing software applications and APIs for developers such as GoogleMaps and Bloomberg. SaaS consumers are obliged to pay for software on a subscription basis, with no need for prior installations. Accessing SaaS software is primarily through the internet via a web browser. SaaS provides live applications running in the cloud, accessed through users’ devices connected to the internet. Unlike the IaaS, SaaS user does not have control over storage, operating systems, network components, or the underlying infrastructure [ 41 ]. Its primary advantage is its multi-tenancy nature because it can share access control to the software.
2.2. Cloud Computing Deployment Models
- Private cloud: Deployment environment is owned by private sectors solely for the secure storage of company’s data [ 41 ]. Private clouds are managed mainly by third-party providers but exist on-premise. Access is granted only by company staff to control authorisation management for security purposes. For example, an organisation that wants to make its customer’s data available can create a private data centre. Providing more access control over sensitive information and enhanced data security mechanisms to ensure privacy in a private cloud setting. The major drawback of these settings is their purchase cost for equipment and utility bills.
- Community cloud: A cloud environment collectively owned by a set of organisations with the same motive. The community cloud is similar to a private cloud, but the computational resources and underlying infrastructure are exclusively controlled by two organisations with common privacy and security motives. It is also more expensive than the public cloud, and data access is not regulated correctly due to untrusted parties that might arise. The advantage of the community cloud is the involvement of fair third-party access for security auditing.
- Public cloud: The public cloud is mainly owned by large organisations offering cloud services, such as Google Apps, Amazon AWS and Microsoft Office 365. Resources in public clouds are primarily provided as a service at a pass-as-you-go fee. The benefits are mainly on-demand purchases: the more the usage, the more the payment. Public cloud users are mostly home users in their houses accessing the providers’ network via the internet. The security issues of the public cloud are its lack of data security and privacy as a result of its public nature. There is no control over the transmission of information or the access to sensitive data [ 41 ]. Despite its colossal security limitation, small organisations have benefited from its services due to their limited sensitive information with minimal privacy risks.
- Hybrid cloud: A hybrid cloud service can be offered by a private cloud owner forming a partnership with a public owner, making it more complex because of the involvement of two or more cloud providers. This approach allows the cost-effectiveness and scalability of public cloud environments without exposing data to third-party and mission-critical software applications. The hybrid system offers private cloud features, enabling rapid scalability features of the public cloud. Overall, it provides a drastic improvement to organisational agility and offers greater flexibility to business when compared to other approaches. The security limitations of the hybrid cloud are the limitations of the public cloud, such as public exposure of sensitive information, which poses a significant security risk. An approach to solving this issue is the idea of identity and access management to cloud facilities.
3. Cloud Computing Security
- Immoral use and abuse of cloud computing: Cloud computing infrastructure offers various utilities for users, including storage and bandwidth capacities. However, the cloud infrastructure lacks full control over the use of these resources, granting malicious users and attackers the zeal to exploit these weaknesses. Malicious users abuse cloud resources by targeting attack points and launching DDoS, Captcha solving farms and password cracking attacks. These threats mostly affect the PaaS and IaaS layers due to their high user interaction level.
- Malicious insider attackers: Attacks generated from malicious insiders have been one of the most neglected attacks, but it has been the most devastating form of attack affecting all layers of the cloud infrastructure. A malicious insider with high-level access can gain root privilege to network components, tampering with sensitive and confidential data. This attack poses many security threats because Intrusion Detection Systems [ 47 ] and firewalls bypass such anomalous behaviours, assuming it as a legal activity, thereby posing no risk of detection.
- Vulnerable programming interfaces: Part of the cloud services for user interaction in all layers is publishing APIs for easy deployment or the development of software applications. These interfaces provide an extra layer to the cloud framework to increase complexity. Unfortunately, these interfaces bring vulnerabilities in the APIs for malicious users to exploit through backdoor access. These types of vulnerabilities can affect the underlying operations of the cloud architecture.
- Data leakage and loss: One of the significant concerns of cloud computing is data leakage due to the constant migration and transmission of information over untrusted channels [ 10 ]. Loss of data can lead to data theft, which has become the biggest threat to the IT world, costing clients and industries a massive amount of money in losses. Causes of data loss result from weak authentication and encryption schemes, defective data centres, and a lack of disaster control.
- Distributed technology vulnerabilities: The multi-tenant architecture offers virtualisation for shared on-demand services, meaning that one application can be shared among several users, as long as they have access. However, vulnerabilities in the hypervisor allow malicious intruders to gain control over legitimate virtual machines. These vulnerabilities can also affect the underlying operations of the cloud architecture, thereby altering its regular operation.
- Services and account hijacking: This is the ability of a malicious intruder to redirect a web service to an illegitimate website. Malicious intruders then have access to the legitimate site and reused credentials and perform phishing attacks and identity theft.
- Anonymous profile threat: cloud services possess the ability to provide less involvement and maintenance for hardware and software. However, this poses threats to security compliance, hardening, auditing, patching, logging processes and lack of awareness of internal security measures. An anonymous profile threat can expose an organisation to the significant risk of confidential information disclosure.
3.1. User-Centric Cloud Accountability
3.2. digital identity management, 3.3. data integrity, 3.4. cloud intrusion and detection.
- Decision Tree Algorithm: This technique is implemented through the concept of game theory. The DT algorithm is implemented in Intrusion Detection Systems by choosing splitting attributes with the highest information gain using Equation ( 1 ), because the probability of occurrence of an attribute is based on the amount of information that can be associated with the attribute. Let the D and H ( D ) be the data in a given dataset, and C be the associated class, then G a i n ( D , S ) = H ( D ) − ∑ i = 1 S p ( D i ) H ( D i ) (1) Quantifying the information gain of an attribute is achieved through the concept of entropy by measuring the level of randomness in a dataset, as shown in Equation ( 2 ). If the data belongs to a single dataset with no uncertainty, then the entropy is zero, as established in Equation ( 2 ). E n t r o p y : H ( p 1 , p 2 , ⋯ , p s ) = ∑ i = 1 S ( p i [ l o g ( 1 / p i ) ] ) (2) One main advantage of the DT classifier is that it constantly partitions the given dataset into subsets for all elements, where final subsets belong to the same class.
- K-Nearest Neighbour (KNN): The KNN algorithm is based on distance measures between classes. It seeks to find k attributes in the training data, which seem to be closest to the test example [ 68 ]. After which, it assigns the most frequent label among these examples to the new model. Whenever any classification is made, it first calculates its distance to each attribute contained in the dataset and only k closest ones are considered.
- Bayes Rule (BR): BR calculates the probability of a hypothesis based on prior probability, as depicted in Equation ( 3 ). Given an observed dataset D and any form of initial knowledge, the best possible hypothesis will be the most probable one. Given that h = h y p o t h e s i s , P ( h | D ) = p o s t e r i o r p r o b a b i l i t y , p ( h ) = p r i o r p r o b a b i l i t y . In some cases where we are most interested in calculating the most probable hypothesis ( h ϵ H ), this is defined as the Maximum Posterior Hypothesis (MPH), defined in Equation ( 4 ). From Equation ( 4 ), if we assume that the probability of the data P ( D ) is constant because of its dependency on the hypothesis h , then P ( D | h ) is called the Maximum Likelihood (ML) hypothesis, shown in Equation ( 5 ). B R : P ( h | D ) = P ( D | h ) P ( h ) P ( D ) (3) h m p s ≡ a r g m a x h ϵ H P ( h | D ) (4) = a r g m a x h ϵ H P ( h | D ) P ( h ) P ( D ) = a r g m a x h ϵ H P ( D | h ) P ( h ) h m l ≡ a r g m a x h ϵ H P ( D | h ) (5)
- Naive Bayesian (NB): NB is a probabilistic approach very similar to the Bayesian Rule. It computes the probability of each class and then determines which attributes to classify and learn to predict the new class. Given a vector V represented by n different variables V = V 1 , V 2 , V 3 … V n assigned to probability instances P = C k | V 1 , V 2 , V 3 … V n for every k possible results or classes C k , the conditional probability can be formulated, as shown in Equation ( 6 ). P ( C k | V ) = P ( V | C k ) P ( C k ) P ( V ) (6) where P ( C k | V ) = Posterior Probability, P ( V | C k ) = P r i o r P r o b a b i l i t y , P ( C k ) = Likelihood and P ( V ) = Evidence. The joint computation can then be written as follows P ( C k ) = ∏ i = 1 n P ( v i | C k ) (7)
- Support Vector Machines (SVM): SVM is a numerical learning model centred on a data-mining approach. It was initially introduced for only data classification, but with the advance of complex situations, it has now been fully implemented for clustering tasks and regression analysis. There are different notions about the performance level of SVM compared to neural networks. Still, many authors from the literature agree that SVM performs better than the multi-layer perceptron as a result of its reversed neural network design [ 69 ]. The SVM can also be used in spam filtering pattern recognition and anomaly network detection [ 70 ]. Training data usually achieve the near precise SVM classification to classify unidentified samples given training model data. SVM has the advantage of finding an optimum global result by performing linear separation in a hyperplane to two separate classes. After this separation, the closest data to the hyperplane are classified as the correct class. Considering a training dataset D l = x i , y i i = l l , x i = i t h input vector for x i ϵ R n , y i ϵ + 1 , − 1 , where l = total number of input vectors, and n = dimension of the input vector space. Assuming the relationship between x and y be y = S g n f x + ϵ , where S g n x = i if x ≥ 0 and S g n x = i if x < 0 . Then, the task to uncover f is called the Classification Function . SVM evaluates Equation ( 8 ) to create a trade-off between complexity and empirical error of the hypothesis space, where C = the regularisation parameter that will control the identified trade-offs of the used hypothesis space. min f f k 2 + C ∑ i = 1 l 1 − y i f X i (8)
4. Privacy Preserving in Cloud Computing
- S will not be able to learn any rules in R.
- S will be convinced that E ∩ R = φ holds.
- S ′ will only learn the class value of a and what is implied by the class value.
- Privacy-Preserving Additive Splitting Technique: If a value x is assumed as input, then x is said to be additively split between different parties A and B , if A has a random x A and B has a random x B , such that x A + x B = x , where the addition is modular. If y is split in a similar manner ( = y A + y B ) then A and B can compute the sum of x and y by adding their respective shares of x and y , that is, if z = x + y , then A computes z A = x A + y A and B computes z B = x B + y B . Computing z = x * y in split form is considerably complicated if x and y are additively split.
- Privacy-Preserving Encoding Based Splitting Technique: This is the process where only A generates an encoding known to only A , and another party B computes the encoded element but has no meaning to B . In other words, B does not know what the encoding of A means. As an example, let i represent an intermediary Boolean variable. If A generates a random value r i [ 0 ] as the encoding for i , and another randomly generated value r i [ 1 ] for encoding the value 1. As the computation proceeds, B is able to see the encodings r i [ 0 ] or r i [ 1 ] but cannot deduce their meaning.
- Homomorphic Encryption: Using homomorphic encryption, a cryptosystem E is said to be homomorphic in message space M and ciphertext C such that ∀ m 1 , m 2 ϵ M : E ( m 1 ⊙ M m 2 ) = E ( m 1 ) ⊙ c E ( m 2 ) . Where ⊙ M and ⊙ c are the binary operators in p l a i n t e x t : M and C i p h e r t e x t : C . If we denote an encryption function by E p k and a decryption function by D s k , then it is possible to compute E p k ( x + y ) of two inputs x and y that are encrypted as E p k ( x ) and E p k ( y ) by computing E p k ( x ) * E p k ( y ) . Furthermore, with E p k ( x ) , it is possible to compute E p k ( c * x ) for any constant c by computing E p k ( x ) c .
4.1. Data Privacy
4.2. access control.
- Information-Centric Security: Data objects should contain access-control policies. This can be implemented through outsourcing data architectures that integrate cryptographic techniques with access control [ 84 ].
- Trusted Computing: Trusted cloud computing system that provides consistency in accordance with software or hardware specification [ 82 ].
- Cryptographic Protocols: Cryptographic tools and techniques can be employed to achieve privacy, such as Fully Homomorphic Encryption (FHE) [ 85 ] and Attribute-Based Encryption [ 86 ].
4.3. Privacy Preservation through Access Patterns and Design
- Anonymity can be defined as a quality that does not permit the user to be identified in any form, either directly or indirectly. A problem that can arise when a user is anonymous is the issue of Accountability and a large anonymity set. The benefits include location tracking freedom, users freedom of expression and low user involvement. This property can be implemented using Tor [ 92 ], Onion routing [ 93 ] and DC-nets [ 94 ]
- Pseudonymity can be defined as the utilisation of an alias instead of personally identifiable information. A problem that can arise is the issue of Integrity [ 95 ]. The benefits include supporting user access to services without disclosing real identities. Users still maintain integrity protocol. This property can be implemented using administrative tools such as biometrics, identity management and smart cards.
- Unlinkability can be defined as using a service or resource with the inability of third-party linkage between the user and the service. Issue: Integrity and Accountability . Benefits: privacy-preserving by not allowing malicious monitoring of user experience. Implementation: Onion routing, Tor and DC-nets.
- Undetectability inability of third-party tracking amongst a set of possible users. Issues: undetectability strength is highly dependent on the size of the undetectability set. Benefits: preserve users’ privacy without allowing detectability of service by malicious intruders. Secondly, attackers cannot adequately detect the existence of an exact Item of Interest (IOI), e.g., the use of steganography and watermarking. Implementation: smartcards and permission management, encryption methods such as mail and transaction encryption.
- Unobservability inability to perceive the existence of a user amongst a set of potential users. Issue: dependent on the integrity level and anonymity set. Benefits: anonymity and undetectability enforcement per resources. Secondly, ensuring user experience without the connection and observability of a third-party. Implementation: smartcards and permission management. Anonymizer services such as Tor, Hordes and GAP.
5. Final Remarks
5.1. discussion, 5.2. conclusion, author contributions, acknowledgments, conflicts of interest.
- Tari, Z. Security and Privacy in Cloud Computing. IEEE Cloud Comput. 2014 , 1 , 54–57. [ Google Scholar ]
- Bentajer, A.; Hedabou, M.; Abouelmehdi, K.; Elfezazi, S. CS-IBE: A data confidentiality system in public cloud storage system. Procedia Comput. Sci. 2018 , 141 , 559–564. [ Google Scholar ]
- Fernandez-Gago, C.; Pearson, S.; D’errico, M.; Alnemr, R.; Pulls, T.; de Oliveira, A.S. A4Cloud Workshop: Accountability in the Cloud. In Proceedings of the IFIP International Summer School on Privacy and Identity Management, Edinburgh, UK, 16–21 August 2015; pp. 61–78. [ Google Scholar ]
- Azougaghe, A.; Oualhaj, O.A.; Hedabou, M.; Belkasmi, M.; Kobbane, A. Many-to-one matching game towards secure virtual machines migration in cloud computing. In Proceedings of the 2016 International Conference on Advanced Communication Systems and Information Security (ACOSIS), Marrakesh, Morocco, 17–19 October 2016; pp. 1–7. [ Google Scholar ]
- Mollah, M.B.; Azad, M.A.K.; Vasilakos, A. Security and privacy challenges in mobile cloud computing: Survey and way ahead. J. Netw. Comput. Appl. 2017 , 84 , 38–54. [ Google Scholar ]
- Warren, S.D.; Brandeis, L.D. The Right to Privacy Harward Law Review. In Ethical Issues in the Use of Computers ; Wadsworth Publishing Co.: Belmont, CA, USA, 1890; Volume 4, pp. 193–220. [ Google Scholar ]
- Deng, M. Privacy Preserving Content Protection (Privacy Behoud Content Protection) ; Faculty of Engineering—Katholieke Universiteit Leuven: Leuven, Belgium, 2010. [ Google Scholar ]
- Priem, B.; Kosta, E.; Kuczerawy, A.; Dumortier, J.; Leenes, R. User-centric privacy-enhancing identity management. In Digital Privacy ; Springer: New York, NY, USA, 2011; pp. 91–106. [ Google Scholar ]
- Kumar, P.; Sehgal, V.K.; Chauhan, D.S.; Gupta, P.; Diwakar, M. Effective ways of secure, private and trusted cloud computing. arXiv 2011 , arXiv:1111.3165. [ Google Scholar ]
- Abdulsalam, Y.S.; Hedabou, M. Decentralized Data Integrity Scheme for Preserving Privacy in Cloud Computing. In Proceedings of the 2021 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC), Chengdu, China, 18–20 June 2021; pp. 607–612. [ Google Scholar ]
- Sun, X.; Liu, P.; Singhal, A. Toward Cyberresiliency in the Context of Cloud Computing [Resilient Security]. IEEE Secur. Priv. 2018 , 16 , 71–75. [ Google Scholar ]
- Chen, D.; Zhao, H. Data security and privacy protection issues in cloud computing. In Proceedings of the 2012 International Conference on Computer Science and Electronics Engineering, Hangzhou, China, 23–25 March 2012; Volume 1, pp. 647–651. [ Google Scholar ]
- Kohnfelder, L.; Garg, P. The Threats to Our Products ; Microsoft Interface Microsoft Corp.: Albuquerque, NM, USA, 1999; Volume 33. [ Google Scholar ]
- Khan, R.; McLaughlin, K.; Laverty, D.; Sezer, S. STRIDE-based threat modeling for cyber-physical systems. In Proceedings of the 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), Turin, Italy, 26–29 September 2017; pp. 1–6. [ Google Scholar ]
- James, J.I.; Shosha, A.F.; Gladyhsev, P. Determining Training Needs for Cloud Infrastructure Investigations Using I-STRIDE. In Proceedings of the International Conference on Digital Forensics and Cyber Crime, Moscow, Russia, 26–27 September 2013; pp. 223–236. [ Google Scholar ]
- Tabrizchi, H.; Rafsanjani, M.K. A survey on security challenges in cloud computing: Issues, threats, and solutions. J. Supercomput. 2020 , 76 , 9493–9532. [ Google Scholar ]
- Modi, C.; Patel, D.; Borisaniya, B.; Patel, A.; Rajarajan, M. A survey on security issues and solutions at different layers of Cloud computing. J. Supercomput. 2013 , 63 , 561–592. [ Google Scholar ]
- Sgandurra, D.; Lupu, E. Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. 2016 , 48 , 1–38. [ Google Scholar ]
- Subramanian, N.; Jeyaraj, A. Recent security challenges in cloud computing. Comput. Electr. Eng. 2018 , 71 , 28–42. [ Google Scholar ]
- Subashini, S.; Kavitha, V. A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 2011 , 34 , 1–11. [ Google Scholar ]
- Zhan, Z.H.; Liu, X.F.; Gong, Y.J.; Zhang, J.; Chung, H.S.H.; Li, Y. Cloud computing resource scheduling and a survey of its evolutionary approaches. ACM Comput. Surv. 2015 , 47 , 1–33. [ Google Scholar ]
- Basu, S.; Bardhan, A.; Gupta, K.; Saha, P.; Pal, M.; Bose, M.; Basu, K.; Chaudhury, S.; Sarkar, P. Cloud computing security challenges & solutions-A survey. In Proceedings of the 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 8–10 January 2018; pp. 347–356. [ Google Scholar ]
- Li, R.; Xiao, Y.; Zhang, C.; Song, T.; Hu, C. Cryptographic algorithms for privacy-preserving online applications. Math. Found. Comput. 2018 , 1 , 311. [ Google Scholar ]
- Kim, W. Cloud computing: Today and tomorrow. J. Object Technol. 2009 , 8 , 65–72. [ Google Scholar ]
- Hedabou, M. Cryptography for Addressing Cloud Computing Security, Privacy, and Trust Issues. In Computer and Cyber Security ; Auerbach Publications: Boca Raton, FL, USA, 2018; pp. 281–304. [ Google Scholar ]
- Chandramouli, R.; Iorga, M.; Chokhani, S. Cryptographic key management issues and challenges in cloud services. In Secure Cloud Computing ; Springer: New York, NY, USA, 2014; pp. 1–30. [ Google Scholar ]
- Yang, K.; Jia, X. Data storage auditing service in cloud computing: Challenges, methods and opportunities. World Wide Web 2012 , 15 , 409–428. [ Google Scholar ]
- Arunarani, A.; Manjula, D.; Sugumaran, V. Task scheduling techniques in cloud computing: A literature survey. Future Gener. Comput. Syst. 2019 , 91 , 407–415. [ Google Scholar ]
- Xiao, Z.; Xiao, Y. Security and privacy in cloud computing. IEEE Commun. Surv. Tutor. 2012 , 15 , 843–859. [ Google Scholar ]
- Liu, D. Securing outsourced databases in the cloud. In Security, Privacy and Trust in Cloud Systems ; Springer: New York, NY, USA, 2014; pp. 259–282. [ Google Scholar ]
- Sookhak, M.; Talebian, H.; Ahmed, E.; Gani, A.; Khan, M.K. A review on remote data auditing in single cloud server: Taxonomy and open issues. J. Netw. Comput. Appl. 2014 , 43 , 121–141. [ Google Scholar ]
- Pearson, S.; Benameur, A. Privacy, security and trust issues arising from cloud computing. In Proceedings of the 2010 IEEE Second International Conference on Cloud Computing Technology and Science, Indianapolis, IN, USA, 30 November–3 December 2010; pp. 693–702. [ Google Scholar ]
- Wu, H.; Zhao, B. Overview of current techniques in remote data auditing. Appl. Math. Nonlinear Sci. 2016 , 1 , 140–153. [ Google Scholar ]
- Sookhak, M.; Gani, A.; Talebian, H.; Akhunzada, A.; Khan, S.U.; Buyya, R.; Zomaya, A.Y. Remote data auditing in cloud computing environments: A survey, taxonomy, and open issues. ACM Comput. Surv. 2015 , 47 , 1–34. [ Google Scholar ]
- Varghese, B.; Buyya, R. Next generation cloud computing: New trends and research directions. Future Gener. Comput. Syst. 2018 , 79 , 849–861. [ Google Scholar ]
- Cook, A.; Robinson, M.; Ferrag, M.A.; Maglaras, L.A.; He, Y.; Jones, K.; Janicke, H. Internet of cloud: Security and privacy issues. In Cloud Computing for Optimization: Foundations, Applications, and Challenges ; Springer: New York, NY, USA, 2018; pp. 271–301. [ Google Scholar ]
- Tan, Z.; Nagar, U.T.; He, X.; Nanda, P.; Liu, R.P.; Wang, S.; Hu, J. Enhancing big data security with collaborative intrusion detection. IEEE Cloud Comput. 2014 , 1 , 27–33. [ Google Scholar ] [ CrossRef ] [ Green Version ]
- Wang, C.; Ren, K.; Yu, S.; Urs, K.M.R. Achieving usable and privacy-assured similarity search over outsourced cloud data. In Proceedings of the 2012 Proceedings IEEE INFOCOM, Orlando, FL, USA, 25–30 March 2012; pp. 451–459. [ Google Scholar ]
- Zhou, M.; Zhang, R.; Xie, W.; Qian, W.; Zhou, A. Security and privacy in cloud computing: A survey. In Proceedings of the 2010 Sixth International Conference on Semantics, Knowledge and Grids, Beijing, China, 1–3 November 2010; pp. 105–112. [ Google Scholar ]
- Zou, J. Accountability in Cloud Services. Ph.D. Thesis, Macquarie University, Sydney, Australia, 2016. [ Google Scholar ]
- Goyal, S. Public vs private vs hybrid vs community-cloud computing: A critical review. Int. J. Comput. Netw. Inf. Secur. 2014 , 6 , 20. [ Google Scholar ] [ CrossRef ] [ Green Version ]
- Hedabou, M.; Abdulsalam, Y.S. Efficient and Secure Implementation of BLS Multisignature Scheme on TPM. In Proceedings of the 2020 IEEE International Conference on Intelligence and Security Informatics (ISI), Arlington, VA, USA, 9–10 November 2020; pp. 1–6. [ Google Scholar ]
- Kamara, S.; Moataz, T. Boolean searchable symmetric encryption with worst-case sub-linear complexity. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, 30 April–4 May 2017; pp. 94–124. [ Google Scholar ]
- Li, P.; Li, J.; Huang, Z.; Li, T.; Gao, C.Z.; Yiu, S.M.; Chen, K. Multi-key privacy-preserving deep learning in cloud computing. Future Gener. Comput. Syst. 2017 , 74 , 76–85. [ Google Scholar ] [ CrossRef ]
- Pearson, S. Taking account of privacy when designing cloud computing services. In Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, Vancouver, BC, Canada, 23 May 2009; pp. 44–52. [ Google Scholar ]
- Ko, R.K.; Jagadpramana, P.; Mowbray, M.; Pearson, S.; Kirchberg, M.; Liang, Q.; Lee, B.S. TrustCloud: A framework for accountability and trust in cloud computing. In Proceedings of the 2011 IEEE World Congress on Services, Washington, DC, USA, 4–9 July 2011; pp. 584–588. [ Google Scholar ]
- Patel, A.; Taghavi, M.; Bakhtiyari, K.; JúNior, J.C. An intrusion detection and prevention system in cloud computing: A systematic review. J. Netw. Comput. Appl. 2013 , 36 , 25–41. [ Google Scholar ] [ CrossRef ]
- Li, X.Y.; Zhou, L.T.; Shi, Y.; Guo, Y. A trusted computing environment model in cloud architecture. In Proceedings of the 2010 International Conference on Machine Learning and Cybernetics, Qingdao, China, 11–14 July 2010; Volume 6, pp. 2843–2848. [ Google Scholar ]
- Bertino, E.; Paci, F.; Ferrini, R.; Shang, N. Privacy-preserving digital identity management for cloud computing. IEEE Data Eng. Bull. 2009 , 32 , 21–27. [ Google Scholar ]
- Paci, F.; Shang, N.; Steuer Jr, K.; Fernando, R.; Bertino, E. VeryIDX-A privacy preserving digital identity management system for mobile devices. In Proceedings of the 2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware, Taipei, Taiwan, 18–20 May 2009; pp. 367–368. [ Google Scholar ]
- Wu, H.; Zheng, W.; Chiesa, A.; Popa, R.A.; Stoica, I. DIZK: A Distributed Zero Knowledge Proof System. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD USA, 12–17 August 2018; pp. 675–692. [ Google Scholar ]
- Hedabou, M. A frobenius map approach for an efficient and secure multiplication on Koblitz curves. Int. J. Netw. Secur. 2006 , 3 , 239–243. [ Google Scholar ]
- Wang, C.; Wang, Q.; Ren, K.; Lou, W. Privacy-preserving public auditing for data storage security in cloud computing. In Proceedings of the 2010 Proceedings IEEE Infocom, San Diego, CA, USA, 14–19 March 2010; pp. 1–9. [ Google Scholar ]
- Fiore, D.; Mitrokotsa, A.; Nizzardo, L.; Pagnin, E. Multi-key homomorphic authenticators. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, 4–8 December 2016; pp. 499–530. [ Google Scholar ]
- Garg, N.; Bawa, S. RITS-MHT: Relative indexed and time stamped Merkle hash tree based data auditing protocol for cloud computing. J. Netw. Comput. Appl. 2017 , 84 , 1–13. [ Google Scholar ] [ CrossRef ]
- Ateniese, G.; Di Pietro, R.; Mancini, L.V.; Tsudik, G. Scalable and efficient provable data possession. In Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, Istanbul, Turkey, 22–25 September 2008; pp. 1–10. [ Google Scholar ]
- Erway, C.C.; Küpçü, A.; Papamanthou, C.; Tamassia, R. Dynamic provable data possession. ACM Trans. Inf. Syst. Secur. 2015 , 17 , 1–29. [ Google Scholar ] [ CrossRef ] [ Green Version ]
- Curtmola, R.; Khan, O.; Burns, R.; Ateniese, G. MR-PDP: Multiple-replica provable data possession. In Proceedings of the 2008 the 28th International Conference on Distributed Computing Systems, Beijing, China, 17–20 June 2008; pp. 411–420. [ Google Scholar ]
- He, D.; Zeadally, S.; Wu, L. Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. 2015 , 12 , 64–73. [ Google Scholar ] [ CrossRef ]
- Kang, B.; Wang, J.; Shao, D. Certificateless public auditing with privacy preserving for cloud-assisted wireless body area networks. Mob. Inf. Syst. 2017 , 2017 , 2925465. [ Google Scholar ] [ CrossRef ]
- Garg, N.; Bawa, S.; Kumar, N. An efficient data integrity auditing protocol for cloud computing. Future Gener. Comput. Syst. 2020 , 109 , 306–316. [ Google Scholar ] [ CrossRef ]
- Sookhak, M.; Yu, F.R.; Zomaya, A.Y. Auditing big data storage in cloud computing using divide and conquer tables. IEEE Trans. Parallel Distrib. Syst. 2017 , 29 , 999–1012. [ Google Scholar ] [ CrossRef ]
- Zhang, Y.; Xu, C.; Lin, X.; Shen, X.S. Blockchain-based public integrity verification for cloud storage against procrastinating auditors. IEEE Trans. Cloud Comput. 2019 , 9 , 923–937. [ Google Scholar ] [ CrossRef ] [ Green Version ]
- Eyal, I.; Gencer, A.E.; Sirer, E.G.; Van Renesse, R. Bitcoin-ng: A scalable blockchain protocol. In Proceedings of the 13th USENIX symposium on networked systems design and implementation (NSDI 16), Santa Clara, CA, USA, 16–18 March 2016; pp. 45–59. [ Google Scholar ]
- McConaghy, T.; Marques, R.; Müller, A.; De Jonghe, D.; McConaghy, T.; McMullen, G.; Henderson, R.; Bellemare, S.; Granzotto, A. Bigchaindb: A Scalable Blockchain Database ; White Paper; BigChainDB, Ascribe GmbH: Berlin, Germany, 2016. [ Google Scholar ]
- Gaetani, E.; Aniello, L.; Baldoni, R.; Lombardi, F.; Margheri, A.; Sassone, V. Blockchain-based database to ensure data integrity in cloud computing environments. In Proceedings of the 2020 International Conference on Mainstreaming Block Chain Implementation (ICOMBI), Bengaluru, India, 21–22 February 2017. [ Google Scholar ]
- Sari, A. A review of anomaly detection systems in cloud networks and survey of cloud security measures in cloud storage applications. J. Inf. Secur. 2015 , 6 , 142. [ Google Scholar ] [ CrossRef ] [ Green Version ]
- Farid, D.M.; Rahman, M.Z. Anomaly Network Intrusion Detection Based on Improved Self Adaptive Bayesian Algorithm. J. Comput. 2010 , 5 , 23–31. [ Google Scholar ] [ CrossRef ]
- Feizollah, A.; Anuar, N.B.; Salleh, R.; Amalina, F.; Ma’arof, R.R.; Shamshirband, S. A study of machine learning classifiers for anomaly-based mobile botnet detection. Malays. J. Comput. Sci. 2013 , 26 , 251–265. [ Google Scholar ]
- Khorshed, M.T.; Ali, A.S.; Wasimi, S.A. A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 2012 , 28 , 833–851. [ Google Scholar ] [ CrossRef ]
- Shelke, M.P.K.; Sontakke, M.S.; Gawande, A. Intrusion detection system for cloud computing. Int. J. Sci. Technol. Res. 2012 , 1 , 67–71. [ Google Scholar ]
- Wani, A.R.; Rana, Q.; Saxena, U.; Pandey, N. Analysis and Detection of DDoS Attacks on Cloud Computing Environment using Machine Learning Techniques. In Proceedings of the 2019 Amity International Conference on Artificial Intelligence (AICAI), Dubai, United Arab Emirates, 4–6 February 2019; pp. 870–875. [ Google Scholar ]
- Bhamare, D.; Salman, T.; Samaka, M.; Erbad, A.; Jain, R. Feasibility of supervised machine learning for cloud security. In Proceedings of the 2016 International Conference on Information Science and Security (ICISS), Pattaya, Thailand, 19–22 December 2016; pp. 1–5. [ Google Scholar ]
- Rodriguez, R.A. Method of and Apparatus for Combining Artificial Intelligence (AI) Concepts with Event-Driven Security Architectures and Ideas. U.S. Patent 8,583,574, 12 November 2013. [ Google Scholar ]
- Osanaiye, O.; Cai, H.; Choo, K.K.R.; Dehghantanha, A.; Xu, Z.; Dlodlo, M. Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J. Wirel. Commun. Netw. 2016 , 2016 , 130. [ Google Scholar ] [ CrossRef ] [ Green Version ]
- Gill, S.S.; Buyya, R. SECURE: Self-protection approach in cloud resource management. IEEE Cloud Comput. 2018 , 5 , 60–72. [ Google Scholar ] [ CrossRef ]
- Weyns, D. Software engineering of self-adaptive systems: An organised tour and future challenges. In Chapter in Handbook of Software Engineering ; Linnaeus University: Kalmar, Sweden, 2017. [ Google Scholar ]
- Acquisti, A.; Gritzalis, S.; Lambrinoudakis, C.; di Vimercati, S. Digital Privacy: Theory, Technologies, and Practices ; CRC Press: Boca Raton, FL, USA, 2007. [ Google Scholar ]
- Tyagi, N.; Gilad, Y.; Leung, D.; Zaharia, M.; Zeldovich, N. Stadium: A distributed metadata-private messaging system. In Proceedings of the 26th Symposium on Operating Systems Principles. ACM, Shanghai, China, 28–31 October 2017; pp. 423–440. [ Google Scholar ]
- Goldreich, O.; Ostrovsky, R. Software protection and simulation on oblivious RAMs. J. ACM 1996 , 43 , 431–473. [ Google Scholar ] [ CrossRef ] [ Green Version ]
- Goodrich, M.T.; Mitzenmacher, M.; Ohrimenko, O.; Tamassia, R. Privacy-preserving group data access via stateless oblivious RAM simulation. In Proceedings of the Twenty-Third Annual ACM-SIAM Symposium on Discrete Algorithms, Kyoto, Japan, 17–19 January 2012; Society for Industrial and Applied Mathematics: Philadelphia, PA, USA, 2012; pp. 157–167. [ Google Scholar ]
- Stefanov, E.; Van Dijk, M.; Shi, E.; Fletcher, C.; Ren, L.; Yu, X.; Devadas, S. Path ORAM: An extremely simple oblivious RAM protocol. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 4–8 November 2013; pp. 299–310. [ Google Scholar ]
- Haider, S.K.; van Dijk, M. Flat ORAM: A Simplified Write-Only Oblivious RAM Construction for Secure Processors. Cryptography 2019 , 3 , 10. [ Google Scholar ] [ CrossRef ] [ Green Version ]
- Di Vimercati, S.D.C.; Foresti, S.; Jajodia, S.; Paraboschi, S.; Samarati, P. A data outsourcing architecture combining cryptography and access control. In Proceedings of the 2007 ACM Workshop on Computer Security Architecture, Fairfax, VR, USA, 2 November 2007; pp. 63–69. [ Google Scholar ]
- Gentry, C. Fully homomorphic encryption using ideal lattices. In Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, Bethesda, MD, USA, 31 May–2 June 2009; Volume 9, pp. 169–178. [ Google Scholar ]
- Tang, Y.; Lee, P.P.; Lui, J.C.; Perlman, R. FADE: Secure overlay cloud storage with file assured deletion. In Proceedings of the International Conference on Security and Privacy in Communication Systems, Singapore, 7–9 September 2010; pp. 380–397. [ Google Scholar ]
- Fall, D.; Blanc, G.; Okuda, T.; Kadobayashi, Y.; Yamaguchi, S. Toward quantified risk-adaptive access control for multi-tenant cloud computing. In Proceedings of the 6th Joint Workshop on Information Security, Tokyo, Japan, 8–10 November 2011; pp. 1–14. [ Google Scholar ]
- Yu, E.; Cysneiros, L. Designing for privacy and other competing requirements. In Proceedings of the 2nd Symposium on Requirements Engineering for Information Security (SREIS’02), Raleigh, NC, USA, 16–18 October 2002; pp. 15–16. [ Google Scholar ]
- Kobsa, A.; Schreck, J. Privacy through pseudonymity in user-adaptive systems. ACM Trans. Internet Technol. 2003 , 3 , 149–183. [ Google Scholar ] [ CrossRef ]
- Sgaglione, L.; Coppolino, L.; D’Antonio, S.; Mazzeo, G.; Romano, L.; Cotroneo, D.; Scognamiglio, A. Privacy Preserving Intrusion Detection Via Homomorphic Encryption. In Proceedings of the 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Napoli, Italy, 12–14 June 2019; pp. 321–326. [ Google Scholar ]
- Pfitzmann, A.; Hansen, M. A Terminology for Talking about Privacy by Data Minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management 2010. Available online: http://dud.inf.tu-dresden.de/Anon_Terminology.shtml (accessed on 20 October 2021).
- Dingledine, R.; Mathewson, N.; Syverson, P. Tor: The Second-Generation Onion Router ; Technical Report; Naval Research Lab: Washington, DC, USA, 2004. [ Google Scholar ]
- Goldschlag, D.; Reed, M.; Syverson, P. Onion Routing for Anonymous and Private Internet Connections ; Communication of the ACM; ACM: New York, NY, USA, 1999. [ Google Scholar ]
- Chaum, D. The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptol. 1988 , 1 , 65–75. [ Google Scholar ] [ CrossRef ] [ Green Version ]
- Bagai, R.; Lu, H.; Li, R.; Tang, B. An accurate system-wide anonymity metric for probabilistic attacks. In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium, Waterloo, ON, Canada, 27–29 July 2011; pp. 117–133. [ Google Scholar ]
- Diamantopoulou, V.; Kalloniatis, C.; Gritzalis, S.; Mouratidis, H. Supporting privacy by design using privacy process patterns. In Proceedings of the IFIP International Conference on ICT Systems Security and Privacy Protection, Rome, Italy, 29–31 May 2017; pp. 491–505. [ Google Scholar ]
- Ngai, E.; Ohlman, B.; Tsudik, G.; Uzun, E.; Wählisch, M.; Wood, C.A. Can we make a cake and eat it too? A discussion of ICN security and privacy. ACM SIGCOMM Comput. Commun. Rev. 2017 , 47 , 49–54. [ Google Scholar ] [ CrossRef ]
- Papanikolaou, N.; Pearson, S.; Mont, M.C. Towards natural-language understanding and automated enforcement of privacy rules and regulations in the cloud: Survey and bibliography. In Proceedings of the FTRA International Conference on Secure and Trust Computing, Data Management, and Application, Loutraki, Greece, 28–30 June 2011; pp. 166–173. [ Google Scholar ]
- Chen, T.; Bahsoon, R.; Yao, X. A survey and taxonomy of self-aware and self-adaptive cloud autoscaling systems. ACM Comput. Surv. 2018 , 51 , 61. [ Google Scholar ] [ CrossRef ] [ Green Version ]
Terminology | Definition |
---|---|
Confidentiality | To ensure the accessibility of information to only authorised users. |
Integrity | Maintaining the completeness and accuracy of every part of information. |
Availability | Information is accessible to only authorised users. |
Non-repudiation | Avoid the deniability of one’s actions. |
Privacy-preserving | Ability to mask identity and Personal Identifiable Information (PII). |
Accountability | Obligation or willingness to take responsibility for action with a defined set of rules. |
Auditability | Maintaining a system with relative ease in other to improve its efficiency. |
Authentication | Establishing the right identity of a user in a system |
Authorisation | Access to resources is restricted to only authorised personnel |
STRIDE Threat | Matching Security Parameter |
---|---|
Spoofing | Authentication |
Tampering | Integrity |
Repudiation | Non-repudiation |
Information disclosure | Confidentiality |
Denial of service | Availability |
Elevation of privilege | Authorisation |
Reference | Reviewed Layer | Security | Privacy | Technical Approach | Remark |
---|---|---|---|---|---|
[ ] | IaaS, PaaS, SaaS | ✓ | ✓ | × | Aimed at distinguishing the different aspects of cloud computing in order to better understand and present its security and privacy issues. |
[ ] | IaaS, PaaS, SaaS | ✓ | ✓ | × | Surveyed the different security factors affecting the adoption of cloud computing. Identified and provided solution perspectives to further strengthen its privacy and security. |
[ ] | IaaS | ✓ | × | ✓ | Threat in hardware and operating system virtualisation related to cloud computing. Accomplished by properly categorising trust assumptions, security and threat models. |
[ ] | IaaS, PaaS, SaaS | ✓ | × | × | Provided a comparison of other survey articles on the basis of computational, communication and service layer agreement level of cloud Cloud security challenges. |
[ ] | IaaS, PaaS, SaaS | ✓ | × | × | Provided the security issues in different service delivery layers that pose a threat to the adoption of cloud computing. |
[ ] | IaaS | ✓ | × | ✓ | Provided a state-of-the-art survey on approaches and solutions of current security trends on resource scheduling in cloud computing. |
[ ] | IaaS, PaaS, SaaS | ✓ | × | ✓ | Highlighted the necessary loop holes, security and privacy recommendations surrounding cloud computing. Presenting a generalised opinion on security and privacy flaws. |
[ ] | IaaS, PaaS, SaaS | × | ✓ | ✓ | Presented state-of-the-art introduction to cryptographic approach for privacy preserving in cloud computing, putting into perspective the adoption of online applications. |
[ ] | IaaS, PaaS, SaaS | ✓ | × | × | Provided insights on the future of cloud computing by highlighting technical and adoption issues that will present themselves without adequate security and privacy measures. |
[ ] | IaaS, PaaS, SaaS | ✓ | × | ✓ | Surveyed the privacy, security and trust issues surrounding cloud computing and further provided possible cryptographic solutions. |
[ ] | SaaS | ✓ | ✓ | ✓ | Analysis on key management and secure practices on cryptographic operations in the cloud. |
Reference | Reviewed Layer | Security | Privacy | Technical Approach | Remark |
---|---|---|---|---|---|
[ ] | PaaS, SaaS | ✓ | ✓ | ✓ | Reviewed data storage integrity and auditing in cloud computing by highlighting state-of-the-art methods and challenges. |
[ ] | IaaS, PaaS, SaaS | ✓ | × | ✓ | Discussed and presented state-of-the-art task scheduling security issues and limitations in cloud computing, based on application, methods and utilisation. |
[ ] | PaaS, SaaS | ✓ | ✓ | × | Presented the threats and vulnerabilities open to attackers in cloud computing by considering accountability, integrity, availability, confidentiality and privacy preserving. |
[ ] | PaaS, SaaS | ✓ | × | ✓ | Presented an extensive review on outsourced data bases in cloud computing introducing new database query and encryption. |
[ ] | PaaS, SaaS | ✓ | ✓ | ✓ | Classified state-of-the-art taxonomy on current remote data auditing scheme and their limitations based on security metrics and requirements, data update and auditing. |
[ ] | IaaS, PaaS, SaaS | ✓ | ✓ | × | Presented issues of trust, security and privacy in cloud computing by assessing the different factors that affect its adoption. |
[ ] | PaaS, SaaS | ✓ | × | ✓ | Surveyed remote data integrity and auditing in cloud computing. Providing an enhancement to the review literature of [ ] |
[ ] | IaaS, PaaS, SaaS | ✓ | ✓ | × | Presented trends and research directions in cloud computing by considering computing models that are prone to threats and vulnerabilities. |
[ ] | IaaS, PaaS, SaaS | ✓ | ✓ | × | Analysed privacy and security issues in cloud computing by considering the different components and relationship to organisational internet of things protocol. |
[ ] | IaaS, PaaS, SaaS | ✓ | ✓ | × | Provided a taxonomy of security and privacy and further presented several attack detection remedies in cloud computing. |
[ ] | IaaS, PaaS, SaaS | ✓ | ✓ | × | Provided a taxonomy on remote data auditing and integrity in cloud computing by analysing data replication, erasure and communication. |
Infrastructure as a Service | Platform as a Service | Software as a Service | |
---|---|---|---|
Spoofing | X | X | |
Tampering | X | ||
Repudiation | X | ||
Information Disclosure | X | ||
Denial of Service | X | X | X |
Elevation of Privilege | X | X | X |
Private Cloud | Community Cloud | Public Cloud | Hybrid Cloud | |
---|---|---|---|---|
Spoofing | X | X | X | |
Tampering | X | X | ||
Repudiation | X | |||
Information Disclosure | X | X | ||
Denial of Service | X | X | X | X |
Elevation of Privilege | X | X | X | X |
Vulnerability Component | Spoofing | Tampering | Repudiation | Information Disclosure | Denial of Service | Elevation of Privilege |
---|---|---|---|---|---|---|
Immoral use and abuse of cloud computing | X | X | X | X | ||
Malicious insider attackers | X | X | X | X | X | X |
Vulnerable programming interfaces | X | X | X | |||
Data leakage and loss | X | X | X | X | ||
Distributed technology vulnerabilities | X | X | X | |||
Services and account hijacking | X | X | X | X | X | X |
Anonymous profile threat | X | X | X | X |
Classification of Attack | Description | Attack Name |
---|---|---|
Denial of Service | Large amount of data traffic is generated by the attacker to obstruct the availability of services | SMURF: ICMP: generating echo request to an intending IP address. LAND: transferring spoofed SYN packets with the same source and destination IP address. SYN Flood: reducing storage efficiency through IP spoofed packets. Teardrop: exploiting flaw TCP/IP stacks. |
Distributed Denial of Service | A DDoS is the distributed form of DoS where the system is flooded in a distributed manner. | HTTP Flooding: exploiting legitimate HTTP POST or GET requests. Zero Day Attacks: exploiting security loopholes unknown to CSPs. |
Remote to Local | Attacker compromises the system by executing commands that grants access to the system. | SPY: installations that runs a machine for phishing purposes. Password Guess. IMAP: finding a vulnerable IMAP Mail server. |
User to Root | Attacker gains root access to destroy the system. | Rootkits: Offering privileged access while masking its existence. Buffer Overflowing |
Probing | Breaching the PII of a victim | Ports Sweeping. NMAP: port scanning. |
Attack Name | Description | Affected Layer |
---|---|---|
Service Injection | This attack affects the integrity of services at the application and VM level. This is accomplished through the injection of malicious services into legitimate identification files. This, in turn, provides malicious services instead of legal services. | PaaS |
Zombie | Impedes on availability of service by compromising legitimate VMs through direct or indirect host machine flooding. | PaaS, IaaS and Saas |
Hypervisor and VM Attack | By compromising the hypervisor, the intruder gains access to a users VM, through the escape of a virtualisation layer. | IaaS |
Man in the Middle | Accessing data transfer or communication to users. These affect the integrity and confidentiality of the message. | PaaS, IaaS and Saas |
Back Door Channel | This attack affects the data privacy and availability of service. This is accomplished by the compromise of a valid VM, by providing rights to access resources. | Iaas |
Phishing | Making users access fake or illegal web links. This can affect the privacy of user sensitive data. | PaaS, IaaS and Saas |
Spoofing Meta Data | This affects the confidentiality of services through service abnormal behaviours by modifying the web service description. | PaaS and SaaS |
Side Channel Attack | This affects data integrity. Hackers are able to retrieve plaintext or cyphertext from encrypted data through side channel information. These can be performed either through unauthorised placement of the effected text on users VM or through target VN extraction. | SaaS and PaaS |
Authentication Attack | Exploiting flaws in the authentication protocol. | PaaS, IaaS and SaaS |
Security Component | Spoofing | Tampering | Repudiation | Information Disclosure | Denial of Service | Elevation of Privilege |
---|---|---|---|---|---|---|
Accountability | X | X | X | |||
Identity Management | X | X | X | X | ||
Data Integrity | X | X | X | X | ||
Intrusion and Detection | X | X | X | X | X | |
Data Privacy | X | X | X | X | ||
Access Control | X | X | X | X | X | |
Access Patterns and Designs | X | X | X |
MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
Share and Cite
Abdulsalam, Y.S.; Hedabou, M. Security and Privacy in Cloud Computing: Technical Review. Future Internet 2022 , 14 , 11. https://doi.org/10.3390/fi14010011
Abdulsalam YS, Hedabou M. Security and Privacy in Cloud Computing: Technical Review. Future Internet . 2022; 14(1):11. https://doi.org/10.3390/fi14010011
Abdulsalam, Yunusa Simpa, and Mustapha Hedabou. 2022. "Security and Privacy in Cloud Computing: Technical Review" Future Internet 14, no. 1: 11. https://doi.org/10.3390/fi14010011
Article Metrics
Article access statistics, further information, mdpi initiatives, follow mdpi.
Subscribe to receive issue release notifications and newsletters from MDPI journals
IEEE Account
- Change Username/Password
- Update Address
Purchase Details
- Payment Options
- Order History
- View Purchased Documents
Profile Information
- Communications Preferences
- Profession and Education
- Technical Interests
- US & Canada: +1 800 678 4333
- Worldwide: +1 732 981 0060
- Contact & Support
- About IEEE Xplore
- Accessibility
- Terms of Use
- Nondiscrimination Policy
- Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
Information security and privacy challenges of cloud computing for government adoption: a systematic review
- Regular Contribition
- Published: 03 January 2024
- Volume 23 , pages 1459–1475, ( 2024 )
Cite this article
- Ndukwe Ukeje 1 ,
- Jairo Gutierrez 1 &
- Krassie Petrova 1
950 Accesses
3 Citations
Explore all metrics
The advent of new technologies and applications coupled with the COVID-19 pandemic tremendously increased cloud computing adoption in private and public institutions (government) and raised the demand for communication and access to a shared pool of resources and storage capabilities. Governments across the globe are moving to the cloud to improve services, reduce costs, and increase effectiveness and efficiency while fostering innovation and citizen engagement. However, information security and privacy concerns raised in the past remain significant to government adoption and utilisation of cloud computing. The study conducts a systematic literature review (SLR) using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) approach to examine information security and privacy as the fundamental challenges to government intention to adopt cloud computing. This study screened 758 articles and included 33 articles that revealed information security and privacy as critical factors and barriers to adopting cloud computing through a systematic evaluation (PRISMA approach). The combined two factors contributed 70% of the significant gaps to the cloud computing adoption challenges. In contrast, the individual contribution of information security and privacy as a significant gap to the challenges of cloud adoption yielded 9% and 12%, respectively. Furthermore, 9% of the authors recognised the need for a framework to address the challenges but could not attempt to develop the framework. The study contributes to the information security body of knowledge, PRISMA studies and provides direction in proposing strategies and frameworks to tackle information security and privacy challenges as future research.
This is a preview of subscription content, log in via an institution to check access.
Access this article
Subscribe and save.
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Price includes VAT (Russian Federation)
Instant access to the full article PDF.
Rent this article via DeepDyve
Institutional subscriptions
Similar content being viewed by others
A comprehensive and holistic knowledge model for cloud privacy protection
Cloud Security from Users Point of View: A Pragmatic Study with Thematic Analysis
A Systematic Review of Security in Cloud Computing
Data availability statements.
All data supporting the findings and the analysis of this study are available within the paper and its Supplementary Information files.
Espinha Gasiba, T., Andrei-Cristian, I., Lechner, U., Pinto-Albuquerque, M.: Raising security awareness of cloud deployments using infrastructure as code through cybersecurity challenges. In: The 16th International Conference on Availability, Reliability and Security, pp. 1–8 (2021). https://doi.org/10.1145/3465481.3470030
Alhomdy, S., et al.: The role of cloud computing technology: a savior to fight the lockdown in COVID 19 crisis, the benefits, characteristics and applications. Int. J. Intell. Netw. 2 , 166–174 (2021). https://doi.org/10.1016/j.ijin.2021.08.001
Article Google Scholar
Al Hadwer, A., et al.: A systematic review of organizational factors impacting cloud-based technology adoption using technology-organization-environment framework. Internet Things 15 , 100407 (2021). https://doi.org/10.1016/j.iot.2021.100407
Salem, M.M., Hwang, G.-H.: Critical factors influencing adoption of cloud computing for government organizations in Yemen. J. Distrib. Sci. 14 (11), 37–47 (2016). https://doi.org/10.15722/jds.14.11.201611.37
Nugraha, Y., Martin, A.: Towards a framework for trustworthy data security level agreement in cloud procurement. Comput. Secur. 106 , 102266 (2021). https://doi.org/10.1016/j.cose.2021.102266
Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: NIST cloud computing reference architecture. In: NIST Special Publication, vol. 500, pp. 1–28 (2011). https://doi.org/10.1016/j.cose.2021.102266
Alonso, J., Escalante, M., Orue-Echevarria, L.: Transformational Cloud Government (TCG): transforming public administrations with a cloud of public services. Procedia Comput. Sci. 97 , 43–52 (2016). https://doi.org/10.1016/j.procs.2016.08.279
Anggraini, N., Binariswanto, Legowo, N.: Cloud computing adoption strategic planning using ROCCA and TOGAF 92: a study in government agency. Procedia Comput. Sci. 161 , 1316–1324 (2019). https://doi.org/10.1016/j.procs.2019.11.247
Hurwitz, J.S., Kirsch, D.: Cloud Computing for Dummies. Wiley, London (2020)
Google Scholar
Liu, Y., Sun, Y.L., Ryoo, J., Rizvi, S., Vasilakos, A.V.: A survey of security and privacy challenges in cloud computing: solutions and future directions. J. Comput. Sci. Eng. 9 (3), 119–133 (2015). https://doi.org/10.5626/JCSE.2015.9.3.119
Mohammed, F., Ibrahim, O., Ithnin, N.: Factors influencing cloud computing adoption for e-government implementation in developing countries. J. Syst. Inf. Technol. 18 (3), 297–327 (2016). https://doi.org/10.1108/JSIT-01-2016-0001
Keshta, I., Odeh, A.: Security and privacy of electronic health records: concerns and challenges. Egypt. Inform. J. 22 (2), 177–183 (2021). https://doi.org/10.1016/j.eij.2020.07.003
Pahlevan-Sharif, S., Mura, P., Wijesinghe, S.N.R.: A systematic review of systematic reviews in tourism. J. Hosp. Tour. Manag. 39 , 158–165 (2019). https://doi.org/10.1016/j.jhtm.2019.04.001
Page, M.J., Moher, D., Bossuyt, P.M., Boutron, I., Hoffmann, T.C., Mulrow, C.D., Shamseer, L., Tetzlaff, J.M., Akl, E.A., Brennan, S.E., Chou, R., Glanville, J., Grimshaw, J.M., Hróbjartsson, A., Lalu, M.M., Li, T., Loder, E.W., Mayo-Wilson, E., McDonald, S., McKenzie, J.E.: PRISMA 2020 explanation and elaboration: updated guidance and exemplars for reporting systematic reviews. BMJ 372 , n160 (2021). https://doi.org/10.1136/bmj.n160
Sohrabi, C., Franchi, T., Mathew, G., Kerwan, A., Nicola, M., Griffin, M., Agha, M., Agha, R.: PRISMA 2020 statement: what’s new and the importance of reporting guidelines. Int. J. Surg. 88 , 105918 (2021). https://doi.org/10.1016/j.ijsu.2021.105918
Abdulsalam, Y.S., Hedabou, M.: Security and privacy in cloud computing: technical review. Future Internet 14 (1), 11 (2022). https://doi.org/10.3390/fi14010011
Alsafi, T., Fan, I.S.: Cloud computing adoption barriers faced by Saudi manufacturing SMEs. In: 2020 15th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–6 (2020)
Chikhaoui, E., Sarabdeen, J., Parveen, R.: Privacy and security issues in the use of clouds in e-health in the Kingdom of Saudi Arabia. In: Proceedings of the 28th International Business Information Management Association Conference—Vision 2020: Innovation Management, Development Sustainability, and Competitive Economic Growth (2016)
Gao, F., Sunyaev, A.: Context matters: a review of the determinant factors in the decision to adopt cloud computing in healthcare. Int. J. Inf. Manag. 48 , 120–138 (2019). https://doi.org/10.1016/j.ijinfomgt.2019.02.002
Shafiu, I., Wang, W.Y.C., Singh, H.: Drivers and barriers in the decision to adopt IaaS: a public sector case study. Int. J. Bus. Inf. Syst. 21 (2), 249–267 (2016). https://doi.org/10.1504/IJBIS.2016.074257
Alghamdi, B., Potter, L.E., Drew, S.: Validation of architectural requirements for tackling cloud computing barriers: cloud provider perspective. Procedia Comput. Sci. 181 , 477–486 (2021)
Manzoor, A.: Cloud Computing applications in the public sector. In: Cloud Computing Technologies for Connected Government, pp. 215–246 (2016). https://doi.org/10.4018/978-1-4666-8629-8.ch009
Sharma, M., Sehrawat, R.: Quantifying SWOT analysis for cloud adoption using FAHP-DEMATEL approach: evidence from the manufacturing sector. J. Enterp. Inf. Manag. 33 (5), 1111–1152 (2020). https://doi.org/10.1108/JEIM-09-2019-0276
Yan, L., Hao, X., Cheng, Z., Zhou, R.: Cloud computing security and privacy. In: Proceedings of the 3rd International Conference on Big Data and Computing, Shenzhen, China, pp. 119–123 (2018). https://doi.org/10.1145/3220199.3220217
Kitchenham, B., Charters, S.: Guidelines for performing systematic literature reviews in software engineering. Technical report, ver. 2.3 ebse technical report. ebse (2007)
Page, M.J., McKenzie, J.E., Bossuyt, P.M., Boutron, I., Hoffmann, T.C., Mulrow, C.D., Shamseer, L., Tetzlaff, J.M., Akl, E.A., Brennan, S.E.: The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. Int. J. Surg. 88 , 105906 (2021)
Burnes, D., DeLiema, M., Langton, L.: Risk and protective factors of identity theft victimization in the United States. Prev. Med. Rep. 17 , 101058 (2020). https://doi.org/10.1016/j.pmedr.2020.101058
Jiménez, S.D.O., Anaya, E.A.: A survey on information security in cloud computing. Comput. Sist. 24 (2), 819–833 (2020). https://doi.org/10.13053/CyS-24-2-3119
Force, J.T., Initiative, T.: Security and privacy controls for federal information systems and organizations. In: NIST Special Publication, pp. 8–13 (2013)
Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and privacy in cloud computing: a survey. In: 2010 Sixth International Conference on Semantics, Knowledge and Grids, pp. 105–112 (2010)
Sun, P.: Security and privacy protection in cloud computing: discussions and challenges. J. Netw. Comput. Appl. 160 , 102642 (2020)
Abed, Y., Chavan, M.: The challenges of institutional distance: data privacy issues in cloud computing. Sci. Technol. Soc. 24 (1), 161–181 (2019). https://doi.org/10.1177/0971721818806088
Verizon, Verizon 2021 Data Breach Investigations Report, Verizon 2021DBIR Master’s Guide (2021)
Ali, O., Osmanaj, V.: The role of government regulations in the adoption of cloud computing: a case study of local government. Comput. Law Secur. Rev. 36 , 105396 (2020). https://doi.org/10.1016/j.clsr.2020.105396
Gholami, A., Laure, E.: Security and privacy of sensitive data in cloud computing: a survey of recent developments. arXiv preprint arXiv:1601.01498 (2016)
Jianwen, C., Wakil, K.: A model for evaluating the vital factors affecting cloud computing adoption. Kybernetes 49 (10), 2475–2492 (2020). https://doi.org/10.1108/K-06-2019-0434
Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13 (2), 113–170 (2014). https://doi.org/10.1007/s10207-013-0208-7
Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science, pp. 693–702 (2010)
AlSelami, F.A.: Major cloud computing security challenges with innovative approaches. Teh. Glas. 17 (1), 141–145 (2023). https://doi.org/10.31803/tg-20220826124655
AlAhmad, A.S., Kahtan, H., Alzoubi, Y.I., Ali, O., Jaradat, A.: Mobile cloud computing models security issues: a systematic review. J. Netw. Comput. Appl. 190 , 103152 (2021). https://doi.org/10.1016/j.jnca.2021.103152
Alghofaili, Y., Albattah, A., Alrajeh, N., Rassam, M.A., Al-Rimy, B.A.S.: Secure cloud infrastructure: a survey on issues, current solutions, and open challenges. Appl. Sci. (Switz.) 11 (19), 9005 (2021). https://doi.org/10.3390/app11199005
Isaac Abiodun, O., Alawida, M., Esther Omolara, A., Alabdulatif, A.: Data provenance for cloud forensic investigations, security, challenges, solutions and future perspectives: a survey. J. King Saud Univ. Comput. Inf. Sci. 34 (10), 10217–10245 (2022). https://doi.org/10.1016/j.jksuci.2022.10.018
Kumar, R., Goyal, R.: On cloud security requirements, threats, vulnerabilities and countermeasures: a survey. Comput. Sci. Rev. 33 , 1–48 (2019). https://doi.org/10.1016/j.cosrev.2019.05.002
Miorandi, D., Rizzardi, A., Sicari, S., Coen-Porisini, A.: Sticky policies: a survey. IEEE Trans. Knowl. Data Eng. 32 (12), 2481–2499 (2020). https://doi.org/10.1109/TKDE.2019.2936353
Ometov, A., Molua, O.L., Komarov, M., Nurmi, J.: A survey of security in cloud, edge, and fog computing. Sensors 22 (3), 927 (2022)
Sharma, M., Sehrawat, R.: A hybrid multi-criteria decision-making method for cloud adoption: evidence from the healthcare sector. Technol. Soc. 61 , 101258 (2020). https://doi.org/10.1016/j.techsoc.2020.101258
Wilson, B.M.R., Khazaei, B., Hirsch, L.: Enablers and barriers of cloud adoption among small and medium enterprises in Tamil Nadu. In: Proceedings—2015 IEEE International Conference on Cloud Computing in Emerging Markets, CCEM 2015, pp. 140–145 (2015). https://doi.org/10.1109/CCEM.2015.21
Zhang, S., Pandey, A., Luo, X., Powell, M., Banerji, R., Fan, L., Parchure, A., Luzcando, E.: Practical adoption of cloud computing in power systems: drivers, challenges, guidance, and real-world use cases. IEEE Trans. Smart Grid 13 (3), 2390–2411 (2022). https://doi.org/10.1109/TSG.2022.3148978
Download references
Author information
Authors and affiliations.
Department of Computer Science and Software Engineering, Auckland University of Technology, Auckland, New Zealand
Ndukwe Ukeje, Jairo Gutierrez & Krassie Petrova
You can also search for this author in PubMed Google Scholar
Contributions
All authors reviewed the manuscript.
Corresponding author
Correspondence to Ndukwe Ukeje .
Ethics declarations
Conflict of interest.
The authors have no competing interests to declare that are directly or indirectly related to the content of this article. The authors declare no competing interests.
Additional information
Publisher's note.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
See Tables 2 and 3 .
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Reprints and permissions
About this article
Ukeje, N., Gutierrez, J. & Petrova, K. Information security and privacy challenges of cloud computing for government adoption: a systematic review. Int. J. Inf. Secur. 23 , 1459–1475 (2024). https://doi.org/10.1007/s10207-023-00797-6
Download citation
Accepted : 25 November 2023
Published : 03 January 2024
Issue Date : April 2024
DOI : https://doi.org/10.1007/s10207-023-00797-6
Share this article
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
- Cloud computing
- Information security
- Government cloud adoption
- Cloud challenges
Advertisement
- Find a journal
- Publish with us
- Track your research
IMAGES
VIDEO