CFP last date
16 December 2024
Reseach Article

Security Threats with Associated Mitigation Techniques in Cloud Computing

by Mohsin Nazir, Mirza Shuja Rashid
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 5 - Number 7
Year of Publication: 2013
Authors: Mohsin Nazir, Mirza Shuja Rashid
10.5120/ijais13-450935

Mohsin Nazir, Mirza Shuja Rashid . Security Threats with Associated Mitigation Techniques in Cloud Computing. International Journal of Applied Information Systems. 5, 7 ( May 2013), 16-27. DOI=10.5120/ijais13-450935

@article{ 10.5120/ijais13-450935,
author = { Mohsin Nazir, Mirza Shuja Rashid },
title = { Security Threats with Associated Mitigation Techniques in Cloud Computing },
journal = { International Journal of Applied Information Systems },
issue_date = { May 2013 },
volume = { 5 },
number = { 7 },
month = { May },
year = { 2013 },
issn = { 2249-0868 },
pages = { 16-27 },
numpages = {9},
url = { https://www.ijais.org/archives/volume5/number7/462-0935/ },
doi = { 10.5120/ijais13-450935 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2023-07-05T17:58:46.686575+05:30
%A Mohsin Nazir
%A Mirza Shuja Rashid
%T Security Threats with Associated Mitigation Techniques in Cloud Computing
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 5
%N 7
%P 16-27
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Cloud Computing emerges as one of the hottest topic in the field of information technology. Nowadays not just large organizations, but even small and medium size businesses are looking forward to adopt an economical computing resource for their business application, i. e. by introducing a new concept of cloud computing in their environment. Basically it's a new concept of providing virtualized resources to the consumers. Cloud Computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually Cloud Computing services are delivered by a third party provider who owns the infrastructure. Consumers can request a cloud for services, applications, solutions and can store large amount of data from different location. Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that theindustry uses. It promises to provide a flexible IT architecture; accessible through internet from lightweight portable devices. This would allow multi-fold increase in the capacity and capabilities of the existing and new software. This new economic model for computing has found fertile ground and is attracting massive global investment. Many industries, such as banking, healthcare and education are moving towards the cloud due to the efficiency of services provided by the pay-per-use pattern based on the resources such as processing power used, transactions carried out, bandwidth consumed, data transferred, or storage space occupied etc. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it due to security issues and challenges associated with it. Security in Cloud Computing is an importantand critical aspect, and has numerous issues and problem related to it. Cloud service provider and the cloudservice consumer should make sure that the cloud is safe enough from all the external threats so that thecustomer does not face any problem such as loss of data or data theft. There is also a possibility where amalicious user can penetrate the cloud by impersonating a legitimate user, thus infecting the entire cloud andaffects many customers who are sharing the infected cloud. This research paper outlines what cloud computing is, the various cloud models and the parameters that affect thesecurity of the cloud. This extensive research also aims to elaborate the possible security attacks and the security issues that arise in a cloud computing frame work. It focuses on technical security issues arising from the usage of cloud services and also provides an overview of key security issues related to cloud computing with the view of a secure cloud architecture environment.

References
  1. A Platform Computing Whitepaper. "Enterprise Cloud Computing: Transforming IT. ", PlatformComputing, pp6, 2010.
  2. Alessandro Perilli, Claudio Criscione, "Securing the Private Cloud", Article on Secure Networks, Virtualization. info. http://virtualization. info/en/security/privatecloud. pdf
  3. AlokTripathy, Abhinav Mishra, "Cloud Computing Security Considerations", IEEE International Conference on Signal Processing, Communications & Computing, Sept- 2011.
  4. AmanBakshi, Yogesh B. Dujodwala, "Securing cloud from DDoS Attacks using Intrusion Detection System inVirtual Machine," ICCSN '10 Proceeding of the 2010 Second International Conference on CommunicationSoftware and networks, pp. 260-264, 2010, IEEE Computer Society, USA, 2010. ISBN: 978-0-7695-3961-4.
  5. A. Verma and S. Kaushal, "Cloud Computing Security Issues and Challenges: A Survey", Proceedings of Advances in Computing and Communications, Vol. 193, pp. 445-454, 2011. DOI: 10. 1007/978-3-642-22726-4_46
  6. B. P. Rimal, Choi Eunmi, I. Lumb, "A Taxonomy and Survey of Cloud Computing Systems", Intl. Joint Conference on INC, IMS and IDC, 2009, pp. 44-51,Seoul, Aug, 2009. DOI: 10. 1109/NCM. 2009. 218
  7. B. R. Kandukuri, R. Paturi V, A. Rakshit, "Cloud Security Issues", In Proceedings of IEEE International Conference on Services Computing, pp. 517-520, 2009.
  8. Char Sample, Senior Scientist, BBN Technologies, Diana Kelley, Partner, Security Curve, "Cloud computing security: Routing and DNS security threats," http://searchsecurity. techtarget. com/tip/0, 289483, sid14_gci1359155_mem1, 00. html/.
  9. Cloud Computing. Wikipdia. Available at http://en. wikipedia. org/wiki/Cloud_computing
  10. ClaudioMazzariello, Roberto Bifulco and Roberto Canonico, "Integrating a Network IDS into an Open Source Cloud Computing Environment," Sixth International Conference on Information Assurance and Security, USA, pp. 265-270, Aug. 23-25, 2010. DOI: 10. 1109/ISIAS. 2010. 5604069.
  11. Cong Wang, Qian Wang, KuiRen, and Wenjing Lou, "Ensuring Data Storage Security in Cloud Computing," 17th International workshop on Quality of Service, USA, pp. 1-9, July 13-15, 2009, ISBN: 978-1-4244-3875-4
  12. C. Weinhardt, A. Anandasivam, B. Blau, and J. Stosser. "Business Models in the Service World. "IT Professional, vol. 11, pp. 28-33, 2009.
  13. Daniel Oliveira and Eduardo Ogasawara. Article: Is Cloud Computing the Solution for Brazilian Researchers?. International Journal of Computer Applications 6(8):19–23, September 2010.
  14. D. Gollmann, "Securing Web Applications," Information Security Technical Report, vol. 13, issue. 1, 2008, Elsevier Advanced Technology Publications Oxford, UK, DOI: 10. 1016/j. istr. 2008. 02. 002.
  15. D. Oliveira, F. Baião, and M. Mattoso, 2010, "Towards Taxonomy for Cloud Computing from an e-Science Perspective", Cloud Computing: Principles, Systems and Applications (to be published), Heidelberg: Springer-Verlag.
  16. Dr. Gurdev Singh, ShanuSood, Amit Sharma, "CM- Measurement Facets for Cloud Performance", IJCA, , Lecturer, Computer science & Engineering, Eternal University, Baru Sahib (India), Volume 23 No. 3, June 2011.
  17. E. Mathisen, "Security Challenges and Solutions in Cloud Computing", Proceedings of the 5th IEEE International Conference on Digital Ecosystems and Technologies (DEST), pp. 208-212, June, 2011, ISBN: 978-1-4577-0871-8, DOI: 10. 1109/DEST. 2011. 5936627.
  18. Ertaul, L. and Singhal, S. 2009. Security Challenges in Cloud Computing. California State University, East Bay. Academic paper http://www. mcs. csueastbay. edu/~lertaul/Cloud%20Security%20CamREADY. pdf
  19. Gaoyun Chen, Jun Lu and Jian Huang, Zexu Wu, "SaaAS - The Mobile Agent based Service for Cloud Computing in Internet Environment", Sixth International Conference on Natural Computation, ICNC 2010, pp. 2935-2939, IEEE, Yantai, Shandong, China, 2010. ISBN: 978-1-4244-5958-2.
  20. Global Netoptex Incorporated. "Demystifying the cloud. Important opportunities, crucial choices. " pp4-14. Available: http://www. gni. com [Dec. 13, 2009].
  21. Hanqian Wu, Yi Ding, Winer, C. , Li Yao, "Network Security for Virtual Machines in Cloud Computing," 5th Int'l Conference on Computer Sciences and Convergence Information Technology, pp. 18-21, Seoul, Nov. 30- Dec. 2, 2010. ISBN: 978-1-4244-8567-3.
  22. Harjit Singh Lamba and Gurdev Singh, "Cloud Computing-Future Framework for emanagement of NGO's", IJoAT, ISSN 0976-4860, Vol 2, No 3, Department Of Computer Science, Eternal University, Baru Sahib, HP, India, July 2011.
  23. Harold C. Lin, ShivnathBabu, Jeffrey S. Chase, Sujay S. Parekh, "Automated Control in Cloud Computing: Opportunities and Challenges", Proc. of the 1st Workshop on Automated control for data centres and clouds, New York, NY, USA, pp. 13-18, 2009, ISBN: 978-1-60558-585-7.
  24. Hoang T. Dinh, Chonho Lee, DusitNiyato, Ping Wang, "A Survey of Mobile Cloud Computing: Architecture, Applications and Approaches", Wireless Communications and Mobile Computing, Wiley Inc.
  25. IanRathie, "An Approach to Application Security," White Paper, SANS Institute. http://www. sans. org/reading_room/whitepapers/application/approach-application-security_16.
  26. I. Foster, Y. Zhao, I. Raicu, and S. Lu, 2008, Cloud Computing and Grid Computing 360-Degree Compared, In: Grid Computing Environments Workshop, 2008. GCE '08, p. 10, 1.
  27. Joachim Schaper, 2010, "Cloud Services", 4th IEEE International Conference on DEST, Germany.
  28. KausarFiazKhawaja, Sara Qaisar, "Cloud Computing: Network/Security Threats and Countermeasures", IJCRB, Vol. 3 No. 9, January 2012.
  29. K. Mukherjee and G. Sahoo. Article: Cloud Computing: Future Framework for e-Governance. International Journalof Computer Applications 7(7):31–34, October.
  30. K. Vieira, A. Schulter, C. B. Westphall, and C. M. Westphall, "Intrusion detection techniques for Grid and Cloud Computing Environment," IT Professional, IEEE Computer Society, vol. 12, issue 4, pp. 38-43, 2010.
  31. Kevin Hamlen, Murat Kantarcioglu, Latifur Khan, BhavaniThuraisingham, SecurityIssues for Cloud Computing, International Journal of Information Security and Privacy, 4(2),39-51, University of Texas, USA, April-June 2010.
  32. Kuyoro S. O. , Ibikunle F. , Awodele O. , "Cloud Computing Security Issues & Challenges", IJCN, Vol. 3 Issue 5: 2011, pp. 247-255.
  33. Liladhar R Rewatkar and Ujwal A Lanjewar. Article: Implementation of Cloud Computing on Web Application. International Journal of Computer Applications 2(8):28–32, June 2010. Published By Foundation of Computer Science.
  34. L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, 2009, A break in the clouds: towards a cloud definition, SIGCOMM Comput. Commun. Rev. , v. 39, n. 1, p. 50-55
  35. L. Wang, GregorLaszewski, Marcel Kunze, Jie Tao, "Cloud Computing: A Perspective Study", New Generation Computing- Advances of Distributed Information Processing, pp. 137-146, vol. 28, no. 2, 2008. DOI: 10. 1007/s00354-008-0081-5
  36. Meiko Jensen, JorgSchwenk, Nils Gruschka, Luigi Lo Iacon, "On technical Security Issues in Cloud Computing", Proc. of IEEE International Conference on Cloud Computing (CLOUD-II, 2009), pp. 109-116, India, 2009.
  37. Mohsin Nazir, "Cloud Computing: Overview & Current Research Challenges", IOSR-JCE, Vol. 8-No. 1, Nov-Dec 2012, pp. 14-22.
  38. Muzafar Ahmad Bhat, RazeefMohd Shah, Bashir Ahmad and InayatRasoolBhat, "Cloud Computing: A Solution to Information Support Systems", IJCA, Vol. 11-No. 5, December 2010, pp. 5-9.
  39. M. Klems, A. Lenk, J. Nimis, T. Sandholm and S. Tai. "What's Inside the Cloud? An Architectural Map of the Cloud Landscape. "IEEEXplore, pp 23-31, Jun. 2009.
  40. Nathan Mcfeters, "Recent CNN Distributed Denial of Service Attack Explained". http://www. zdnet. com/blog/security/recent-cnn-distributed-denial-of-service-ddos-attack-explained/1054.
  41. Peter Mell, Timothy Grance, "The NIST Definition of Cloud Computing", Jan, 2011. http://docs. ismgcorp. com/files/external/Draft-SP-800-145_cloud-definition. pdf
  42. Prince Jain, "Security Issues & their solution in Cloud Computing", International Journal of Computing & Business Research.
  43. Pring et al. , "Forecast: Sizing the cloud; understanding the opportunities in cloud services," Gartner Inc. , Tech. Rep. G00166525, March 2009.
  44. Problems Faced by Cloud Computing, Lord CrusAd3r,dl. packetstormsecurity. net/. . . /ProblemsFacedbyCloudComputing. pdf.
  45. P. Sharma, S. K. Sood, and S. Kaur, "Security Issues in Cloud Computing", Proceedings of High Performance Architecture and Grid Computing, Vol. 169, pp. 36-45, 2011. DOI: 10. 1007/978-3-642-22577-2_5
  46. Rabi Prasad Padhy, ManasRajanPatra and Suresh Chandra Satapathy, "Cloud Computing: Security Issues & Research Challenges", IJCSITS, Vol. 1-No. 2, December 2011, pp. 136-146.
  47. RohitBhadauria, SugataSanyal, "Survey on Security Issues in Cloud Computing & Associated Mitigation Techniques", IJCA, Vol. 47-No. 18, June 2012, pp. 47-66.
  48. R. L Grossman, "The Case for Cloud Computing," IT Professional, vol. 11(2), pp. 23-27, 2009, ISSN: 1520-9202.
  49. R. Maggiani, Communication Consultant, Solari Communication, "Cloud Computing is Changing How we Communicate", 2009 IEEE International Professional Conference, IPCC, pp. 1-4, Waikiki, HI, USA, July 19- 22, 2009. ISBN: 978-1-4244-4357-4.
  50. RuipingLua and Kin Choong Yow, "Mitigating DDoS Attacks with Transparent and Intelligent Fast-Flux Swarm Network," IEEE Network, vol. 25, no. 4, pp. 28-33, July-August, 2011.
  51. Sato, H; Kanai, A; Tanimoto, S; "A Cloud Trust Model in a Security Aware Cloud", Intl. Symposium on Applications and the Internet (SAINT), pp. 121-124, July, 2010, Seoul.
  52. SangeetaSen, RituparnaChaki, "Handling Write Lock Assignment in Cloud Computing Environment", Communications in Computer and Information Science, vol. 245, issue. 7, pp. 221-230, 2011. DOI: 10. 1007/978- 3-642-27245-5_27
  53. SonalAnand, Sarvesh Gupta, ShwetaFatnani, Varsha Sharma and Deepti Jain. Article: Semantic Cloud for Mobile Technology. International Journal of Computer Applications 8(12):1–4, October 2010.
  54. SudharsanSundararajan, Hari Narayanan, Vipin Pavithran, KaladharVorungati, KrishnashreeAchuthan, "Preventing Insider attacks in the Cloud", Communications in Computer and Information Science, vol. 190, issue. 5, pp. 488-500, 2011. DOI: 10. 1007/978-3-642-22709-7_48
  55. Sun Microsystems White Paper, ?Introduction to Cloud Computing Architecture,? June 2009.
  56. S. Arnold (2009, Jul. ). "Cloud computing and the issue of privacy. "KM World, pp14-22. Available: www. kmworld. com [Aug. 19, 2009].
  57. S. Subashini, V. Kavitha, "A survey on security issues in service delivery models of cloud computing"; Journal of Network and Computer Applications, Vol. 34(1), pp 1–11, Academic Press Ltd. , UK, 2011, ISSN: 1084-8045.
  58. Thomas W. Shinder, "Security Issues in CloudDeployment models", TechNet Articles, Wiki,Microsoft, Aug, 2011. http://social. technet. microsoft. com/wiki/contents/articles/security-issues-in-cloud-deployment-models. aspx
  59. Timothy Wood, PrashantShenoy, Alexandre Gerber, K. K. Ramkrishnan, Jacobus Van der Merwe, "The Case for Enterprise-Ready Virtual Private Clouds", HotCloud'09 Proceedings of the 2009 conference on Hot topics in cloud computing, San Diego, CA, USA, 2009. http://www. usenix. org/event/hotcloud09/tech/full_papers/wood. pdf
  60. V. Krishna Reddy, B. ThirumalRao, Dr. L. S. S. Reddy, P. SaiKiran "Research Issues in Cloud Computing " Global Journal of Computer Science and Technology, Volume 11, Issue 11, July 2011.
  61. Wayne Jansen, Timothy Grance, "NIST Guidelines on Security and Privacy in Public Cloud Computing", Draft Special Publication 800-144, 2011. http://csrc. nist. gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing. pdf.
  62. W. K. Chan, Lijun Mei, and Zhenyu Zhang, "Modeling and testing of cloud applications", to appear in Proceedings of 2009 IEEE Asia-Pacific Services Computing Conference (APSCC 2009), (Singapore, December 7-11, 2009), IEEE Computer Society Press, Los Alamitos, CA, USA, 2009.
  63. X. Zhang, N. Wuwong, H. Li, and X. J. Zhang, "Information Security Risk Management Framework for the Cloud Computing Environments", In Proceedings of 10th IEEE International Conference on Computer and Information Technology, pp. 1328- 1334, 2010.
  64. ZouheirTrabelsi, HamzaRahmani, KamelKaouech, MounirFrikha, "Malicious Sniffing System Detection Platform", Proceedings of the 2004 International Symposium on Applications and the Internet, pp. 201-207, 2004, ISBN: 0-7695-2068-5.
Index Terms

Computer Science
Information Sciences

Keywords

Cloud Computing Software as a Service (SaaS) Platform as a Service PaaS) Infrastructure as a Service (IaaS) Mobile Cloud Computing (MCC) Security issues Denial of Service (DoS) Distributed Denial of Service (DDoS) Secure Cloud Architecture.