25Apr 2017

AN ANALYSIS OF CLOUD COMPUTING INFORMATION SECURITY CHALLENGES.

  • Arab Academy for Science and Technology and Maritime Transport Cairo, Egypt.
Crossref Cited-by Linking logo

  • Abstract
  • Keywords
  • References
  • Cite This Article as
  • Corresponding Author

Security is one of the biggest obstacles that prevent the adoption of cloud computing [1]. Businesses and research are reluctant in shifting the control of digital assets to the third?party service providers [2].Organizations does not enjoy administrative control of cloud services and infrastructure [3]. The security measures taken by the cloud service providers (CSP) are transparent to the organization [4].The presence of large number of users from different organizations aggravates the situation further [2]; the users might be trusted by the CSP but may not trust each other [4]. The above reasons increase the customers? uncertainty about their digital assets on the cloud resulting in reluctance to adopt cloud computing [2].This paper exploits certain information security risks namely data, user identity and access control and contractual and legal issues. Moreover, the manuscript presents a comprehensive solution in literature to cater for all security risks. A critical evaluation of the solution by comparing it with other solutions that exist in literature is provided. The analysis proves the thoroughness and outperformance of the comprehensive solution compared to the other solutions that exist in literature.

  1. AB. Fernands, L.FB. Soares, J.V. Gomes, M.M. Freire, P. RM Inacio, Security issues in cloud environments: a survey, Int. J. Inform. Sec. 13 (20 (2014) 113-170.
  2. Latif, H. Abbas, S. Assar, Q. Ali, Cloud computing risk assessment: a systemic literature review, in: Future Information Technology. Springer, Berlin, Heidelberg, 2014, pp. 285-295.
  3. N. Khan, M.L.M. Kiah, M. Ali, S.A. Madani, S.Shamshirband, BSS: block-based sharing scheme for secure data storage services in mobile cloud environment, J.Supercomput. 70 (2) (2014) 946-976.
  4. Ali, S.U. Khan, A V. Vasilakos. Security in cloud computing: opportunities and challenges. Information Sciences 305 (2015) 357-383.
  5. Rebollo, D. Mellado, E. Fernandez-Medina. Introducing a security governance framework for cloud computing, in: Proceedings of the 10th International Workshop on Security of Information Systems WOSIS 2013, Angers, France. July 2013.
  6. Mell, , Grance, T.: The NIST Definition of Cloud Computing. SP 800-145. National Institute of Standards and Technology (NIST) (2011).
  7. Gartner: Gartner's Hype Cycle for Cloud Computing. (2012).
  8. Rong, S.T. Nguyen, M.G. Jaatun, Beyond Lightning: a survey on security challenges in cloud computing. Comput. Electr. Eng. 39 (1) (2013) 47-54.
  9. Subashini, V. Kavitha,. A survey on security issues in service delivery models of cloud computing, J. Netw. Comput. Appl. 34 (1) (2011) 1-11.
  10. Modi, D. Patel, B. Borisaniya, A. Patel, M. Rajarajan, A survey on security issues and solutions at different Layers of Cloud Computing, J. Supercomput. 63 (2) (2013) 561-592.
  11. Abbas, S.U. Khan. A review on the state-of-the-art privacy preserving approaches in e-health clouds, IEEE J. Biomed. Health Inform. (2014), http://dx.doi.org/10.1109/BHI.2014.2300846.
  12. Xiao, Y. Xiao. Security and privacy in cloud computing, IEEE Commun. Surveys Tutorials 15 (2) (2013) 843-859.
  13. Neng-Hai, Z. Hao, J. Xu, W. Zhang, C. Zhang, Review of cloud computing security, Acta Electron. Sinica 41 (2) (2013) 371-381.
  14. Hashizume, D.G. Rosado, E. Fernndez-Medina, E.B. Fernadez, An analysis of security issues for cloud computing, J. Internet Services Appl. 4 (1) (2013) 1-13.
  15. Che, Y. Duan, T. Zhang, J. Fan. Study on the security models and strategies of cloud computing, Proc. Eng. 23 (2011) 586-593.
  16. Tari, Security and privacy in cloud computing, IEEE Cloud Comput. 1 91) 92014) 54-57.
  17. D. Ryan, Cloud computing security: the scientific challenge, and a survey of solutions, J. Syst. Softw. 86 (09) (2013) 2263-2268.
  18. Chandramouli, M. lorga, S. Chokhani, Cryptographic key management issues and challenges in cloud services, in : Secure Cloud Computing, Springer, New York, 2014, pp. 1-30. doi: 10. 1007/978-1-4614-9278-8_1.
  19. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen, A.V. Vasilakos, Security and privacy for storage and computation in cloud computing, Inform.Sci.258 (2014) 371-386.
  20. Wang, Q. Wang, K. Ren, N. Cao, W. Lou,, Toward secure and dependable storage services in cloud computing, IEEE Trans. Services Comput. 5 (2) (2012) 220-232.
  21. Salah, J.M.A Calero, S. Zeadally, S. Al-Mulla, M. Alzaabi, Using cloud computing to implement a security overlay network, IEEE Sec. Privacy 11 (1) (2013) 44-53.
  22. Liu, S. Peng, W. Du, W. Wang, G.S. Zeng, Security-aware intermediate data placement strategy in scientific cloud workflows, Knowl. Inform. Syst. 41 (2) (2014) 423-447.
  23. A. Jansen, Cloud hooks: Security and privacy issues in cloud computing, in: 44th Hawaii International Conference on System Sciences (HICSS), 2011, pp. 1-10.
  24. Balduzzi, J. Zaddach, D. Balzarotti, E. Kirda, S. Loureiro, , A security analysis of amazon's elastic compute cloud service, in : Proceedings of the 27th Annual ACM Symposium on Applied Computing, 2012,pp. 1427-1434.
  25. Chen, H. Zhao, Data security and privacy protection issues in cloud computing, in: International Conference on Computer Science and Electronics Engineering (ICCSEE, IEEE), vol. 1, 2012, pp. 647-651.
  26. Vladimir, Cloud adoption issues: interoperability and security, in: Cloud Computing and Big Data, 2013, pp. 53-65.
  27. Liu, E. Blasch, Y. chen, A.J. Aved, A. Hadiks, D. Shen, G. Chen, Information fusion in a cloud computing era: a systems-level perspective, IEEE Aerospace Electron. Syst.Mag. 29 (10) (2014) 16-24.
  28. Carlin, K. Curran, Cloud computing security, Int. J. Ambient Comput. Intell. 3 (1) (2011) 14-19.
  29. Agrawal, Legal issues in cloud computing, in: IndicThreads.com, Conference on Cloud Computing, 2011.
  30. Gonzalez, C. Miers, F. Redgolo, M. Simplcio, T. Carvalho, M. Nslund, M. Pourzandi, A quantitative analysis of current security concerns and solutions for cloud computing, J.. Cloud Comput. 1 (1) (2012) 1-18.
  31. Hay, K. Nance, M. Bishop, Storm clouds rising: security challenges for IaaS cloud computing, in: 44th Hawaii International Conference on System Sciences (HICSS), IEEE, 2011, pp. 1-7.
  32. Yan, P. Zhang, A.V.? Vasilakos, A survey on trust management for Internet of things, J. Netw. Comput. Appl. 42 (2014) 120-134.
  33. Schweitzer, Reconciliation of the cloud computing model with US federal electronic health record regulations, J. Am. Med. Inform. Assoc. 19 (2) (2012) 161-165.
  34. Mellado, D., Sanchez, L.E., Frenandez-Medina, E., Piattini, M.: IT Security Governance Innovations: Theory and Research. IGI Global, USA (2012).
  35. Rong, C.,Nguyen, S.T.,Jaatun, M.G.: Beyond lightning: A survey on security challenges in cloud computing. Computers and Electrical Engineering 39 (2013) 47-54.
  36. Rebollo, O., Mellado, D., Fernandez-Medina, E.: A Systematic Review of Information Security Governance Frameworks in the Cloud Computing Environment. Journal of Universal Computer Science 18 (2012) 798-815.
  37. Fung, A.R.-W., Farn, K.-J., Lin, A.C.: Paper: a study on the certification of the information security management systems. Computer Standards & Interfaces 25 (2003) 447-461.
  38. ISO/IEC: ISO/IEC 38500:2008 Corporate governance of information technology (2008).
  39. ISO/IEC: ISO/IEC 27036 ? IT Security ? Security techniques ? Information security for supplier relationships (draft).
  40. Tang, P.P. Lee, J.C.S. Lui, R. Perlman, Secure overlay cloud storage with access control and assured deletion, IEEE Trans. Dependable Secure Comput. 9 (6) (2012) 903-916.
  41. K. Sood, A combined approach to ensure data security in cloud computing, J.Netw. Comput. Appl. 35 (6) (2012) 1831-1838.
  42. Wan, J. Liu, R.H. Deng, HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing, IEEE Trans.Inform.Forensics Sec. 7 (2) (2012) 743-754.
  43. Ruj, M. Stojmenovic, A. Nayak, Decentralized access control with anonymous authentication of data stored in clouds, IEEE Trans. Parallel Distrib. Syst. 25 (2) (2014) 384-394.
  44. Yang, P. Lai, J. Lin, Design role-based multi-tenancy access control scheme for cloud services, in :IEEE International Symposium on Biometrics and Security Technologies (ISBAST), 2013, pp. 273-279.
  45. Andrieux, K. Czajkowski, A. Dan, K. Keahey, H. Ludwig, T. Nakata, J. Pruyne, J. Rofrano, S. Tuecke, M. Xu, Web services agreement specification (WS-agreement), <http://www.ogf.org/documents/CFD.107.pdf> (accessed 26.05.14).
  46. L. Hale, R. Gamble, Secagreement: advancing security risk calculations in cloud services, in : IEEE Eighth World Congress on Services (SERVICES), 2012, pp. 133-140.
  47. Rak, N. Suri, J. Luna, D. Petcu, V. Casola, U. Villano, Security as a service using an SLA-based approach via SPECS, in : IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2, 2013, pp. 1-6.
  48. L. Hale, R. Gamble, Building a compliance vocabulary to embed security controls in cloud SLAs, in: IEEE Ninth World Congress on Services (SERVICES), 2013, pp. 118-125.
  49. L. Hale, R. Gamble, Risk propagation of security SLAs in the cloud, in: IEEE Globecom Workshops (GC Wkshps),2012,pp. 730-735.

[Amira Hosni. (2017); AN ANALYSIS OF CLOUD COMPUTING INFORMATION SECURITY CHALLENGES. Int. J. of Adv. Res. 5 (Apr). 1387-1394] (ISSN 2320-5407). www.journalijar.com

Amira Hosni
AAST

DOI:

Article DOI: 10.21474/IJAR01/3954      
DOI URL: https://dx.doi.org/10.21474/IJAR01/3954

Download Full Paper

Download PDF No. of Downloads: 17 | No. of Views: 83