Cloud Security Issues and Counter Measures – a Survey

Zeichen Journal ISSN No: 0932-4747

Cloud Security Issues and Counter Measures – A Survey

Mercy Joseph1 and Dr.Gobi Mohan2

1 Research Scholar , Department of Computer Science, Chikkanna Government Arts College, Tirupur, Coimbatore(Tamilnadu), India

2 Asst. Professor, Department of Computer Science, Chikkanna Government Arts College, Tirupur, Coimbatore(Tamilnadu), India

(Corresponding Author: Mercy Joseph)

ABSTRACT:Cloud computing has proven to be a powerful, rapidly developing, effective set of new generation technologies which can provide significant benefits to users. Companies and organizations use Public, private and hybrid cloud for their data storage and is an essential factor for users of all ranges. Cost efficiency, High speed access and availability, wide range of resources and services attract cloud users. Even though cloud computing is a promising technology, there are some negative aspects also which need to be discussed in order to make the best usage of it. In this survey we discuss about the features of cloud computing, various classes of current security issues addressed by the cloud users, and their possible counter measures and are presented in a tabular form. This survey discusses new security issues such as Spectre and meltdown which exploits the critical vulnerabilities in modern processors.

Keywords: Cloud Security, Cloud service models, cloud security Issues, Cloud service provider

I. INTRODUCTION Amazon, Google and Microsoft. Each of these companies have one or more of the following One of the vital issues that organizations face cloud delivery models. nowadays is to storage and management of large amount of data and the acquisition of hardware A. Cloud Service models and software required for it. All such challenges Cloud computing model have been evolved over can be solved by providing such resources online time. The Major cloud service models are SaaS, and sharing it through cloud computing. The PaaS and Iaas (Fig.1). resources include applications, storage solutions, , business processes, computational units, development and deployment platforms networking etc. Cloud computing is a fundamental model of computing, manipulating and configuring and accessing the applications online. It enhances the distribution of services for the internet users from its resource pools to offer faster innovation, flexible resources and economies of scale. It is a Pay-for-Use model which lower your operating costs.

II. BASICS OF CLOUD COMPUTING

There are many top companies which provide cloud services. The major cloud providers are Fig.1. Cloud Service models

Volume 6, Issue 7, 2020 Page No:108 Zeichen Journal ISSN No: 0932-4747

Software as Service (SaaS ) Public Cloud: The Software as Service users can run When a cloud network is rendered over a applications provided by the service providers. For network and available for public use, it is called example Gmail is an application provided by public cloud. It is meant for all users who want to Google. The SaaS users does not have to manage utilize computing resources. With public cloud, networks, operating systems or servers. Another all resources such as software components and name for SaaS is ‘ Web based software’. These infrastructure are deployed and managed by the softwares are centrally hosted and licensed on a cloud provider[4]. subscription basis. Services offered include enterprises services as well as web applications such as blogs, metadata management, social networking etc. SaaS is not good for applications which need real time responses[1]. Platform as Service(PaaS) PaaS Provide the facility to develop and deploy applications using different programing languages and tools. The user need not control the underlying infrastructure. The user can control and configure Fig.2. Cloud Deployment models the application and hosting environment. Example services include device integration ,session Private Cloud management , sandboxes , knowledge Private cloud is solely used and managed by a management, content management etc. private organization. Private cloud are costly due Infrastructure as Service(IaaS) to the expenditure in deploying and maintaining It provides virtualized computing resources so that the infrastructure. But the company can easily consumer can deploy and run software of any customize resources based on its requirements. kind, including operating systems , programing Physical location can be around the premises or languages ,network software etc. The consumer can be hosted by a third party. It is more secure has control over operating system, storage and since resources are not shared with others. other deployed applications[9] Community Cloud Database as Service(DBaaS) When more than one similar organizations In DbaaS , the database is stored in cloud shairing the computing resources it is called infrastructure and access to the database is Community cloud. Examples are joined business provided as service. The advantages are high organizations, financial organizations etc. availability , scalability , performance and Hybrid Cloud partition tolerance. It is less costly because of the In this model we use interconnected public and pay-for-use model. [3] private cloud. Hybrid model supports extending resources when needed. In hybrid cloud model B. Cloud Deployment models: data can move between public and private clouds. NIST defines mainly four cloud deployment So private cloud can be used for more critical models models based on the nature and purpose applications public clo(ud can be used applications of cloud. All organizations select the cloud which are less secure. category based on their requirements. The major Inter-Clouds types of cloud deployment models are shown in The Inter-cloud is a global interconnected “cloud (F ig.2) : of clouds” and an extension of “Network of

Volume 6, Issue 7, 2020 Page No:109 Zeichen Journal ISSN No: 0932-4747

Networks” on which it is based. Inter-Cloud Cloud systems are automatic to great extent that it computing is inter-connecting multiple cloud assist the cloud providers as well as users by providers infrastructures. The main focus is on executing intelligent algorithms which generate direct interoperability between public cloud reports on cloud usage. Thus cloud systems are service providers. To provide this service , transparent to cloud providers and users so that portability and interoperability are necessary they can monitor and control the cloud usage and features. report it III.CHARACTERISTICS OF CLOUD Cost-Effective COMPUTING Cloud is highly economic that it provide a lot of facilities to users to match their needs. Users can Collaborative Resource Shairing easily optimize their cloud usage by resizing the Here the cloud provider has all the resources for resources. There is only very less expense computing and to provide service to multiple compared to the advantages we get by using cloud customers, a multitenant model is used. The computing. We need to pay only for the resources physical and virtual resources are assigned as per we utilized. the requirement of the customers. Here the Reliability implementation is such that the customer can only Cloud makes data secure by using different specify the location to store the data in an abstract techniques such as sharding and replication. level. Replication is storing more than one copy of same On-Demand Self Service data so that the data does not get lost even when The user are provided with a view to monitor one copy is lost. Storing data in different continuously the status of network storage, server geographical areas also makes the data secure. uptime and other capabilities provided by CSP. Besides this kind of techniques we know that High Scope Network Access cloud is secure because it utilizes all the security Cloud can be accessed from anywhere in the world layers implemented over internet. with a device having internet access like mobile , Pay-per-use model laptop etc. This capabilities make cloud user In cloud computing, unlimited resources are friendly. available for user. The user need to pay only for the resources and services he made use of. This Accessibility model is highly economic and user friendly Cloud servers are having very less downtime as it is distributed architecture. The cloud capabilities Optimized Resource Usage can be upgraded as per the user needs. Cloud Cloud providers records the users utilization of analyzes the resource usage and provide status records and the user is given all the privilege to report to customer in real time mode. It allows the optimize the resources he need. Even though the user to have extra storage whenever needed. user have access to unlimited resources, he only Easy Conservation has to pay for the resources he used. The cloud Cloud services are always being updated and user can resize the resources according to his need. becoming better day by day. Even when the IV. GENERAL ISSUES IN CLOUD updates are done there is very less down time in COMPUTING cloud computing and it makes the total processing more faster. That is the servers are easily The CSP must make sure that users do not face maintained by the cloud providers. any problems like data loss or security at the time of data access since there are many hackers at the Self-operating

Volume 6, Issue 7, 2020 Page No:110 Zeichen Journal ISSN No: 0932-4747

cloud server. Some of the issues of cloud from the cloud server. Therefore, it creates a computing are listed below. critical data issue for DOs. In cloud computing the data stored in CSPs site A. DATA STORAGE ISSUES can be managed by CSP or can be managed by a third party. The user can access the services Confidentiality provided by a CSP via an application programing Confidentiality in cloud environment refers to the Interface over internet [10]. The CSP providing prevention of unauthorized access of data and to data security by using the method of distributed make sure that only those who have access storage. The data is partitioned in to shards and permission can only access the data. There are each shard is stored in separate machine. Some of many challenges associated when the control of the main storage related challenges are explained data is transferred to an external service provider. below: Existing solutions are different cryptographic Availability: The main aim of cloud storage is to techniques. To protect customers data, the cloud make the data available to users at any time security CSP must make sure that the data is anywhere. Availability is cloud computing means confidential at different security layers of cloud the percentage of time the system is accessible to Data Integrity : It is ensuring consistency and the users. Cloud storage lacks availability because accuracy in a cloud environment. That is to ensure of different reasons like distributed storage that the data is not modified by any unauthorized technology used, flooding attacks in network, node users. Data stored by the owner and the data failures etc.[19] accessed by different users must be the same. The Data Loss: The data can be destroyed by mistake CSP must make sure that the data is not modified or by attacks and also due to hardware problems. by any others. Another issue is when there is more We store data electronically and it can be changed than one copy of same data is kept as backup, all because of the same reason. That means data is not copies must be updated. secure from this point of view. Data Breaches: The data is taken without the Data Location and Visibility : Usually the CSP permission of the owner. It is when the data is does not provide enough transparency so that the released intentionally or unintentionally to an client can the location of data storage. This creates untrusted environment. an insecurity for transferring business data to a Vendor lock-in: when the customer need to third party. We need to develop some Data owner depend on a vendor for service and cannot easily centered models for cloud storage. move to another vendor, it is called vendor Data Restoration : There are chances of data loss lock-in. There may be situations when one vendor and hence proper backup policy should be issued stops service or client want better service from for the same. The vendor must have proper another vendor. Moving services from one CSP to infrastructure to deal with server breakdown and another is very difficult and insecure too. the data loss. Defective Data deletion: Another situation which Data portability and conversion: Ensuring data creates insecurity is when a user delete data from portability is necessary as the clients need to cloud server ,but the data is not deleted from migrating in and out of cloud. There should not be server completely. Currently there is no way to any lock when we need to migrate. Another area is know whether the deletion is complete. All the data conversion using different encryption or data data on the cloud server can be backed up by the conversion methods[11]. CSP [9]. The CSP stores data in several physical Unauthorized secondary usage: The CSP may devices. In one device, there may be data from want to make money using the data stored by a different users, and the device cannot be destroyed client by giving access permission to a secondary

Volume 6, Issue 7, 2020 Page No:111 Zeichen Journal ISSN No: 0932-4747

user. This is a risk factor. Now a days there is no [19] such restrictions and it happening.it leads to other Availability : Redundancy [37] threats like confidentiality, trust issues etc. Data Accumulation: Data Accumulation is also Transparent cloud protection known as data proliferation. It is an umbrella term system used for tremendously growing data storage by Service-level agreements which entities like government organizations, business outline CSP policies and firms, police and security forces etc. This leads to assurances while CSPs provide [15] many problems such as difficulty in retrieving clients with audit results. [8] required data legal issues etc. The following Data Auditing all administrative [33] table(Table.1) describes the storage issues and the Location and access to systems [36] corresponding Counter measures. Data Using client-based privacy [21] Visibility manager [22] Issues Surv Data Efficient POR system based on [37] Addressed Counter measures ey Restoration trusted log [20] data secure storage scheme Data based on Tornado codes [37] portability [59] (DSBT) [41] and virtual private networks (VPN) [55] [42] conversion Backups, geo diversity Confidentiali that will guarantee data privacy ty and metadata confidentiality Unauthorized [66] secondary Encrypt Data before Storing in Using Secure hash functions usage cloud [13] Integrity monitoring tools [63] Data Digital Signature [64] hyper-converged infrastructure integrity Third Party Audit (HCI), a technology that [54] Data combines storage, computing, Multi factor authentication, [66] Accumulatio network and virtualization in a Data-at-rest encryption [20] n single hardware box Perimeter firewall [31] Fragmentation-Redundancy [46] Table.1. Counter measures for Data storage Issues Data -Scattering [65] Breaches Penetration Testing B.SECURITTY ISSUES

Vendor entry and exit strategy In cloud environment no system will ever be lock-in Backup vendor [24] completely immune to security issues because day by day attackers will develop new ways to exploit Use of virtualized private security vulnerabilities. Security is the top networks for [60] challenge according to a new survey conducted securing the data [62] [12]. There is no standardized API and it is very Defective File Assured Deletion FADE) difficult to define who is responsible for what type Data deletion Cryptography of security. The main security Issues we address are explained below:

Volume 6, Issue 7, 2020 Page No:112 Zeichen Journal ISSN No: 0932-4747

Outsourcing: In outsourcing, the storage is bandwidth and traffic isolation and the software completely managed by a third party. The client may not be that secure. Job scheduling algorithm does not have the tension of creating or managing and virtualization are the two techniques used to the storage infrastructure. The service provider implement multi-tenancy. Virtual Machines will handle it. When done by a third party, there is (VMs) are isolated from each other, which make lose in data control. More than that much the system safe for users to share hardware. But differences in the security level provided by when using virtualization, new security issues like different companies. There can be many possible cross-VM side-channel attack can occur threats as described above such as data deletion, . alteration ,exposing data for others etc. Thus we Audit: In cloud computing Preventive measures need to ensure the security of outsourced data. like audit can be adopted and implemented for Insecure APIs and Interfaces: Every APIs which security. There are different kinds of audits like CSP provides is not secure. So it will affect when cloud users monitoring, security assessment etc. the company develop another application over it. For ensuring security, the transaction log of server Authentication and Identity management: These need to be recorded and audited. However, in the two are crucial problems in managing cloud public cloud, a full audit of the cloud environment security. Since a company’s data can be accessed is still unsolved. from anywhere through cloud , the company has Table.2 Summarize the security issues and counter to control user access by various policies and measures. guardrails Backup: To recover from failures and to increase Studies availability CSP need to keep multiple copies of Counter measures / same data. Maintaining multiple copies of data Issues Survey makes the process more complex. Autonomic Addressed resource management is a big problem in cloud Penetration testing ,General environment. The main problem is that it is not system security audits possible to determine where the data processing is Secure Socket Layer / going on [44]. Insecure API Transport Layer Security [20] Lack Of Standardization: Most of the issues arise encryption for data due to lack of standardization of cloud computing. transmission Grid computing has failed to gain adoption for Multifactor Authentication virtual organizations because of standardization. Service oriented architecture(SOA) tried to solve Ciphertext-Policy many issues by establishing better standards. In Attribute-Based Encryption cloud computing, there is no standardized (CP-ABE) is a feasible communication among CSP, DOs and users. Each technique for ensuring vendor has separate discipline which is not access control in the CSS, compatible with others. Lack of standardization outsourcing where an attribute authority [67] keeps customer to be locked in to a single cloud . is responsible to manage it creates a lot of inconsistencies in the areas of attributes and distribute security. keys Multi-tenancy: In SaaS multiple users may use the revocable Multi-Authority same software but there data is partitioned CP-ABE scheme virtually[16].This makes the public cloud vulnerable to attacks because there is not enough

Volume 6, Issue 7, 2020 Page No:113 Zeichen Journal ISSN No: 0932-4747

light weight Directory implementing security is the way to build trust. If access protocol[DAP] there is strong security, there must be strong trust. Authentication [25] SSH keys Trust is an issue, which can be solved by the CSP and identity [26] Multi factor authentication and users. Reputation is also a big factor in management [27] Chip and PIN building trust in customers. SAMIL Weak trust relationships: In cloud computing, it may be possible that for some reasons trust of Cloud computing service delivery become weak, but existing service governance as an aspect of delivery must not be delayed. Risk can be information technology introduced, when a transaction is initiated. If the governance presents data do not transfer in such a way that the CSP Lack of [38] integrated management with wants, risk can also occur. During transaction, the standardization: [40] automated performance user don’t have enough transparency to understand resolution, balancing the process in detail and thus no clear idea about resources in a cloud the total process. This situation causes to lose trust environment in the cloud security provider. Sometimes, a new cloud provider is added in the cloud server to gain Separation of Duties (SoD) an extra load in real time and it starts new issues. Auditing and Client The new cloud provider may not check user’s Controls Multi-tenancy [36] identity, data confidentiality, data integrity, etc. in Trusted Computing a proper way. Platform and Environment [ Lack of customer trust : Sometimes the users are MTCEM] asked to give personal information ,when they tries to access a server. It may cause to create Service Level Agreements distrust among the user and CSP[14]. Another should outline CSP policies thing is the users are not sure about whether the and assurances while CSPs data in cloud is totally protected or not[51]. For Audit provide clients with audit [33] the same reason users reject to use cloud without results knowing the risks and how the CSP faces those Use a third party and risks. This is basically happened when personal or homomorphic encryption. confidential data like financial or healthcare Table.2. Security Issues Countermeasures information is associated with the cloud server.

C.TRUST ISSUES E. LEGAL ASPECTS

The benefits of cloud computing in IT sector To Protect users sensitive data proper agreements bring a great interest to users, but it also bring lots need to be implemented between CSP and client. of problems in data privacy and security. These Clear rules must be established for data storage two problems are very critical in the financial and access rights and to monitoring data access. sector and also for health data. As cloud users are The data protection in charge also need to be not able to utilize the cloud mechanisms for their observed. All the confidential data need to be data protection, they usually depend on the CSP encrypted. Privacy of medical records, Protection or another third party to protect their data against of business secrets are example for data which hackers. Trust is a confidence that someone is need to be protected. There are already existing dependable and secure. In the case of cloud usage, legal constraints provided by many CSPs, which

Volume 6, Issue 7, 2020 Page No:114 Zeichen Journal ISSN No: 0932-4747

are dealt with user’s personal data or file. But hacker break cryptographic implementation of Privacy Laws changes with the location where target system using information leaked by the data is stored. European countries allow data target system . It is by measuring and analysing processing according to the personally identifiable physical parameters such as electro magnetic field details of the data.. The access of particular data is emitted by a computer screen. not granted until or unless the purposes of data Wrapping Attacks: A wrapping attackis similar to accessing is matched against the required man-in-the-middle attack. Since cloud users personally identifiable information. In Europe, connect to services using web services it is sometimes, data accessing for marketing purposes. vulnerable to attack. If attacker is able access In that case, accessing is not granted for personally signature element of XML, he can manipulate the identifiable information [15]. XML file. Man-in-Cloud attacks: This type of attack rely on Storing data on the cloud server is much risky, synchronization tokens. The hackers try to which may impact on policy, status and intercept and reconfigure cloud services so that, in obligations. There are several acts for privacy the next synchronization with the cloud , the maintaining in cloud computing, such as health synchronization token will be replaced with the laws or Canadian Privacy Act. But, it is almost new one that provides access to the attackers. The impossible to maintain all these laws. hacker can steal data and take access control secretly.

Insider Attacks: In cloud environment an attacker F. ATTACKS ON CLOUD ENVIRONMENTS can be an insider. an employer in the company or data administrator himself. So when designing Here the hackers add their service to PaaS or SaaS cloud , the developers must secure the system by or an infected Virtual machine instance to IaaS, in setting different levels of access permissions. order to take control of the users information. . If it Account or Service Hijacking: works, the service redirect users messages to the After gaining access to the users account details, hackers virtual machine instance and will trigger the hacker can take control so that he can obtain another set of code and d can do malicious users personal information or corporate data . activities such as cross site scripting, stealing data, There are various techniques such as spyware, SQL-injection attacks etc. cookie poisoning, phishing etc. Abuse of cloud services: Using different harmful Advanced persistent threats (APTs): This is a services hackers can do DoS and brute force prolonged and targeted cyber attack by attacker or attacks to other cloud users by renting servers a team . Here the attacker get access to network from cloud users. and remain undetected for a long time. The hacker Denial of service attacks: In DoS attacks the can steal streaming data continuously or mine hackers overload the system to make the system highly sensitive data. By staying in network for a unavailable to users. In cloud system providing long time ,hackers adapt to security measures and high computational power, this attack is more being undetected. Once unauthorized access is dangerous as many users may be in trouble when a established, hackers make use of network for any single system is being attacked. The cloud system malicious activities. slows down and it affects the availability of the New Spectre and Meltdown: This new type of system attacks exploit critical vulnerabilities in modern Side Channel Attacks: Hackers place a malicious processors. For example using malicious virtual machine on the same host as the target JavaScript code, reading the encrypted data from virtual machine. During a side channel attack, the memory. By making use of hardware

Volume 6, Issue 7, 2020 Page No:115 Zeichen Journal ISSN No: 0932-4747

vulnerabilities can steal the data of currently attack circuit running processes. This data can be passwords Safe circuits are used to ,email, personal photos etc. Spectre acts between Electromag integrate erased data into different applications while meltdown breaks the netic attack conventional SRAM isolation between applications and operating Data Remanence system. Table.3 summarizes the possible cloud using a combination of attacks and the corresponding counter measures WS-Security with XML given the literature. Wrapping Signature [28] Studi Issues attacks Wrapping SAML token [35] Counter measures es/Su Addressed inside X.509 Certificate rvey Cloud performing a service two-factor and multi malware factor authentication instance integrity check [35] Man-in-the injection mechanisms [72] for incoming requests -cloud attacks Disable Ping [50] attacks use a highly secure cloud Update Synchronization service provider who tocken Have strong IDS/IPS, enable auditing of user Use firewalls that inspect actions both incoming and Insider segregation of duties [53] outgoing traffic, attacks principle of least Abuse of Use per-tenant firewalls privilege for privileged cloud to isolate users on the [53] users services same cloud, avoiding the transfer of Account or Have cloud workload session keys across the service [32] monitoring and balancing communication channel hijacking tools, Dynamic Credentials Have strong fraud threat model for the prevention for payment Advanced attacks from one VM to services persistent another VM [45] Up-to-date Intrusion threats detect zero day attack [52] Detection System. (APTs) using windows function Firewall Traffic Type hooking Inspection features [20] KAISER defense Denial of Source Rate Limiting, [35] mechanism for KASLR service Blocking of the IP [43] speculation blocking [47] attacks addresses [44] Spectre and instructions [48] firewall or intrusion Meltdown Preventing Access to [49] detection system (IDS) Secret Data [51] Intrution Prevention Preventing Branch System IPS) Poisoning Side StopWatch, to modify Table.3. types of attacks and counter measures channel timings observed by the [68] attacks: attacker VM [69] Timing Game theoretic approach [70] Attacks new ROM is used to [71] Power design monitoring the AES cryptographic

Volume 6, Issue 7, 2020 Page No:116 Zeichen Journal ISSN No: 0932-4747

CONCLUSION [8] Shuijing H, “Data security: the challenges of cloud computing. Conference on Measuring Technology and Cloud computing is a great blessing to new Mechatronics Automation,” pp. 203-206. IEEE (2014) generation technologies since it provides [9] Brender, N., Markov, “Risk perception and risk numerous benefits to the users and is widely management in cloud computing: results from a case study of Swiss companies,” Int. J. of Information Management. accepted. However ,there are so many issues 33(5), 726- 733 (2013) which are obstacles for cloud adoption. Security [10] Hashizume, K., Rosado, D.G., Medina, E.F., issues and their counter measures will help cloud Fernandez, E.B.” An analysis of security issues for cloud users for a decision making in cloud adoption. computing,” J. of Internet Service and Application. 4(5), 1-13 (2013) Techniques like virtualization and multi-tenancy [11] G. L. Prakash, M. Prateek and I. Singh, "Data introduce new cloud specific security threats. This encryption and decryption algorithms using key rotations for survey presents features of cloud computing, data security in cloud system," 2014 International Conference on Signal Propagation and Computer Technology (ICSPCT various security threats and counter measures 2014), Ajmer, 2014, pp. 624-629, doi: given in the literature in a tabular form, which 10.1109/ICSPCT.2014.6884895.

helps the readers to compare and analyze. [12] Mckinley, P.K., Samimi, F.A., Shapiro, J.K., Tang, References: C. ” Service clouds: a distributed infrastructure for constructing autonomic communication services,” 2nd [1] Marinescu1, Cloud Service Providers and the Cloud International Symposium on Dependable, Autonomic and Ecosystem. Cloud Computing, 13–49. D.C.(2018). Secure Computing, pp. 341-348. IEEE, Indianapolis, IN (2006) [2] B.Kezia Rani*1,Dr.B.Padmaja Rani2, Dr.A.Vinaya Babu3, “Cloud Computing and Inter-CloudsTypes, [13] Shen, J., Deng, X. & Xu, Z. “Multi-security-level Topologies and Research Issues,” Procedia Computer Science cloud storage system based on improved proxy re-encryption. 50 (2015)24–29 EURASIP Journal on W ireless Com Network 2019, 277 (2019). https://doi.org/10.1186/s13638-019-1614-y [3] KavithaK. "Study on Cloud Computing Model and its Benefits,Challenges,” International Journal of [14] Crane, S.Tweney, “A Trustguide to an exploration of Innovative Research in Computer and Communication privacy preferences in an online world,” Cunningham, P., Engineering, Vol. 2, Issue 1, January 2014 Cunningham, M. (Eds.) Expanding the Knowledge Economy: Issues, Applications, Case Studies. IOS Press, Amsterdam [4] Saurabh Singh1 , Young-Sik Jeong2 , Jong Hyuk (2007) Park1 "A Survey on Cloud Computing Security: Issues, Threats, and Solutions,”Network and computer applications [15] Sharma P., Sood S.K., Kaur S. “Security Issues in 2016 Cloud Computing,”. In: Mantri A., Nandi S., Kumar G., Kumar S.. Communications in Computer and Information [5] L. FB Soares, D. AB Fernandes, J.V. Gomes, M.M. Science, vol 169. Springer, (2011) Freire,P. RM Inácio, “Cloud security: state of the art, in: Security, Privacy and Trust in Cloud Systems,” Springer, [16] Nesrine Kaaniche, Maryline Laurent, “Data Berlin, Heidelberg, 2014, pp. 3–44. Security and Privacy preservation in Cloud Storage Environments based on Cryptographic Mechanisms, “ [6] K. Hashizume, D.G. Rosado, E. Fernndez-Medina, Computer Communications (2017), doi: E.B. Fernandez,”An analysis of security issues for cloud 10.1016/j.comcom.2017.07.006 computing, “ J. Internet Services Appl. 4 (1) (2013) 1–13. [17] M. Pearce, S. Zeadally, R. Hunt,” Virtualization: [7] M.D. Ryan, “Cloud computing security: the Issues, security threats, and solutions,” ACM Computing scientiﬁc challenge, and a survey of solutions,”Journal of Surveys March 2013 Article No.: 17 Systems and Software 86 (2013) 2263–2268

Volume 6, Issue 7, 2020 Page No:117 Zeichen Journal ISSN No: 0932-4747

[18] Chunming Rong, TY - JOUR, Nguyen, Son, Jaatun, [29] D.Cappelli, A.Moore, and R.Trzeciak, “The Martin. “Beyond lightning: A survey on security challenges CERT Guide to Insider Threats: How to prevent, Detect and in cloud computing,” Computers & Electrical Engineering Respond to Information Technology Crimes(Theft, Sabotage , 39(1):47–54 • January 2013 Fraud) ,” SEI series in software Engineering. Addison- Wesley Professional, 2012. [19] Luigi Coppolino, Salvatore D‘Antonio, Giovanni Mazzeo, Luigi Romano , “Cloud security: Emerging [30] William R ClayComb, Alex Nicoll, “Insider threats and current solutions,” Computers & Electrical Threats to Cloud Computing: Directions for New Research Engineering Volume 59, April 2017, Pages 126-140 Challenges,” [Online],www.cert.org/archive/pdf/CERT_cloud_insiders.pdf [20] Opara-Martins, J., Sahandi, R. & Tian, F. ,”Critical [31]Hashizume, An analysis of security issue for cloud analysis of vendor lock-in and its impact on cloud computing computing,” Journal of Internet Services and applications., 8- migration: a business perspective,” J Cloud Comp 5, 4 2016). 9, 2013. https://doi.org/10.1186/s13677-016-0054-z [32] Shelveen Pandey, Mohammed Farik,” Cloud [21] M. Ahmed and M.A. Hossain,” Cloud Computing Security: Latest Issues & Computing And Security Issues In The Cloud,” International Countermeasures,”INTERNATIONAL JOURNAL OF Journal of Network Security & Its Applications (IJNSA), SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 4, Vol.6, No.1, 2014. 2Year: 2018; Page s: 133 – 139; IEEE ISSUE 11, NOVEMBER 2015 ISSN 2277-8616 Conferences [33] Jungwoo Ryoo, Syed Rizvi, William Aiken, and [22] Pearson S., Shen Y., Mowbray M.,”A Privacy John Kissell ,”Cloud Security Auditing: Challenges and Manager for Cloud Computing.,” Jaatun M.G., Zhao G., Rong Emerging Approaches,”Article in IEEE Security and Privacy C. (eds) Cloud Computing. CloudCom 2009. Lecture Notes in Magazine •November 2014 Computer Science, vol 5931. Springer, Berlin,Heidelberg [34] Oluwasegun Adelaiye*, Aminat Ajibola, Silas Faki [23] M. Miller,”Cloud Computing-Web Based ,” Evaluating Advanced Persistent Threats Mitigation Effects: Application that change the way you collaborate online,” A Review,” INTERNATIONAL JOURNAL OF Publishing of QUE, 2nd print 2009 INFORMATION SECURITY SCIENCE O. Adelaiye et al.,Vol.7, No.4, pp.159-171 [24] Opara-Martins, J., Sahandi, R. & Tian, F. “Critical analysis of vendor lock-in and its impact on cloud computing [35] A. A. Shaikh, "Attacks on cloud computing and its migration: a business perspective.,” J Cloud Comp 5, 4 countermeasures," 2016 International Conference on Signal (2016). https://doi.org/10.1186/s13677-016-0054 Processing, Communication, Power and Embedded System (SCOPES), Paralakhemundi, 2016, pp. 748-752, doi: [25] D.A.B. Fernandes, L.F.B. Soares, J.V. Gomes, M.M. 10.1109/SCOPES.2016.7955539. Freire, P.R.M. Inácio, “Security issues in cloud environments: a survey,” Int. J. Inf. Secur. 13 (2014) 113–170, [36] Wayne J. Brown, Vince Anderson, “ Multitenancy - Security Risks and Countermeasures,” DOI: [26] I.Indua, P.M. RubeshAnanda, 10.1109/NBiS.2012.142 VidhyacharanBhaskar,”Identity and access management in cloud environment: Mechanisms and challenges,” [37] Rongzhi Wang, “Research on data security Engineering Science and Technology, an International Journal technology based on cloud storage,” Procedia Engineering 21 (2018) 574–588 174 ( 2017 ) 1340 – 1355, doi: 10.1016/j.proeng.2017.01.286

[27] U. Habiba, R. Masood, M.A. Shibli, M.A. Niazi,” [38] Hamed Tabrizchi1 • Marjan Kuchaki Rafsanjani1,” Cloud identity management security issues & solutions: a A survey on security challenges in cloud computing: issues, taxonomy,” Complex Adapt. Syst. Model. 2 (2014) threats, and solutions,”© Springer Science+Business Media, LLC, part of Springer Nature 2020, [28] KaziZunnurhain ,Susan V. Vrbsky,, Security https://doi.org/10.1007/s11227-020-03213-1 Attacks and Solutions in Clouds, [Online]http://salsahpc.indiana.edu/CloudCom2010/Poster/clo [39] Basu S et al ,” Cloud computing security challenges udcom2010_submission_98.pdf, 2010 and solutions—a survey,” In: Proceedings of the IEEE 8th

Volume 6, Issue 7, 2020 Page No:118 Zeichen Journal ISSN No: 0932-4747

Annual on Computing and Communication Workshop and Physical System: A State of Art Survey," 2019 21st Conference (CCWC-2018), pp 347–356 International Conference on Advanced Communication Technology ICACT), PyeongChang Kwangwoon_Do, Korea [40] Dzombeta S, Stantchev V, Colomo-Palacios R, (South), 2019,pp.279-284,doi: Brandis K, Haufe K,” Governance of cloud computing 10.23919/ICACT.2019.8701960. services for the life sciences,” IT Prof 16(4):30–37, 2014 [51] hen,Baozi,Wu,Qingbo,Tan,Yusong,Yang,Liu,Zou,Peng, [41] Ku C-Y, Chiu Y-S ,”A novel infrastructure for data “Exploration for Software Mitigation to Spectre Attacks of sanitization in cloud computing. In: Diversity, Technology, Poisoning Indirect Branches,” IETE Technical Review and Innovation for Operational Competitiveness,” vol.35,2018/10/22 International Conference on Technology Innovation and Industrial Management, pp 3–25,2013 [52] Natasha Arjumand Shoaib Mirza1 , Haider Abbas1,2, Farrukh Aslam Khan2 , Jalal Al Muhtadi2, [42] Singh HJ, Bawa S , “ Scalable metadata “Anticipating Advanced Persistent Threat (APT) management techniques for ultra-large distributed storage Countermeasures using Collaborative Security Mechanisms,” systems—a systematic review,” ACM Computing Surveyv Article • January 2015 DOI: 10.1109/ISBAST.2014.7013108 (CSUR) 51(4):82,2014 [53] NIST 2016, Available: [43] Sattar K, Salah K, Sqalli M, Rafiq R, Rizwan M,”A https://csrc.nist.gov/csrc/media/publications/white-paper/2016 delay-based countermeasure against the discovery of default /04/21/best-practices-for-privileged-user-piv-authentication/fi rules in firewalls,”Arab J Sci Eng 42(2):833–844,2017 nal/documents/best-practices-privileged-user-piv-authenticati on.pdf [44] Iqbal S, Kiah ML, Dhaghighi B, Hussain M, Khan S, Khan MK, Choo KKR,” On cloud security attacks: a [54] Azeem, Shaikh,Sharma, Satyendra,” Study of taxonomy and intrusion detection and prevention as a Converged Infrastructure & Hyper Converge Infrastructre As service,” J Netw Comput Appl 74:98–120,2016 Future of Data Centre,” International Journal of Advanced Computer Research,10.26483/ijarcs.v8i5.3476,2019 [45] Mishra P, Pilli ES, Varadharajan V, Tupakula U,” Intrusion detection techniques in cloud environment: a [55] Gondree, Mark,Peterson, Zachary, “Geolocation of survey,” J Netw Comput Appl 77:18–47,2017 Data in the Cloud,” CODASPY 2013

[46] Tan CB, Hijazi MHA, Lim Y, Gani A, “A survey on [56] S. Acharya and D. A. D'Mello, "Cloud computing proof of retrievability for cloud data integrity and availability: architectures and dynamic provisioning mechanisms," 2013 cloud storage state-of-the-art, issues, solutions and future International Conference on Green Computing, trends,”J Netw Comput Appl 110:75–86,2018 Communication and Conservation of Energy (ICGCE), Chennai,2013,pp.798-804,doi: 0.1109/ICGCE.2013.6823543. [47] Moritz Lipp1, Michael Schwarz1, Daniel Gruss1, Thomas Prescher2, Werner Haas2, Anders Fogh3, Jann [57] Amrita Jyoti &Manish Shrimali ,”Dynamic Horn4, Stefan Mangard1, Paul Kocher5, Daniel Genkin6,9, provisioning of resources based on load balancing and service Yuval Yarom7, Mike Hamburg8 “Meltdown: Reading Kernel broker policy in cloud computing,” Cluster Computing Memory from User Space,” Published in USENIX Security volume 23, pages377–395(2020) Symposium 2018,Computer Science [58] M. Alhowaidi, P. Yi and B. Ramamurthy, "Dynamic [48] P. Kocher et al., "Spectre Attacks: Exploiting provisioning in virtualized Cloud infrastructure in IP/MPLS- Speculative Execution," 2019 IEEE Symposium on Security over-WDM networks," 2017 International Conference on and Privacy (SP), San Francisco, CA, USA, 2019, pp. 1-19, Computing, Networking and Communications (ICNC), Santa doi: 10.1109/SP.2019.00002. / Clara, CA,2017,pp.83-87, doi: 10.1109/ICCNC.2017.7876106. [49] P. Kocher et al.,"Spectre Attacks: Exploiting Speculative Execution," 2019 IEEE Symposium on Security [59] Mahdi Negahi Shirazi ,Ho Chin Kuan ,Hossein and Privacy (SP), San Francisco, CA, USA, 2019, pp. 1-19, Dolatabadi ,”Design Patterns to Enable Data Portability doi: 10.1109/SP.2019.00002. between Clouds Databases,” Published in: 2012 12th International Conference on Computational Science and Its [50] S. Ibrokhimov, K. L. Hui, A. Abdulhakim Al-Absi, Applications, DOI: 10.1109/ICCSA.2012.29, h. j. lee and M. Sain, "Multi-Factor Authentication in Cyber

Volume 6, Issue 7, 2020 Page No:119 Zeichen Journal ISSN No: 0932-4747

[60] Y. Tang, P. P. Lee, J. C. Lui, and R. Perlman Fade, [70] He Yuemei, Guan Haibing, Chen Kai, Liang “Secure overlay cloud storage with ﬁle assured deletion. Alei,”A New Software Approach to defend against In Security and Privacy in Communication Networks,” pages Cache-based Timing Attacks,”2009, IEEE 380–397. Springer, 2010. [71] Raja Mohan Jabir, Salam Khanji, Liza Abdallah [61] Kopo M. Ramokapane, Jose M. Such, Awais Ahmad, “Analysis of cloud computing attacks and Rashid, ”Assured Deletion in the Cloud: Requirements, countermeasures,” Omar Alfandi,Huwida Said College of Challenges and Future Directions,” Proceedings of the 2016 Technological Innovations, Zayed University, 144534, UAE ACM on cloud computing Security workshop , CCSW 2016, ,January 2016 Vienna, Austria, pages 97-108 [72] B.Kezia Rani*1 , Dr.B.Padmaja Rani2 , [62] Sultan Ahmad, Mohammad Mazhar Afzal, ”A Review Dr.A.Vinaya Babu3, “Cloud Computing and Inter-Clouds of Assured Data Deletion Mechanism in Cloud -Types, Topologies and Research Issues,”Dept of Computer Computing,”DOI: 10.14419/ijet.v7i4.5.20101 Science, JNTU, Hyderabad Telangana – INDIA, 2nd International Symposium on Big Data and Cloud Computing [63] Gaurav Pachauri1,Subhash Chand Gupta2, (ISBCC‘15)- “E NSURING DATA INTEGRITY IN CLOUD DATA STORAGE, IJISET ,”, International Journal of Innovative Science, Engineering & Technology, Vol. 1 Issue 3, May 2014.

[64] 1dr. Nedhala. Al-saiyd, 2nada sail,” Data Integrity in Cloud Computing Security,” Journal of Theoretical and Applied Information Technology 31st December 2013. Vol. 58 No.3

[65] Brett Shavers John Bair, Hiding Behind the Keyboard,Ist Edition, March 2016, ISBN

[66] Junwei Zhou, Hui Duan, Kaitai Liang, Qiao Yan, Fei Chen, F. Richard Yu, Jieming Wu,” Securing Outsourced Data in the Multi-Authority Cloud with Fine-Grained Access Control and Efficient Attribute Revocation,” The Computer Journal, Volume 60, Issue 8, August 2017, Pages 1210–1222

[67] Longfe Wei, Amir Hasan Moghadasi, Aditya Sundararajan and Arif I. Sarwat,”Defending Mechanisms for Protecting Power Systems against Intelligent Attacks,” 2015 10th System of Systems Engineering Conference (SoSE), 2015 IEEE, pp 12-17

[68] Sho Endo, Yang Li, Naofumi Homma, Member, IEEE, Kazuo Sakiyama, ,”A Silicon-Level Countermeasure Against Fault Sensitivity Analysis and Its Evaluation,” IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, 2014

[69] Kang Wenjing, Yu Kai, Yu Guoyi*, and Zou Xuechen,”Novel Security Strategies for SRAM in Powered-off State to Resist Physical Attack,” ISIC, 2009, PP 296-301.

Volume 6, Issue 7, 2020 Page No:120