A review on cloud security issues and solutions

Abstract

Cloud computing provides computing resources, platforms, and applications as a service in a flexible, cost-effective, and efficient way. Cloud computing has integrated with industry and many other fields in recent years, which prompted researchers to look into new technologies. Cloud users have moved their applications, data and services to the Cloud storage due to the availability and scalability of Cloud services. Cloud services and applications are provided through the Internet-based on a pay-per-use model. Plenty of security issues are created due to the migration from local to remote computing for both Cloud users and providers. This paper discusses an overview of Cloud computing, as well as a study of security issues at various levels of Cloud computing. The article also provides a complete review of security issues with their existing solutions for a better understanding of specific open research issues.

Keywords

Cloud computing Cloud security virtualization security issues security solutions

1. Introduction

Nowadays, people uses online social networking to connect with each other via the Internet, and many business organizations also starts an online business to capture better performance. The number of online users have noticeably increased and the need for data has also escalated. The communications for traditional computing like grid computing and distributed computing have became very precious and rough to manage, therefor it is not easy to access data from anywhere at any time. These methods are incapable to controlled the number of online users increased on social networking, multimedia, gaming and other internet related applications. The worldwide Internet usage has considerably increased the necessity for more storage volume and mature computing. The availability of services and data led to a new concept called Cloud computing [62].

Cloud computing becomes an approach for IT organizations to enhance capabilities without spending a lot on new infrastructure, workforce or new authorized software [39]. Some characteristics of Cloud computing like scalable, ubiquitous, economic and on-demand access to share resources have increased the migration of business towards the Cloud [6]. Banking, Healthcare, Educations and other industries are moving towards Cloud technology. The main reason for migration is the efficiency and the availability of services and the pay-per-use model offered by the provider. In pay-per-use model customers have to pay according to the use of resources and services. The Cloud Service Provider (CSP) offers the Cloud infrastructures and platforms to their users like the Internet Service Provider (ISP) offers Internet services to their users.

Cloud computing became a popular research topic until a massive expansion of smart devices and appliances, known as the Internet-of-Things (IoT), exposed all of the limitations of such a consolidated paradigm [16]. The IoT and Cloud technology revolution has opened up new directions for further research, increasing interest in distributed paradigms. Edge computing emerged in this context, with the goal of bringing the power of the Cloud to the network edge, addressing most of the new challenges that Cloud computing alone cannot address, such as bandwidth, latency, and connectivity. As a result, several Cloud and Edge computing implementations have been proposed.

1.1. Need of security in cloud computing

In Cloud computing, virtualization and multi-tenancy provided virtualized resources to the customer and services are delivered through the Internet. Resources are accessed and managed by web applications [6]. The same physical system could be allocated to the different users due to the multi-tenant environment, resulting in physical resource utilization. There is always a kind of risk associated with these technologies. Data visibility to the other users, privileged unauthorized access and virtual machine-related risks are introduced into the system. SaaS is the top model built over the PaaS and IaaS is the lowest model. All three development models are dependent on each other, which resulted dependency in the security related risk. If any service model compromised by the attacker, he or she will access all other layers also.

CSPs frequently launch a Service Level Agreement (SLA) to underline the security of the related services. There must be some standard methods to design an SLA. CSPs rely on detailed SLAs to guarantee security and other parameters to their customers. Security is the primary concern for any Cloud consumer because they have considerably less idea about the quality of Cloud security methods used by CSPs. The Cloud Security depends on policies and strategies used to secure Cloud services.

A recent survey by Flexera 2021 [34] about the use of Cloud services finds that security is still the most challenging issue for implementing and adopting the Cloud computing in the years 2021. Today, almost every organization that uses Cloud infrastructure is encountering security issues. 73% of businesses are highly to extremely worried about Cloud security. In the previous 18 months, 98% of respondents said they had experienced at least one Cloud data breach, with 67% reporting three or more instances. Security vulnerabilities were recognised as a key root cause of Cloud breaches by 60% of big and huge businesses and almost 40% of healthcare organizations [26].

Confidentiality, Integrity and authentication and authorization are basic security services. Confidentiality, ensures that data or information is sent (and received) without being accessed by unauthorized individuals while in transit. Unauthorized individuals, entities, or processes do not have access to the information. Data encryption is an excellent method for achieving confidentiality. Integrity guarantees that the information sent by anyone is the same when an authorized user receives it. There is no modification done by a third party to the received information. Authentication verifies the identity of the sender and receiver. The integrity and confidentiality of data are meaningful just when the identities of senders and receivers are adequately verified.

In literature, research work related to security issues in Cloud computing are surveyed and reviewed by many authors. Some researchers have presented basic introduction of cloud, security attacks and open issues in their work. Some have discussed cloud security issues with solutions in brief. In this work, we have discussed above topics related to cloud in detail with summary.

This paper differs from the other related works in terms of level wise classification of security issues and their latest existing solutions. The major focus is to review level wise security solutions for different security issues. At the end of the discussion of each level, the summary is provided with their strength and limitation for individual approaches.

The organization of this paper is as follows. Section 2 discusses the Cloud computing basic framework and related work. Section 3 classifies security issues at various levels of Cloud computing architecture. Section 4 reviews existing solutions and discusses open issues that still need more exploration. Section 5 concludes this paper.

2. Literature review

2.1. Cloud computing framework

It is essential to be aware of Cloud computing basic concepts and framework, so it becomes easier to understand Cloud computing security issues. The National Institute of Standard and Technology (NIST) gives the Cloud computing definition. “Cloud computing is a paradigm for providing ubiquitous, simple, on-demand network access to a shared pool of configurable computing resources that can be swiftly provisioned and provided with minimal managerial efforts by service providers” [35]. The NIST definition for Cloud computing is universally accepted. They define Cloud computing as the threefold model for service distribution. It has five essential characteristics, four deployment models and three service models as shown in Fig. 1.

2.1.1. Essential characteristics

Based on the user requirements and service qualities, Cloud computing have some characteristics. NIST define mainly five key characteristics as follows:

Fig. 1.

Cloud computing definition framework [6].

On-demand self-service: CSP automatically provides Cloud services and resources to the customer as and when required without any human interaction. Web services and management interfaces are responsible for management of these resources and services.

Broad network access: The data and services are available on the network by using the standard mechanisms and access through mobile phones, laptops, workstations, tablets, etc.

Resource pooling: In Cloud computing, multiple customers share resources and dynamically allocate on demand. The resources are location-independent and unknown to the customer.

Rapid elasticity: The resources are rapidly scaled in and out according to the customer needs. Unrestricted and adequate resources are the first choice for any type of customer.

Measured service: The usage of the resources is monitored and reported according to the service type offered.

2.1.2. Cloud deployment models

Before migrating towards the Cloud, the organization should decide the deployment model based on their needs. There are mainly four types of deployment models as shown in Fig. 2.

Public Cloud: The Cloud is owned by any CSP and open to the general public. The Cloud resources are shared with all customers and they are charged according to the pay-per-use model which is low cost and highly saleable. Web interfaces and APIs are used to access the services. Generally, the public Cloud resources are placed at an outside location less secure than the other models.

Private Cloud: The Cloud is handled by a private entity or organization or institution. The location of Cloud is within internal data center of that entity and behind the firewall. Any other customer cannot share the private Cloud resources, only private entities manage and utilize them.

Fig. 2.

Cloud computing deployment models.

Hybrid Cloud: The Cloud is a grouping of different types of Clouds. The hybrid Cloud takes advantage of the good qualities of all Clouds and increases security. Allow data and application portability. If the organization manages the Cloud then resources are placed in on-site locations, if the third-party entity manages the Cloud then resources are placed in external sites.

Community Cloud: Multiple entities share the community Cloud model. Typically, the Cloud is set up for the common interest community and it managed by Cloud owners or CSPs. The resources are shared among the community members and placed in internal or external sites.

Cloud computing is typically based on shared resources provided by local servers or individual devices [57]. As a result, it can achieve consistency by leveraging resource sharing. The deployed model explains the purpose and nature of the Cloud. This reduces server power, capital expenditure, and operating costs. Some common issues for deployment models are Multi-tenant environment, Unencrypted data Authentication etc.

2.1.3. Cloud services models

Cloud services are provided based on the user’s needs. Various types of Cloud service models are defined as follows:

Software as a Service: SaaS allows the use of applications from a web browser without any installation. The customer has provided the ability to run the application on a Cloud but cannot create applications [39]. The application developer has to maintain one application for multiple clients. Google, Microsoft, Dropbox are examples of SaaS.

Platform as a Service: The customers provided a development platform to create, deploy and manage applications without facing any problem of maintaining the infrastructure. The platform includes programming languages, different libraries, different services, and other development tools. The Cloud Storage, infrastructure and operating systems are controlled by service providers. The Google App Engine and Microsoft Azure are the best implementation of the PaaS model, which provides the grouping of operating system and infrastructure.

Infrastructure as a Service: IaaS customers are provided with all essential storage, network, and processing resources. The consumers allow creating, installing and deploying applications and also control OS. The applications, data and middle-ware are manage by the user. Communication networking, different servers, virtualization and data storage are still managed by service providers. The Google Compute Engine (GCE) and Amazon Web Services (AWS) are the best examples of IaaS model. Distributed computing, Service Oriented Architecture (SOA) and networking are basic Cloud computing foundations. Numbers of issues are associated with these traditional technologies.

CSPs are responsible for SaaS Model security. The security challenges of SaaS are related to Data storage, Virtualization, Network and Application level security. The security issue in PaaS depends on CSPs and the developers. CSPs secure the development environment and computing platform. In the IaaS model, application, data and OS securities are controlled by customers themselves [10]. There are many security threats to IaaS, which try to retaining maximum control over data, regardless of its physical location, for the data owner. Many different techniques used to achieve the highest level of security and trust on Cloud resources. Lots of new issues arise with Cloud computing and needs more exploration. The issues are related to security, availability reliability, scalability, interoperability, Service Level Agreements (SLA) [25] and Jurisdiction.

2.2. Related work to cloud security

Cloud computing security is the most discussed topic in industries and academic researchers. Here some existing survey works related to Cloud computing security are discussed.

Waqas Ahmad et al. [2] presented comprehensive survey for security in IoT and Cloud computing. They have discussed about IoT-Cloud short history, architecture and attacks in brief. Cloud security issues have categorized in four types and presented in details with summary. At the end they have provided future direction for researchers to work in the area of IoT and Cloud computing. Tabrizchi et al. [62] introduced the Cloud computing architecture with all related entities. They categorized Cloud security issues and challenges in five abstract types to provide new classification and discussed the Cloud security threats model. The OWASP [61] based attacks were briefly presented without security solutions. Donno et al. [15] provided a well-structured and fine survey about Cloud security issues in the IoT era and discussed security issues and their impact on the Cloud. They proposed a structured layer-wise classification for Cloud-specific and generic security issues. They identified the security issues that affected the CIA security properties on each Cloud layer.

Subramanian et al. [58] explored the security challenges faced by Cloud actors. They focused on the issues related to the Computational level which further classified in Virtual Machine, Hypervisor and Hardware level issues. The causes and effects of different attacks are presented in detail without security solutions. Basu et al. [9] presented survey about Cloud security challenges based on the Cloud security requirements. Confidentiality, Integrity and Availability has been considered for Cloud security evaluation. They also summarised existing security solutions and concluded work with some open issues.

Singh et al. [54] surveyed on different security issues and challenges related to virtualization, multi-tenancy and the public Cloud. They explored various Cloud services and analyzed the security of each service provider. They introduced three levels of security architecture to enhanced Cloud security. The architecture presented three levels of Cloud services with necessary security considerations and open issues. Coppolino et al. [14] presented an analysis of threats that affected Cloud computing adoption and provided full reviews of current solutions. They also presented the research directions based on the leading research developments and recognized approaches to solve security issues.

Khalil et al. [32] provided a complete review related to Cloud security. They recognized Cloud vulnerabilities and classified security threats and attacks. They also presented security solutions to manage them. They discussed the limitations of the current solutions and provided insights for future research directions. Modi et al. [39] surveyed the factors affecting Cloud adoption and discussed the different layers wise privacy and security in Cloud computing. They try to show the various security vulnerabilities, threats, attacks and solutions. According to them the CIA characteristics of Cloud resources and services are affected by different threats and attacks. The layer-wise classification is shown based on the security issues related to each layer.

Varukonda et al. [47] discussed issues related to Cloud storage, data theft, breaches and their solutions. They also provided an idea about the service models, deployment models with their related security issues. Rao et al. [33] explored various data-related security issues in Cloud and presented the technique to conquer security issues. The deployment model and service delivery model are also discussed in detail to understand the Cloud infrastructure.

The novelty of this paper is in level wise classification of various Cloud security issues and their solutions. The summary is provided for the same with their strength and limitation for individual approaches.

Table 1 compares our review work with other related existing works based on their discussion about security issues, attacks, solutions and open research issues in Cloud computing.

In Table 1, the “✓” indicates that the topic listed in the columns has been discussed and presented in a particular research work. The “×” indicates that the topic has not been covered and discussed in detail in a particular research work. The “✓(In Brief)” indicates that the topic covered in brief only.

Column name Scope of literature review provides research work ranges in years covered in their survey by individuals. Cloud overview introduce Cloud with basic Cloud definition and framework. Cloud attacks represent discussion about Cloud attacks on Cloud security levels. Security solution provides the review of Cloud security existing solutions. Last column Open issues, provide the discussion of open research issues for further exploration. For example, research work presented by Basu et al. is not discussed Cloud overview, Cloud attacks and open issue, but in this research work, all the topics are discussed and reviewed in detail.

Table 1
Summary of existing survey related to cloud security

Author Scope of literature review Cloud overview Cloud attacks Security solutions Open issues

This Paper 2013–2021 ✓ ✓ ✓ ✓

Waqas et al. [2] 2015–2019 ✓ ✓ × ✓

Tabrizchi et al. [62] 2011–2018 ✓ ✓ × ✓

Donno et al. [15] 2011–2017 ✓ ✓ × ✓

Subramanian et al. [58] 2012–2017 × × × ✓(In Brief)

Basu et al. [9] 2010–2016 ✓ × ✓(In Brief) ×

Coppolino et al. [14] 2010–2016 × × ✓ ×

Singh et al. [54] 2010–2016 ✓ ✓ ✓(In Brief) ✓

Khalil et al. [32] 2009–2014 ✓(In Brief) ✓ × ✓

Modi et al. [39] 2008–2013 × ✓ ✓ ✓

Author	Scope of literature review	Cloud overview	Cloud attacks	Security solutions	Open issues
This Paper	2013–2021	✓	✓	✓	✓
Waqas et al. [2]	2015–2019	✓	✓	×	✓
Tabrizchi et al. [62]	2011–2018	✓	✓	×	✓
Donno et al. [15]	2011–2017	✓	✓	×	✓
Subramanian et al. [58]	2012–2017	×	×	×	✓(In Brief)
Basu et al. [9]	2010–2016	✓	×	✓(In Brief)	×
Coppolino et al. [14]	2010–2016	×	×	✓	×
Singh et al. [54]	2010–2016	✓	✓	✓(In Brief)	✓
Khalil et al. [32]	2009–2014	✓(In Brief)	✓	×	✓
Modi et al. [39]	2008–2013	×	✓	✓	✓

3. Security issues at various levels of cloud computing

Confidentiality, integrity and availability [5] are important requirements for Cloud resources. Cloud services has been affected by different threats and attacks at every level. Based on the Cloud computing infrastructure, the whole structure divided into several different abstract levels viz; User and CSP level, Virtualization level, Network level and Data storage level as shown in Fig. 3. A security issues have related to attacks, faults, damage, loopholes, and weakness in the system. The Cloud-related security issues and general security issues both are different [1].

Various types of threats has straight away influence the security of Application and CSP level. The security of Cloud services, resources and data has affected due to various threats. The malicious user can effortlessly gain access to other consumer’s services and resources based on Network level attacks. The user’s data either in the rest or in transit has directly affected due to the Data Storage level attacks. Virtualization level threats has affected Data Storage and Application level security. The authentic consumers’ resources and services has been affected due to the CSP level threats. Trust and SLA related issues has directly affected the Cloud computing security. It is challenging to find a solution to Cloud-related issues.

Fig. 3.

Cloud architecture with level-wise security issues [39].

3.1. Attacks on cloud security

While Cloud computing models have several advantages, this beneficial phenomena is vulnerable to both internal and external threats. As a result, Cloud developers enhance their understanding of critical vulnerabilities, the most typical forms of attacks, and Cloud security solutions. The following are some Cloud attacks presented in detail. Table 2 presented summary related to attacks on cloud security.

Table 2
Summary of attacks on cloud security

Attacks Description Effects Solutions

DoS/DDoS attack Direct attack on host – Hypervisor and Network Level attack Have an impact on service accessibility Require enhanced authentication and authorization and Intrusion Detection System

User to root attacks Having access to all legitimate user’s resources. User level attack Affect the privacy of sensitive information and services provided to users Make use of a strong password and a stronger authentication techniques

Port scanning Scan the open port to gather information about it. Unusual behavior of the service, Have an impact on service accessibility Strong port security is required.

Man-in-middle attack Gaining access to data communication between two individuals Examine the privacy and security of data. An appropriate SSL architecture required

Attack on virtualization/hypervisor Compromise hypervisor, breakout virtual layer. VM and Hypervisor level attack Obtain access of user credentials and control another VM also Security solutions, monitoring for hypervisors are required, Need strong VM isolation

Metadata spoofing attack Modify service information file Application level attack Abnormal behavior of the service, affect privacy of the service Required a strong authentication mechanism

Sniffing attack Use a sniffer to monitor network traffic and extract sensitive data Network Level attack Capable of bypassing regular authentication in a consumer device Encryption protects private data from harmful invaders.

Phishing attack Using a spurious web link Affect the user’s privacy by revealing credentials that should not be disclosed Using secure websites with- https

Insider attack Malicious use of system by system user Affect confidentiality, access privileges, user data alteration Required a strong authentication mechanism

Cross VM side channel attack Information leaked through the system or cache based retrieval Attacker can access confidential information Careful design of cryptographic algorithms

Backdoor channel attack Compromise the legitimate user VMs, VM and Hypervisor level attack Have an impact on service availability and data privacy, grants access to legitimate user resources Mechanisms for robust authentication, identification, and isolation are required.

Protocol manipulation Network protocols that are incorrectly implemented are subject to attack, Network level attack exploiting application communication flaws and modifying the contents of the XML information Required strong and secure network protocols

Attacks	Description	Effects	Solutions
DoS/DDoS attack	Direct attack on host – Hypervisor and Network Level attack	Have an impact on service accessibility	Require enhanced authentication and authorization and Intrusion Detection System
User to root attacks	Having access to all legitimate user’s resources. User level attack	Affect the privacy of sensitive information and services provided to users	Make use of a strong password and a stronger authentication techniques
Port scanning	Scan the open port to gather information about it.	Unusual behavior of the service, Have an impact on service accessibility	Strong port security is required.
Man-in-middle attack	Gaining access to data communication between two individuals	Examine the privacy and security of data.	An appropriate SSL architecture required
Attack on virtualization/hypervisor	Compromise hypervisor, breakout virtual layer. VM and Hypervisor level attack	Obtain access of user credentials and control another VM also	Security solutions, monitoring for hypervisors are required, Need strong VM isolation
Metadata spoofing attack	Modify service information file Application level attack	Abnormal behavior of the service, affect privacy of the service	Required a strong authentication mechanism
Sniffing attack	Use a sniffer to monitor network traffic and extract sensitive data Network Level attack	Capable of bypassing regular authentication in a consumer device	Encryption protects private data from harmful invaders.
Phishing attack	Using a spurious web link	Affect the user’s privacy by revealing credentials that should not be disclosed	Using secure websites with- https
Insider attack	Malicious use of system by system user	Affect confidentiality, access privileges, user data alteration	Required a strong authentication mechanism
Cross VM side channel attack	Information leaked through the system or cache based retrieval	Attacker can access confidential information	Careful design of cryptographic algorithms
Backdoor channel attack	Compromise the legitimate user VMs, VM and Hypervisor level attack	Have an impact on service availability and data privacy, grants access to legitimate user resources	Mechanisms for robust authentication, identification, and isolation are required.
Protocol manipulation	Network protocols that are incorrectly implemented are subject to attack, Network level attack	exploiting application communication flaws and modifying the contents of the XML information	Required strong and secure network protocols

Denial of service (DOS) attack. [68] also known as a flooding attack, tries flooding a VM by delivering massive amounts of packets over the network from unsuspecting hosts (zombies). UDP, TCP, ICMP, or a combination of these protocols may be used to send packets. This attack aims to prevent legitimate users from accessing the Cloud services and then hacking them. An attacker may be able to make the intended service unavailable by focusing on a single server that provides it. It’s referred to as a direct DoS attack. The flood re-quests deplete the physical components of the server to the point where future service instances on the same physical device are unable to perform their required tasks.

User-root attack. In user to root attack [60], after gaining access to a system’s regular user account (password sniffer, a dictionary attack) the attacker allows a malicious to get root access. Buffer overflow attacks, perl, xterm, and other user to root attacks are just a few examples.

Port Scanning. [65] Ports are scanned by the attacker for finding out the vulnerable ports. Example of this includes the open ports, the closed ports and the ports that are filtered. Attackers could use port Scanning to detect vulnerable ports and services operating on them. Existing port scanning techniques include SYN, ACK, TCP, Windows, FIN, and UDP scanning. This scanning method displays all the network packets, including MAC addresses, IP addresses, router and gateway filters, and firewall rules, among other things. A port scanning attack in the Cloud environment could jeopardize the Cloud’s secrecy and integrity.

Man-in-the-middle attack. A man in the middle attack occurs when an attacker intervenes in the data flow between two parties. Because of a security configuration flaw in a Secure Socket Layer, this attack is possible (SSL). When two parties, including providers, communicate in the Cloud, an attacker resides in the middle and has access to the data if the communication channels are not secure.

Virtualization/Hypervisor attack. [52] An attacker can gain access to a VM by exploiting the hypervisor. By targeting zero-day attacks in VM, attackers can simply target and get access to them, potentially resulting in the loss of numerous websites that rely on virtual servers.

Metadata Spoofing. In this type of attack, an adversary modifies or changes the Web Services Description Language (WSDL) file, which stores descriptions about service instances. This attack is possible if the adversary is successful in interrupting service invocation code from the WSDL file at delivery time. To protect against such an attack, information about services and applications should be kept encrypted. For access to such sensitive information, strong authentication should be required.

Sniffing attack. [24] In Sniffing, attacker use a sniffer to intercept network traffic. The sniffer is a process that seeks to collect network sent packets across networks. Moreover, If security systems are implemented incorrectly, this sort of attack might acquire sensitive data by sniffing network traffic or permitting remotely stored user data in the Cloud environment. An attackers scan open ports for any vulnerable services on the network to capture useful sensitive data. Encryption security Encryption protects private data from malicious hackers by keeping devices secure on the network.

Phishing attack. Phishing attack [41] is used to manipulate a web link. As a result of the attack, a valid user is led to a specious web page, where he believes the open web page is a secure page and enters his username and password. After then, the attacker has access to his credentials.

Insider Attack. [18] An insider attack is described as the malicious use of computer system and network by users. The attackers can try to obtain and abuse privileges that have been assigned to them. As a result, they can defraud others, deliberately alter data, or expose secrets to competitors. This is a substantial breach of confidentiality. An inner DoS attack was performed targeting Amazon (EC2) as an example [71].

Cross VM side channel attack. A side-channel attack, as defined by Ainapure [3] in 2017, is one that relies on data collected from a computer system’s application rather than faults in the algorithm alone. Timing data, power usage, electromagnetic leaks, and sometimes even sound is used to provide an additional source of information. VM running on a similar core of the OS are targeted by malicious or anomalous attacks, which include side-channel attacks. The cache is a shared resource between numerous VMs running simultaneously on the similar core of the OS. The attacker can use the victim’s cache functionality to launch a (cache-base) memory side-channel attack.

Backdoor channel attacks. [49] Attacker attacks via the backdoor. It is a passive attack in which hackers attain remote access to a compromised node to compromise user privacy. Hackers can monitor a victim’s resources and turn it into a monster for a DDoS attack by using backdoor channels. It could be utilized obtain sensitive information about the victim. As a result, the infected device may have trouble executing its routine tasks. In the Cloud environment, an attacker could utilize a backdoor channel to acquire access and control of a user’s resources, as well as turn a VM into a zombie to launch a DDoS attack.

Protocol manipulation. To investigate the target’s security, network protocols might be subject to well-known attacks such as denial of service, exploiting application communication weaknesses, and changing the contents of XML information exchanged between users and servers. In reality, improper protocol implementation leads to this sort of attack by sending erroneous messages that exploit vulnerabilities in protocol implementations, and attackers can crash or hijack victims.

3.2. Network level security issues

The network is the fundamental building block of Cloud computing. As a result, problems exist not just in the VM, service, or application, but also at the network level. Issues at the network level might have a direct impact on the Cloud system. The network boundaries are modified to allow the user and service to communicate. As a result, the present state of network security necessitates the adoption of new trends [7].

Network Security: Security issues at the network level consider as both internal and external networks. Sniffer attacks, cross-site scripting, DNS poisoning, phishing, port scanning, ARP spoofing, and IP spoofing are common network-level attacks [39]. The attackers have executed these attacks to gain unauthorized access to Cloud resources. The unauthorized user can ability to access other users’ resources without any difficulty. The internal attackers might be official admin users or users from the same Cloud network. External attackers have limited privileges in network, resources, and security mechanisms compared to internal ones. The vulnerable Internet protocols, intrusions, data transmission and attacks, session hijacking are some of the main network-level issues.

Virtual Network: It is a logical network built over a physical network. VMs has communicated through virtual networks. The physical network has some Security and safety mechanisms, but they cannot monitor the traffic over the virtualized network. Therefore, the activities of VMs are not monitored by security mechanisms and become serious issues. Intrusion detection and prevention techniques have observed network traffic patterns for suspicious behaviors and detected the possibility of the attacks [6,22]. The virtualized network is shared between multiple VMs. The attacker can monitor the network traffic for malicious attacks.

Intrusion Detection/Prevention System: The firewall monitors the network traffic and blocks the malicious data packets based on the predefined policies. Any malicious access to the network is detected and logged by the intrusion detection system (IDS) [38]. The intrusion prevention system (IPS) used to prevent the network and system from any malicious access. The attacks are detected and logged by IPS to prevent the system.

3.3. Application and CSP level security issues

The Application and CSP level security issues are widely covered in this section. The issues discussed are due to the web technologies that provide Cloud services through the Internet.

Web Application: Services and applications are utilized, managed over the web and always available for users to access universally. The same application may access by different users simultaneously because Cloud applications are not bounded with specific users, which is one of the most significant characteristics of the Cloud [55]. The less secure web application in the Cloud generates some issues related to the Co-location of multiple users, their data, and other resources [21].

Application Programming Interface (API): The user and the Cloud services are connected via APIs in Cloud computing. These APIs are very important for management, storage and other Cloud needs and play a critical role in the Cloud. Therefore, the availability of Cloud services and applications are incredibly based on the APIs [15]. CSPs are published Cloud services and applications in the market by releasing APIs. The user from published APIs fetches the details about various functions and modules. The weak identification, inadequate authorization and poor input-data validation are vulnerabilities of APIs [6].

Authentication: CSPs offer a large amount of data storage, applications and other Cloud services at cost. The number of users accesses these services and applications simultaneously from multiple CSPs. They should ensure that precise methods authenticate users. Admin or privileged users have more priority access than normal users. Therefore, these kinds of privileged accesses increase the level of risk. However, different authentication methods can solve this problem by verifying the users’ identity when a user wants to access the Cloud services [11].

Authorization: Authorization is a process that allows or denies authorized users access to the resources based on the user’s credentials. In a general situation, a single Cloud user can provide access to different Cloud services, but in a multi-user system, this situation becomes more complicated [12]. The authorization of a large number of users, data and services is a challenging task. Malicious users can get the privileged access to Cloud services and perform malicious works. Even a third-party user can get access due to insufficient authorization.

Identity Management: Identity management govern resources, user identity, Cloud objects, organizations’ accounts, and keeps system and data storage secured. Identity management is crucial to verifying user identity and granting them access based on organizational policies and information. These types of models prevent data leakage during storage [54]. In Cloud computing, multiple CSPs offer their services to the users. The single user can able to access various Cloud services offered by CSPs. Different CSPs deliver each particular service with different security levels and policies. Single Sign-On authentication [29] allows the facility to authenticate multiple ID management processes to connect through a single account.

3.4. Virtualization level security issues

Virtualization in Cloud computing is a result of the widespread usage of Cloud computing in the industry. The development of a Cloud service for commercial purposes necessitates the Cloud provider’s reliance in the VM. Virtualization is the essential prerequisite for any service in Cloud environments. The virtualization security issues are widely covered in this section.

VM Isolation: The VMs isolation is necessary for VMs running on the common hardware to guarantee the security and safety of the system even if another VM is compromised on the same system. There is always logical isolation among VMs, therefore access to the same resources can lead towards cross-VM and data breach attacks [38]. Reuse of IP addresses between VMs can crack the isolation and raise the issues like the destruction of the complete system.

VM Migration: VM’s can be relocated from one machine to another without shutting down to improve resource efficiency. This programmed process aims to achieve load balancing, energy-saving, maintenance, and fault tolerance [19]. The live migration of VMs leads to a security gap for both, the new VM host system and the migrated VM. An attacker can compromise the migration module by relocating the VM to the compromised server.

VM Escape: Normally, VMs run in an isolated situation on the host system. VM escape situation arises when VM tries to interact with the hypervisor in an isolated environment. This situation leads the attacker to gain access to other VMs [55]. A successful attack provides access to computing and storage devices.

VM Rollback: Cloud computing virtualization allows the VMs to roll back to their former state. The rollback provides flexibility to change the state whenever the user wants to change it. The rollback process may raise security concerns because of the recovery of the infected VMs to their previous state with infection and vulnerabilities. The VM rollback reapplied the security credentials, policies, and configuration errors into their previous states [63].

VM Sprawl: VM sprawl is a condition, in which the numbers of VMs are increased linearly, while most of them are in an idle state. There is no control over the development of VMs. Enormous scale wastage of the host’s resources is done due to VM sprawl [63].

VM Hopping: VM hopping issue occurs when attackers attempt to access another VM running on the same hypervisor. The vulnerable hypervisor lets attackers or malware to compromise the host system middleware and control by jumping from one VM to another VM. The attackers identify the worst affected VM as the next attack point to start the VM hopping. The hypervisor is unable to detect VM hopping and leads single-point-of-failure.

Hypervisor Issues: The hypervisor is responsible for running multiple OSs simultaneously on the host system in the virtualized environment. The increased number VMs on a hypervisor are also increased the security risk for newly added guest OSs. The guest OS can run the malicious code and take complete control over the host system or down the system and block the other guest OSs. Sharing resources and infrastructure between multiple users may create a risky environment for other users. [44]. Isolation between VMs is not an acceptable solution for the hypervisor. The lower layer hypervisor is compromised due to vulnerabilities in the hypervisor and attackers can control over installed VMs.

3.5. Data storage level security issues

In Cloud computing, the data in transit and data in rest are to different conditions for any kind of data. The data in transit state, the data transfer through the Transport Layer Services (TLS), which provides a better security mechanism for data transfer in Clouds. Therefore, the data in rest is less secure and more favorable to breach from the attacker’s viewpoint.

There are several security concerns and solutions associated with data storage. A Cloud storage provider must use the correct technology and procedures to store data in the Cloud effectively and reliably.

Data Breach: According to CSA, data breach is the most severe threat nowadays. The protected or private data are stolen or leaked by any malicious or authorized entity with or without any intention is known as data breach or data leakage [33]. In Cloud computing, multi-tenancy environment and the data stored at remote places are raised the issues like data breach or stolen.

Data Recovery: Data Recovery is known as the process of accessing damaged or corrupted data from storage. Whenever the user deletes the stored data, the original contents remain in data storage, only the metadata is deleted from storage [66]. Cloud computing has its property like on-demand resource provisioning and resource pooling. Therefore, the resource used by some users may be later reassigned to another user. The attacker can apply the data recovery process to recover previous users’ data from resources like memory and storage as an authorized user.

Data Backup: Data backup is required in Cloud storage to handle the loss of data. Regular data backup needs in case of any accidental situation to avoid data loss and ensure data recovery and availability [47]. Multiple backup copies, regular maintenance and protection from attackers needs to avoid the data loss.

Data Sanitization: Data sensitization associate with the destruction of physical data storage. Due to the disk change, the data becomes useless or service termination [33]. The CSP needs to sanitize these devices correctly to avoid the data exposure risk. The multi-tenancy is an essential characteristic of the Cloud but creates risk factors for shared devices.

Data Location: The data storage locations are unknown to the Cloud users. Storing sensitive data to an unknown storage location leads to security, legal and regularity compliance. The unknown or remote locations restrict the user control over the data and increased privacy-related risk. These issues are very challenging due to un-trusted CSPs.

CIA Tried: The data stored in the Cloud are always vulnerable in terms of confidentiality, integrity, and availability [33]. Confidentiality provides the confidence that unauthorized users have not disclosed the data. In Cloud computing, the data is stored in remote locations and migrated from one place to another. The data migrate through an insecure medium, so the need for data confidentiality must be there. Integrity gives assurance that some unauthorized user has not modified the data. Therefore integrity proves the accuracy and correctness of the data. It is a very significant task to provide outstanding availability to the client. System errors and malicious attacks violate service availability by hardware and software limitations [5].

Table 3
Cloud computing level-wise security issues with existing solutions

Levels Security issues Security solutions

Network level issues Network Security
Virtual Network
IDS/IPS Signature and anomaly detection using ML [8,31,36]
Network and Hypervisor based IDS With VMI [43,64]

Application and CSP level issues Authentication Attribute Based Encryption (ABE) for access control [29,48,69]

Authorization PGP and Kerberos based authentication [42]

Identity Management CP-ABE for ABAC for Cloud storage [59]

Web Application-API Token Based Access Control (TBAC) [70]

Virtualization level issues VM IsolationVM MigrationVM Escape VM Rollback VM Hopping VM SprawlHypervisor issues Securing VM Image [67]Remote backup for Virtual Machine Image [27]IDS to detect Hypervisor attacks [17]VMGuard [37]

Data storage level issues Data Recovery Data Backup Data Sanitization Data Location CIA Tried Data Classification [53] TPA and AES based encryption [4,40] Secure data using AES and PGP [30] Homographic and Blowfish based two level encryption [50]

Levels	Security issues	Security solutions
Network level issues	Network Security Virtual Network IDS/IPS	Signature and anomaly detection using ML [8,31,36] Network and Hypervisor based IDS With VMI [43,64]
Application and CSP level issues	Authentication	Attribute Based Encryption (ABE) for access control [29,48,69]
	Authorization	PGP and Kerberos based authentication [42]
	Identity Management	CP-ABE for ABAC for Cloud storage [59]
	Web Application-API	Token Based Access Control (TBAC) [70]
Virtualization level issues	VM IsolationVM MigrationVM Escape VM Rollback VM Hopping VM SprawlHypervisor issues	Securing VM Image [67]Remote backup for Virtual Machine Image [27]IDS to detect Hypervisor attacks [17]VMGuard [37]
Data storage level issues	Data Recovery Data Backup Data Sanitization Data Location CIA Tried	Data Classification [53] TPA and AES based encryption [4,40] Secure data using AES and PGP [30] Homographic and Blowfish based two level encryption [50]

Table 3 provides the list of level-wise Cloud computing security issues with existing solutions.

4. Existing security solutions

This section presents the review of different existing solutions for various security issues at different levels of Cloud computing and provides summaries for the same. The discussion about some open issues are presented at the end of this section.

4.1. Network level

To alleviate some of the network difficulties, leading Cloud providers are hosting their apps behind a firewall. However, it only offers protection at the network’s outside and cannot detect inside threats. Network based intrusion detection system (NIDS) can be integrated to address some of the security issues. A NIDS, on the other hand, should be set to detect both external and internal intrusions. The following sections describe existing research attempts to solve network security challenges in the Cloud. The frameworks proposed in [8] and [31] are able to detect the virtual network level attacks using NIDS. The approach in [36] is hypervisor based NIDS to secure the virtualization level.

Fig. 4.

Design of the intrusion detection framework for cloud [8].

Arjunan et al. [8] proposed a security framework to detect intrusions at the virtual network layer of the Cloud. The framework is based on the combination of signature and anomaly detection techniques. They used different machine learning techniques for feature selection and attack classifications. The intrusion evidence is collected from every area of Cloud to detect the distributed attacks. The Dempster-Shafer theory (DST) [51] is used to make final decision-making procedures for alert generation. Figure 4 shows the proposed intrusion detection framework for Cloud.

Mishra et al. [36] proposed the Malicious Network Packet Detection (MNPD) out-VM monitoring security approach. The VMs are monitored from outside at network as well as the virtualization layer. MNDP analyzed the behavior of network packets at Cloud Networking Server (CNS) to provides intrusion detection at the network level. MNDP validated the VM traffic at the hypervisor level to detected spoofing attacks from other VMs. The approach provided the second level defense to detect the intrusions at the virtualization level. The non-spoofed packets were further analyzed to sense any irregularity in the virtual traffic. The Random Forest statistical learning technique is integrated with feature selection to analyze the behavior of network traffic. The MNDP detects packets that never pass through the physical interface and hence not detected by conventional IDS. Therefore, no extra memory or timing overhead.

Kadam et al. [31] proposed an intrusion detection framework to secure virtual machines against network attacks in Cloud environments. The framework used snort for signature-based detection. A variety of feature selection techniques based on machine learning, as well as a combination of classification approaches, utilized for anomaly detection. It increased the accuracy of Cloud intrusion detection while decreasing false alarms.

Tayyebi et al. [64] proposed IDS with new algorithm based on the VM and network layer behaviors. They have introduced a new concept to improve system accuracy by reducing the resource requirement for attack detection and prevention. The IDS placed at each VM and built based on the VM feature and network behavior. The weights are attached with each known attack signatures and updated dynamically based on the new signatures and network behaviors. Minimum required signatures are selected according to the VM feature, network behavior and total weight associated with each signature. The system became more accurate by lower resource utilization and false alerts.

Patil et al. [43] presented NIDS to detect physical and virtual network related attacks. they deployed IDS at each Cloud server on privilege control VM. The Internal, external and Virtual network are monitored by IDS. The alerts generated from various Cloud servers are correlated with each other for distributed attack detection. The new attack signatures are updated in database for future use.

To overcome the limitations of the above-presented approaches, further work related to NIDS needed to provide a fully secured network environment in Cloud computing. This section discussed several solutions to network-level security issues in Cloud computing. Table 4 provides a summary of their strength and limitation.

Table 4

Summary of network level security solutions

Author	Characteristic	Limitations
Arjunan et al. [8]	Proposed signature and anomaly based Intrusion Detection framework for Virtual Network of Cloud Computing with three different machine learning techniques.The framework has detected known as well as unknown attacks	There is no use of any feature selection techniques from network traffic packet profilesIt could decrease the overall accuracy
Mishra et al. [36]	Introduced the MNPD system to monitored the VM in Cloud using network and hypervisor based IDS with VMI technique.The system provided with two level of detection for higher security.	In this technique due to the two stage security checking the processing overhead should be there and they also not consider the early analysis of the malware which may infected the VMs.
Kadam et al. [31]	Intrusion detection framework based on signature and anomaly detection with various machine learning and classification techniques.They applied signature detection before anomaly detection to reduce the packets pass to the next phase.	Different Machine Learning (ML) techniques used as classifiers with recursive feature elimination, which increased the overall processing cost.
Tayyebi et al. [64]	They introduced weight based detection algorithm for network level IDS. The weights are calculated based on VM and network behaviors.	They introduced weight based detection algorithm for network level IDS.The weights are calculated based on VM and network behaviors.
Patil et al. [43]	They used extended binary bat algorithm with two fitness function, increase overall accuracy	The IDS based on hypervisor which increase communication overhead.

4.2. Application and CSP level

Application level security refers to the use of software and hardware resources to secure applications so that attackers cannot get control of them and change their format.

It is possible to change an eavesdropped communication despite the fact that it is digitally signed, based on application level vulnerabilities. As a result, an attacker is able to execute arbitrary computer commands on behalf of a legitimate user. Data should be transferred through a secure channel, and fine-grained authentication and authorization techniques can be employed to prevent unwanted access to the data. The following sections describe existing research attempts to solve application level challenges in the Cloud computing.

Ruj et al. [48] proposed a new scheme for secure data storage in Clouds that provides robust, decentralized access control and anonymous authentication. Cloud verified the authenticity of users before storing or modifying the data. The user’s authentication process done without releasing the user’s identity. Several Key Distribution Centers (KDCs) provided for key management process. If two different users are not authorized individually, no user colluded and accessed the data or authenticated them. Access control and authentication are not vulnerable to collusion. Only valid users can decode the information because of the access control. The users after the revocation process not able to access the data. The scheme prevented replay attacks and supported creating, modifying, and reading the data stored in the Cloud. The overheads for communication, processing, and storage are comparable to centralized alternatives.

Patel et al. [42] proposed a privacy-enhanced authentication method to achieve high level security in Cloud computing. The basic security and privacy are provided to CSPs and Cloud users based on Pretty Good Privacy (PGP) [20] and Kerberos [56]. According to the author, Kerberos authenticated the user’s identity over networks, provided data integrity and secrecy, and prevented replay attacks. Kerberos used a trusted third party (KDC) to perform secure user verification and not supported non-repudiation. They used the concept of digital signatures and public-key cryptography, along with Pretty Good Privacy to solve Kerberos weakness.

Fig. 5.

Method for authentication in cloud [42].

The proposed method for authentication for Cloud is shown in Fig. 5. First, users registered themselves to the Kerberos (KDC). The ticket provided to the registered users for communication with CSP by the Kerberos server. The tickets and registered user identities also provided to CSP who stored these for future use. The KDC acknowledges user credentials arrival and storage by CSP. The user data first encrypted before sending in to the Cloud for storage. The PGP authenticated the user and sent encrypted data to the Cloud. PGP also sent the user authentication message to CSP. The requested data by the user sent to PGP. The user data and information decrypted and sent to the authorized user by PGP. They presented the security analysis of the proposed framework. According to the analysis, there should be very little chance for successful mathematical attacks and brute force attacks due to the secure use of RSA. The scheme provided good user privacy by using encrypted data transfer. The registered user credentials stored for better identity management.

Sukhodolskiy et al. [59] implemented a multi-user system prototype that provided access control to datasets stored in a Cloud. The Cloud users created their unique ID using provided set of attributes. The system implemented on the multi-authority attribute-based encryption scheme. The security is increased by a Certificate Authority (CA) independent of the CSP and signed Revocation Lists. They used API to connect their prototype to existing Cloud storage. Instead of attributing the computational burden to a single party, it is divided among multiple users.

Joshi et al. [29] developed a new attribute-based authorization system using Attribute Based Encryption (ABE) [23]. The system is centralized, which provides secure access to patient records. The service management overhead shifted from patients to the medical organization. The mechanism corporated the Attribute Based Access Control (ABAC) [28] with access control policies to evaluate access to the system. They encrypted the patient’s Electronic Health Records (EHRs) using Attribute Based Encryption (ABE) to provide data security assurance. They developed a HIPAA [13] compliant knowledge graph using the HIPAA Ontology. The graph contains details about various medical organizations concerning various attributes. The information is kept on the EHR Cloud service provider’s server. From the knowledge graph, the user and EHR field attributes are extracted. The retrieved data was utilized to construct attribute-based encryption and safe access control. Every patient is saved as a separate node in the knowledge graph, allowing easy data access.

Wei et al. [69] presented secure and cost-effective attribute-based access control to Cloud storage systems for a multi-authority based on Ciphertext-Attribute Based Encryption (CP-ABE). The attribute authorities provided separate secret keys for individual users. The public parameter of the system remains unchanged throughout the system’s life cycle. It is used to update the ciphertext without the data owner and the authority. The implemented system provided both forward security and backward security. Because the method permitted dynamic and scalable user revocation, the revoked user cannot access previously available data.

Wu et al. [70] proposed an API access control based on OAuth that simplified the process flow in various application situations. It simplified the authentication and authorization flow. The standard IT technology and tools used to implement that mechanism. OAuth provided access to server resources to the third-party applications. The resources accessed without sharing the resource owner’s access credentials by generating the tokens instead of access credentials. Each token allowed access to a particular site for particular resources. They proposed the TBAC model based on tokens and private key to verify the API user. The model used the integration of private keys and temporary access tokens to validated users. The APIs management platform worked as a mediator between API users and providers to distribute, discover, and consume an API. API users start to use the capabilities offered by the APIs management platform. The proposed API management system tested execution and response times to serve the different API users.

This section discusses several security solutions related to Application and CSP level security issues in Cloud computing. Table 5 provides a summary of their strength and limitation.

Table 5

Summary of application and CSP level security solutions

Author	Characteristic	Limitations
Ruj et al. [48]	Secure, decentralized access control and secret authentication scheme is proposed to secure data storage in Clouds based on ABE and ABS.The scheme is also prevented reply attacks.	In the proposed technique the access policy and attributes for each user record stored in the Cloud should be secured.
Patel et al. [42]	Author introduced secure authentication framework for Cloud Computing based on Pretty Good Privacy (PGP) and Kerberos with KDC.	The proposed model used Kerberos that could not provide the non-repudiation features in communication. The KDC can be compromised.
Sukhodolskiy et al. [59]	They proposed an access control model for Cloud storage based on CP-ABE Attribute-Based Encryption.The implementation supports a Certificate Authority, independent of Cloud Service Provider.	In proposed model, the revocation of user access rights could be provided the access of user account to the unauthorized user.
Joshi et al. [29]	The Attribute-Based Encryption (ABE) scheme used to provide secure access of Cloud-based EHR System. The scheme generated an ontology based HIPAA compliant knowledge graph to facilitate easy querying and faster data access operations.	The proposed system faced some inference problem because semantic web technologies used to implement it.
Wei et al. [69]	The Attribute-Based Access Control scheme is proposed for multi authority Cloud storage using Attribute-Based Encryption.There is no need for a centralized authority that can be completely trusted.	The outsourced data is not able to access by revoked user due to Scalable and dynamic user revocation.
Wu et al. [70]	Token Based Access Control Model created to give tokens for Cloud API access as well as keys to authenticate and validate the user.	The token and keys should be distributed securely.

4.3. Virtualization level

In a virtualized environment, several operating systems run concurrently on a host machine through a hypervisor. Existing vulnerabilities in a VM that are distributed throughout the physical and virtual enterprise resources allow cyber attackers, malware, or other threats to exploit remotely. As the number of guest operating systems (OSs) running on a hypervisor increase, the security concerns with that newer guest OSs also increase. If a hacker gains control of the hypervisor, he may modify any of the guest OSs and get access to any data moving through the hypervisor.

There should be a standard approach for ensuring the integrity of guest VMs in order to effectively execute workload while preventing interruptions in computation, data loss, and resource misallocation. The following sections describe existing research attempts to solve virtualization level challenges in the Cloud computing.

Wang et al. [67] focused on the issues related to pour availability of VMs. They proposed the approach called LiveRB to remotely backup and save the running states of VMs. LiveRB run the backup process in the background. The backup process is visible to VM apps. A virtual block device is cached I/O operations in memory and saved the VM’s incremental virtual disc data to a remote server. The effectiveness and efficiency of the LiveRB are used to implement and assess it.

Fig. 6.

Architecture of LiveRB for VM image backup [67].

The architecture of LiveRB in the hypervisor layer shown in Fig. 6 is mainly divided into two components. The live migration module saved the running states of VM to remote storage and the virtual block device managed the saving of VM states to remote storage. The live migration module kept the application data as pages at the time of memory access by applications. During the backup process, the saved pages transferred to the remote storage along with other memory pages. The first task of virtual box device is to put on hold the writing process of all memory disk i/o operations until the saved pages by migration module are transferred to remote storage. The i/o writes redirected to memory cache for temporary storage and backup the pages saved between current virtual disk state and last saved disk state. After completing the backup task, the cached i/o with other memory pages are stored into the virtual disk by the virtual block device.

Islam et al. [27] author proposed a security framework to secure the stored virtual machine images. The security model used encryption, decryption mechanisms and Kerberos to defend the virtual machine images. The proposed system has three main modules. Image Management Module (IMM) managed the virtual machine image encryption and decryption process at the time of storage into a disk or at the time of launch. The Key Management Module (KMM) managed the generation and storage processes for encryption-decryption keys and supplied the Image Management Module’s keys. All communications between KMM, IMM and Kerberos did through the secure channel. They combined encryption plus Kerberos and setup in an OpenStack environment to enhance the security. They compared the various features of the proposed model with existing security models. The Kerberos provided the extra layer of security and work based on the onion security model. Kerberos’s disk encryption and authentication combination include some computational overhead to the Cloud system.

Dildar et al. [17] proposed Virtual Machines and Hypervisor Intrusion Detection System (VMHIDS) to protect the hypervisor. They categorized the hypervisor attacks into the Cloud infrastructure attacks and external attacks with a brief overview of all infrastructure related attacks. They discussed the five existing techniques to prevent the hypervisor with all their strengths and weaknesses. The IDPS, virtual firewall, Network-based IDS, Host-based IDS and Hypervisor-based IDS techniques have not protected the Cloud against the hypervisor attack. Therefore, to overcome the existing weakness they proposed VMHIDS. Hypervisor based IDS placed with the hypervisor layer. The proposed VMHIDS is placed with the hypervisor and each associated VMs with the hypervisor. The hypervisor attack initiated with delivered packets through the Internet. The hypervisor and virtual machines protected by VMHIDS against insider and external attacks on Cloud. The real time anomaly based detection techniques used to detect and block the malicious packets through the tracking and traffic analysis by VMHIDS.

Mishra et al. [37] proposed VMGuard architecture to detect malicious activities at the VMM level based on VMI with Machine Learning technique. They claim that, various attacks based on malicious hidden process, disable security tools in VM and alter the behavior of legitimate applications to access sensitive data detected by the system. They used Term Frequency-Inverse Document Frequency TF-IDF [46] for Bags on N-grams based method for feature selection and Random Forest (RF) for classification. The LibVMI [45] interface and Drakvuf advanced VMI tools used to collect system calls and rekall tool for acquired the details of guest OS kernel symbols and their address location. The authors not consider the early analysis of the malware but VMGuard is found to perform fine in detecting program subversion attacks.

This section discusses several existing solutions related to virtualization level security issues in Cloud computing. Table 6 provides the summary with their strength and limitation.

Table 6

Summary of virtualization level security solutions

Author	Characteristic	Limitations
Wang et al. [67]	The proposed approach is to backup the Live VM image securely. The virtual block device used to saving the running states of virtual machines in an online manner.Operated in the background and transparent to the host of the application.	They have used virtual block device with 1024 byte block size which create performance overhead during backup.
Islam et al. [27]	Securing Virtual Machine Images by encryption through Kerberos.The Key Management Module is used to manage keys and Kerberos used for authentication and authorization.	Need a secure channel for communication for key transfer between KMM and IMM
Dildar et al. [17]	The VMHIDS technique is detecting and preventing hypervisor attacks by analyzing real time events from hypervisor and VMs.It protects both the hypervisor and virtual machines from insider or external attacks.	They placed IDS at hypervisor and each VM associated with it.If any one of the VM compromised it might be compromised full system.
Mishra et al. [37]	The proposed architecture VMGuard, dynamically detected intrusion based on VMI technique with TF-IDF for feature selection and RF as a classifier.	The zero day or unknown attacks not detected by the proposed system and performed two levels of security checks might be generate processing overhead.

4.4. Data storage level

Even if efforts are made to prevent unauthorized access, data may be compromised as a result of application defects. The biggest issue with data on the Cloud is loss of control if an unauthorized user accesses the data in a shared environment. Because the encryption and decryption keys can be compromised by a malicious user, storage devices with built-in encryption algorithms failed to prevent unauthorized access. Because of the shared environment, protecting data integrity is the most difficult challenge in the Cloud. The following sections describe existing research attempts to solve data storage level challenges in the Cloud computing.

Data security and privacy are very essential for organizations that wanted to adopt Cloud computing. Different types of data require different levels of protection. Shaikh et al. [53] proposed a data classification method to secure Cloud computing. The technique defined various parameters based on a variety of dimensions. The data security depended on the predefined levels and the required protection. The security requirements applied to the data storage are based on the classified data as per the dimensions. The data need perfect classification techniques to improve security and strength significantly.

More et al. [40] discussed the public data auditing scheme for Cloud storage to ensure data integrity with the help of a Third Party Auditor (TPA). The scheme is straightforward and secure. It observed general security requirements like public auditing, privacy-preserving and maintaining integrity and confidentiality. The scheme used three entities, the data owner, Cloud server and the TPA. TPA requested encrypted data from the Cloud server when the client requested data auditing and generated all the above values and signatures using the same algorithms. TPA compared both the signatures for the integrity verification process and if they matched with each other, it means data is not altered by outsiders or attackers. One of the limitations of the scheme was timing overhead.

Considering that security is a critical issue Akhil et al. [4] presented the system to enhance Cloud data security using the AES algorithm. They discussed existing work related to Cloud security algorithms. According to the authors, many users use the same network for data transfers so the data become less secure against different security attacks and becomes prone to intruders or attackers.

The proposed security Cloud server model shown in Fig. 7 works as follows: The users requested data storage to the server. On receiving the storage request, the TPA called by the server to verified the identity of users. The TPA not only verified the user but also selected the available Cloud server storage. On the user side, the data is encrypted using the AES algorithm and transfer through the secure channel to the server for storage. The server stored the encrypted data safely. The third-party auditor was unaware of the encryption and decryption process in the system. The encryption-decryption overhead should be there on the user side.

Fig. 7.

Cloud data security model [4].

Jothy et al. [30] author proposed the new architecture to secure data storage in the multi-Cloud environment when data travel through the network to Clouds. The symmetric cryptographic algorithm AES (Advanced Encryption Standard) and PGP (Pretty Good Privacy) provided security to the data at rest and data at motion respectively. According to the author, symmetric cryptosystems provided more resilient encryption with longer key lengths, as well as the speed and computational efficiency to handle massive volumes of data encryption.

Before passing through the secure channel, the data encrypted using the AES algorithm and further encrypted using the PGP algorithm. According to the total number of Clouds, the encrypted data divided into equal parts and stored in each Cloud. AES is a practically strong encryption technique based on substitutions, permutations and linear transformations. Therefore, AES is a preferable encryption technique for banks security, governments, and other high-security organizations. To improve the open network security they used the PGP (Pretty Good Privacy). The cryptographic algorithm and number of key generation would take long time duration.

Sajay et al. [50] They proposed a hybrid algorithm to enhance Cloud data security using encryption algorithm and securely stored huge amount of information in Cloud. The scheme combined the homographic encryption and blowfish encryption algorithms to enhance Cloud security. The homographic encryption applied on input bits then bit strings are joined and passed to second layer of blowfish encryption. The reverse process applied for decryption of string to obtain the original message. The approach used reversible multilayer encryption which provided enhanced security to Cloud. According to the author, the blowfish algorithm is a variable-length algorithm, and key generation for both encryption and decryption in the blowfish algorithm is much faster and more secure. The homographic encryption offers a new dimension to storage in Cloud and also offers data confidentiality as in no stage information is exposed in plain text.

This section discusses several solutions related to Cloud computing data storage level security issues. Table 7 provides a summary of their strength and limitation.

Table 7

Summary of data storage level security solutions

Author	Characteristic	Limitations
Shaikh et al. [53]	They proposed data classification technique that defines various parameters based on various dimensions to achieve Security in Cloud computing.The data security levels provided based on the type of content and accessibility.	The requirements for Cloud security based on dataset mast be predefined clearly for perfect classification.
More et al. [40]	Introduced Third Party Auditor based auditing scheme which is very efficient and secured. They used AES for encryption, SHA-2 for integrity check and RSA digital signature generation.	In the proposed scheme, the TPA could be compromised or the intruder could act as TPA and need to secure data owner login credentials.
Akhil et al. [4]	The proposed approach provides secure data transfer to the Cloud using an enhanced AES algorithm and TPA. The TPA unaware of encryption and decryption at the time of data transferred for auditing.	AES encryption takes place at the user side reduced the possibility of intruders but extra overhead on the user side.
Jothy et al. [30]	In this proposed approach they used Triple AES to secure data at the rest and PGP over SSL to secure data at motion.	They used AES and PGP two-level encryption-decryption techniques which introduced time overhead.
Sajay et al. [50]	Enhancing the security of Cloud data using hybrid encryption algorithm using two level of encryption by Homographic and Blowfish algorithms.	Performance overhead due to a combination of two cryptographic algorithms.

4.5. Open issues and challenges

The researcher should not focus only on the few selected issues but there should be a need to find integrated solutions that resolve almost all security requirements. The researcher finds solutions for specific issues and implements multiple mitigation techniques for different security requirements. It is not practical to use the number of security solutions to the same number of security requirements. The integrated security solutions are straightforward to deploy and manage. Therefore, there is a need for framework or integrated solutions at each level to provide security against these issues.

The researcher presents many security issues and solutions to achieve total security, but many open issues and challenges need to be explored. To provide full security to Cloud infrastructure, there must a need to find the solutions for these open issues.

One of the key issues at the network level is the unavailability of services. Denial of Service (DoS) and Distributed Denial of Service (DDoS) are main threats to service unavailability [68]. These attacks cause inconvenience to customers and prevent their access to the Cloud services. Though the virtual network provides a secure network, it requires traffic monitoring to detect malicious activities. Solutions [8,31] [43] provides traffic monitoring with high detection accuracy but suffer from high processing overhead. There must be adequate solution to provide traffic monitoring with high accuracy and low processing cost.

User and CSP level, due to the resource sharing and different domain services the security for access control and identity management is somehow a complicated task [29]. Different organizations have their own level of access controls and identities in Clouds. The mapping of these IDs is time taking procedure [48]. Unauthorized or malicious user identification are still open issues for Cloud computing. There is a need to design strong security measures and provide fine-grained access control mechanisms for controlling user data access. The researcher offers many solutions [42,69], but they have limitations to solve the issues.

Virtualization level security issues are concerned with virtualization [67]. The multi-tenancy is a crucial feature of Cloud computing used to optimize resource utilization. Providing security to multi-tenant environment is a big challenge for Cloud computing. Security of the VMs, hypervisor and host are the crucial concerns in the Cloud environment. The Cloud user requires standard protocols and formats to migrate data from one Cloud to another [17]. Therefore, Cloud migration is also a challenging task for researcher.

Data storage level security issues need more concerns and focus on ensuring data privacy and confidentiality. Ensuring the isolation between the user’s data is a significant security concern [37,53]. Need secure TPA based authentication solutions for user verification [4,40]. Some operations in the Cloud need unencrypted data during computation [50]. The locations where data stored temporarily during processes may not be secure. Therefore, data security during processing in Cloud is still an open issue and needs to solve.

5. Conclusion

Despite its numerous benefits, the Cloud computing is nevertheless vulnerable to a lot of security threats. As a result, security is the most significant barrier to Cloud adoption. Security issues are well-known to both users and providers. The awareness about security issues will help the users and others to migrate towards Cloud. This paper categorized security issues for Cloud computing in different levels and discussed significantly. Security solutions at various levels have been reviewed in depth and summaries of existing solutions have been provided with their strength and limitations. The open research issues have been discussed to identify future research direction and to extend some existing solutions.

References

S.S.

Abdul-Jabbar,

Aldujaili,

S.G.

Mohammed and

H.S.

Saeed, Integrity and Security in Cloud Computing Environment: A Review, Journal of Southwest Jiaotong University 55(1) (2020).

Ahmad,

Rasool,

A.R.

Javed,

Baker and

Jalil, Cyber security in IoT based cloud computing, Electronics 11(1) (2021), 16. doi:10.3390/electronics11010016.

B.S.

Ainapure,

Shah and

A.A.

Rao, Understanding perception of cache-based side-channel attack on cloud environment, in: Progress in Intelligent Computing Techniques: Theory, Practice, and Applications, Springer, 2018, pp. 9–21. doi:10.1007/978-981-10-3376-6_2.

Akhil,

M.P.

Kumar and

Pushpa, Enhanced cloud data security using AES algorithm, in: 2017 International Conference on Intelligent Computing and Control (I2C2), IEEE, 2017, pp. 1–5.

Aldossary,

Allen et al., Data security, privacy, availability and integrity in cloud computing: Issues and current solutions, International Journal of Advanced Computer Science and Applications 7(4) (2016), 485–498. doi:10.14569/IJACSA.2016.070464.

Ali,

Khan and

Vasilakos, Security in cloud computing: Opportunities and challenges, Information sciences 305 (2015), 357–383. doi:10.1016/j.ins.2015.01.025.

Amara,

Zhiqui and

Ali, Cloud computing security threats and attacks with their mitigation techniques, in: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), IEEE, 2017, pp. 244–251. doi:10.1109/CyberC.2017.37.

Arjunan and

C.N.

Modi, An enhanced intrusion detection framework for securing network layer of cloud computing, in: 2017 ISEA Asia Security and Privacy (ISEASP), IEEE, 2017, pp. 1–10.

Basu,

Bardhan,

Gupta,

Saha,

Pal,

Bose,

Basu,

Chaudhury and

Sarkar, Cloud computing security challenges and solutions – A survey, in: 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC), IEEE, 2018, pp. 347–356. doi:10.1109/CCWC.2018.8301700.

10.

M.U.

Bokhari,

Q.M.

Shallal and

Y.K.

Tamandani, Cloud computing service models: A comparative study, in: 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), IEEE, 2016, pp. 890–895.

11.

Butun,

Erol-Kantarci,

Kantarci and

Song, Cloud-centric multi-level authentication as a service for secure public safety device networks, IEEE Communications Magazine 54(4) (2016), 47–53. doi:10.1109/MCOM.2016.7452265.

12.

Cai,

Zhu,

He,

Mu,

Li and

Yu, Survey of access control models and technologies for cloud computing, Cluster Computing 22(3) (2019), 6111–6122. doi:10.1007/s10586-018-1850-7.

13.

C.D.

Control and Prevention , HIPAA privacy rule and public health. Guidance from CDC and the US Department of Health and Human Services, MMWR: Morbidity and mortality weekly report 52(Suppl 1) (2003), 1–17.

14.

Coppolino,

D’Antonio,

Mazzeo and

Romano, Cloud security: Emerging threats and current solutions, Computers & Electrical Engineering 59 (2017), 126–140. doi:10.1016/j.compeleceng.2016.03.004.

15.

De Donno,

Giaretta,

Dragoni,

Bucchiarone and

Mazzara, Cyber-storms come from clouds: Security of cloud computing in the IoT era, Future Internet 11(6) (2019), 127. doi:10.3390/fi11060127.

16.

De Donno,

Tange and

Dragoni, Foundations and evolution of modern computing paradigms: Cloud, iot, edge, and fog, Ieee Access 7 (2019), 150936–150948. doi:10.1109/ACCESS.2019.2947652.

17.

M.S.

Dildar,

Khan,

J.B.

Abdullah and

A.S.

Khan, Effective way to defend the hypervisor attacks in cloud computing, in: 2017 2nd International Conference on Anti-Cyber Crimes (ICACC), IEEE, 2017, pp. 154–159. doi:10.1109/Anti-Cybercrime.2017.7905282.

18.

Duncan,

Creese and

Goldsmith, An overview of insider attacks in cloud computing, Concurrency and Computation: Practice and Experience 27(12) (2015), 2964–2981. doi:10.1002/cpe.3243.

19.

M.H.

Ferdaus,

Murshed,

R.N.

Calheiros and

Buyya, Network-aware virtual machine placement and migration in cloud data centers, in: Emerging Research in Cloud Distributed Computing Systems, IGI Global, 2015, pp. 42–91. doi:10.4018/978-1-4666-8213-9.ch002.

20.

Garfinkel, PGP: Pretty Good Privacy, O’Reilly Media, Inc., 1995.

21.

Giannakoulias, Cloud computing security: Protecting cloud-based smart city applications, Journal of Smart Cities 2(1) (2019), 41–52.

22.

Gonzalez,

Miers,

Redigolo,

Simplicio,

Carvalho,

Näslund and

Pourzandi, A quantitative analysis of current security concerns and solutions for cloud computing, Journal of Cloud Computing: Advances, Systems and Applications 1(1) (2012), 11. doi:10.1186/2192-113X-1-11.

23.

Goyal,

Pandey,

Sahai and

Waters, Attribute-based encryption for fine-grained access control of encrypted data, in: Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006, pp. 89–98. doi:10.1145/1180405.1180418.

24.

S.A.

Hussain,

Fatima,

Saeed,

Raza and

R.K.

Shahzad, Multilevel classification of security concerns in cloud computing, Applied Computing and Informatics 13(1) (2017), 57–65. doi:10.1016/j.aci.2016.03.001.

25.

A.A.Z.A.

Ibrahim,

Kliazovich and

Bouvry, Service level agreement assurance between cloud services providers and cloud customers, in: 2016 16th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), IEEE, 2016, pp. 588–591.

26.

IDG, Infoworld from IDG, accessed September 15, 2021, https://www.infoworld.com/article/.

27.

S.N.

Islam and

M.M.

Rahman, Securing virtual machine images of cloud by encryption through kerberos, in: 2017 2nd International Conference for Convergence in Technology (I2CT), IEEE, 2017, pp. 1074–1079. doi:10.1109/I2CT.2017.8226293.

28.

Jin,

Krishnan and

Sandhu, A unified attribute-based access control model covering DAC, MAC and RBAC, in: IFIP Annual Conference on Data and Applications Security and Privacy, Springer, 2012, pp. 41–55.

29.

Joshi,

Joshi and

Finin, Attribute based encryption for secure access to cloud based EHR systems, in: 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), IEEE, 2018, pp. 932–935. doi:10.1109/CLOUD.2018.00139.

30.

K.A.

Jothy,

Sivakumar and

Delsey, Efficient cloud computing with secure data storage using AES and PGP algorithm, International Journal of Computer Science and Information Technologies 8(9) (2017), 582–585.

31.

Kadam,

Patil and

Modi, An enhanced approach for intrusion detection in virtual network of cloud computing, in: 2018 Tenth International Conference on Advanced Computing (ICoAC), IEEE, 2018, pp. 80–87. doi:10.1109/ICoAC44903.2018.8939107.

32.

I.M.

Khalil,

Khreishah and

Azeem, Cloud computing security: A survey, Computers 3(1) (2014), 1–35. doi:10.3390/computers3010001.

33.

P.R.

Kumar,

P.H.

Raj and

Jelciana, Exploring data security issues and solutions in cloud computing, Procedia Computer Science 125 (2018), 691–697. doi:10.1016/j.procs.2017.12.089.

34.

Luxner, Cloud Computing Trends: 2021 State of the Cloud Report, 2021, accessed September 15, https://www.flexera.com/blog/cloud/cloud-computing-trends-2021-state-of-the-cloud-report/.

35.

Mell,

Grance et al., The NIST Definition of Cloud Computing, 2011.

36.

Mishra,

E.S.

Pilli,

Varadharajan and

Tupakula, Out-VM monitoring for malicious network packet detection in cloud, in: 2017 ISEA Asia Security and Privacy (ISEASP), IEEE, 2017, pp. 1–10.

37.

Mishra,

Varadharajan,

E.S.

Pilli and

Tupakula, VMGuard: A vmi-based security architecture for intrusion detection in cloud environment, IEEE Transactions on Cloud Computing 8(3) (2018), 957–971.

38.

Modi and

Patel, A feasible approach to intrusion detection in virtual network layer of cloud computing, Sādhanā 43(7) (2018), 114. doi:10.1007/s12046-018-0910-2.

39.

Modi,

Patel,

Borisaniya,

Patel and

Rajarajan, A survey on security issues and solutions at different layers of cloud computing, The journal of supercomputing 63(2) (2013), 561–592. doi:10.1007/s11227-012-0831-5.

40.

More and

Chaudhari, Third party public auditing scheme for cloud storage, Procedia Computer Science 79 (2016), 69–76. doi:10.1016/j.procs.2016.03.010.

41.

Munivel,

Kannammal et al., New authentication scheme to secure against the phishing attack in the mobile cloud computing, Security and Communication Networks 2019 (2019).

42.

S.C.

Patel,

R.S.

Singh and

Jaiswal, Secure and privacy enhanced authentication framework for cloud computing, in: 2015 2nd International Conference on Electronics and Communication Systems (ICECS), IEEE, 2015, pp. 1631–1634. doi:10.1109/ECS.2015.7124863.

43.

Patil,

Dudeja and

Modi, Designing an efficient security framework for detecting intrusions in virtual network of cloud computing, Computers & Security 85 (2019), 402–422. doi:10.1016/j.cose.2019.05.016.

44.

Patil and

Modi, An exhaustive survey on security concerns and solutions at different components of virtualization, ACM Computing Surveys (CSUR) 52(1) (2019), 1–38. doi:10.1145/3287306.

45.

B.D.

Payne, Simplifying virtual machine introspection using libvmi, Sandia report (2012), 43–44.

46.

Ramos

et al., Using TF-IDF to determine word relevance in document queries, in: Proceedings of the First Instructional Conference on Machine Learning, Vol. 242, Citeseer, 2003, pp. 29–48.

47.

B.T.

Rao

et al., A study on data storage security issues in cloud computing, Procedia Computer Science 92 (2016), 128–135. doi:10.1016/j.procs.2016.07.335.

48.

Ruj,

Stojmenovic and

Nayak, Decentralized access control with anonymous authentication of data stored in clouds, IEEE transactions on parallel and distributed systems 25(2) (2013), 384–394. doi:10.1109/TPDS.2013.38.

49.

Saeed,

S.A.

Hussain and

Garraghan, Cross-VM network channel attacks and countermeasures within cloud computing environments, IEEE Transactions on Dependable and Secure Computing (2020).

50.

Sajay,

S.S.

Babu and

Vijayalakshmi, Enhancing the security of cloud data using hybrid encryption algorithm, Journal of Ambient Intelligence and Humanized Computing (2019), 1–10.

51.

Shafer, Dempster-Shafer theory, Encyclopedia of artificial intelligence 1 (1992), 330–331.

52.

A.H.

Shaikh and

Meshram, Security issues in cloud computing, in: Intelligent Computing and Networking, Springer, 2021, pp. 63–77. doi:10.1007/978-981-15-7421-4_6.

53.

Shaikh and

Sasikumar, Data classification for achieving security in cloud computing, Procedia computer science 45(C) (2015), 493–498. doi:10.1016/j.procs.2015.03.087.

54.

Singh and

Chatterjee, Cloud security issues and challenges: A survey, Journal of Network and Computer Applications 79 (2017), 88–115. doi:10.1016/j.jnca.2016.11.027.

55.

Singh,

Y.-S.

Jeong and

J.H.

Park, A survey on cloud computing security: Issues, threats, and solutions, Journal of Network and Computer Applications 75 (2016), 200–222. doi:10.1016/j.jnca.2016.09.002.

56.

J.G.

Steiner,

B.C.

Neuman and

J.I.

Schiller, Kerberos: An authentication service for open network systems, in: Usenix Winter, Citeseer, 1988, pp. 191–202.

57.

Subashini and

Kavitha, A survey on security issues in service delivery models of cloud computing, Journal of network and computer applications 34(1) (2011), 1–11. doi:10.1016/j.jnca.2010.07.006.

58.

Subramanian and

Jeyaraj, Recent security challenges in cloud computing, Computers & Electrical Engineering 71 (2018), 28–42. doi:10.1016/j.compeleceng.2018.06.006.

59.

I.A.

Sukhodolskiy and

S.V.

Zapechnikov, An access control model for cloud storage using attribute-based encryption, in: 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), IEEE, 2017, pp. 578–581. doi:10.1109/EIConRus.2017.7910620.

60.

Swathy Akshaya and

Padmavathi, Taxonomy of security attacks and risk assessment of cloud computing, in: Advances in Big Data and Cloud Computing, Springer, 2019, pp. 37–59. doi:10.1007/978-981-13-1882-5_4.

61.

T.O.F. Inc., Top 10 Web Application Security Risks, accessed September 15, 2021. https://owasp.org/www-project-top-ten/.

62.

Tabrizchi and

M.K.

Rafsanjani, A survey on security challenges in cloud computing: Issues, threats, and solutions, The Journal of Supercomputing (2020), 1–40.

63.

Tank,

Aggarwal and

Chaubey, Virtualization vulnerabilities, security issues, and solutions: a critical study and comparison, International Journal of Information Technology (2019), 1–16.

64.

Tayyebi and

Bhilare, Cloud security through intrusion detection system (IDS): Review of existing solutions, Int. J. Emerg. Trends Technol. Comput. Sci 4(6) (2015), 213–215.

65.

Thabit,

S.A.-H.

Alhomdy,

Alahdal and

S.B.

Jagtap, Exploration of Security Challenges in Cloud Computing: Issues, Threats, and Attacks with their Alleviating Techniques, Journal of Information and Computational Science 12(10) (2020).

66.

Verginadis,

Patiniotakis and

Mentzas, Metadata schema for data-aware multi-cloud computing, in: 2018 Innovations in Intelligent Systems and Applications (INISTA), IEEE, 2018, pp. 1–9.

67.

Wang,

Zeng,

Lv,

Shi and

Li, A remote backup approach for virtual machine images, in: 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), IEEE, 2016, pp. 252–255. doi:10.1109/CSCloud.2016.41.

68.

A.R.

Wani,

Rana,

Saxena and

Pandey, Analysis and detection of DDoS attacks on cloud computing environment using machine learning techniques, in: 2019 Amity International Conference on Artificial Intelligence (AICAI), IEEE, 2019, pp. 870–875. doi:10.1109/AICAI.2019.8701238.

69.

Wei,

Liu and

Hu, Secure and efficient attribute-based access control for multiauthority cloud storage, IEEE Systems Journal 12(2) (2016), 1731–1742. doi:10.1109/JSYST.2016.2633559.

70.

M.-Y.

Wu and

T.-H.

Lee, Design and implementation of cloud API access control based on OAuth, in: IEEE 2013 Tencon-Spring, IEEE, 2013, pp. 485–489. doi:10.1109/TENCONSpring.2013.6584492.

71.

M.M.

Yamin,

Katt,

Sattar and

M.B.

Ahmad, Implementation of insider threat detection system using honeypot based sensors and threat analytics, in: Future of Information and Communication Conference, Springer, 2019, pp. 801–829.