A study on cloud security issues

Abstract

Cloud computing provides excellent quality computing services with lower cost and better performance. The cloud services which are provided by the trusted third party encourage the customers and organizations to move their activities to the cloud. While moving towards the concept of on-demand service, resource pooling and shifting everything on the distributive environment, security is the major obstacle for this new dreamed vision of computing capability. Over the past several years, many security mechanisms have been proposed for protecting outsourced data. In this paper, we present a consolidated survey of various security issues and threats pertaining to data in cloud computing. Further, we analyzed security challenges in cloud based on its delivery models. We also discussed the component based classification of major security concerns and recent counter measures that present in the literature with the intention of providing an in-detail understanding of cloud computing security needs. In addition, a brief outlook of security precautions adopted by cloud service providers and various Intrusion Detection/Prevention Systems is presented.

Keywords

Cloud security security threats intrusion detection systems security precautions

1. Introduction

Cloud computing has acquired extensive recognition for individuals as well as organizations by originating storage, infrastructure, computation and various services. It offers a centralized set of resources which are accessible to customer’s on-demand (pay-per-use) through internet [1] and it permits customers to develop and configure the online business applications through internet by remotely accessing the software and hardware resources.

The capability to store huge quantity of data, accessibility of tremendous performance resources, and maintenance of huge number of services have made it prevalent. Moreover, an affirmation regarding quality of services and reduction of cost make it a desirable solution for alleviating the issue of limited and constrained resources. Moreover, expeditious deployment and minimum investments are the major aspects that force business organizations to use services of cloud. According to [2], Most of the organizations in Europe and United States agreed that cost reduction is a chief cause for them to migrate to cloud.

Since the cloud computing environment offers services by giving out beneficial resources, an adequate utilization of these resources and services can be assuring that the cloud environment is able to counter security concerns which may degrade its performance and reliability. Generally, the cloud environment is organized with massive storage devices, robust network and high performance servers. The customers will hook up with the cloud platform over the internet by using their laptops, desktops and mobile phones. Moreover, servers are also connected through the internetwork. A malicious activity on the network can leads to damaging impact and that results, network connection crashes and delay communications. Similarly, the attacks on hypervisors and virtual machines will create serious security breaches. Likewise, various applications which are running on a cloud might be exposed to various threats. These kinds of security issues can leads to unavailability of cloud services for the legitimate users.

Shared resources in the cloud environment make it tough to develop a secured mechanism for assuring privacy and security of the data. Previously, numerous vulnerable events occurred in the cloud environment. A cloud security Alliance [3] conducted a methodical survey and summarizes an increase in the frequency of cloud disruption is taken place over the period of last 6 years.

Cloud computing adopts virtual environment to achieve multi-tenancy. This concept is a barricade to set up a security mechanism that safeguards the data and services. Considering transparency issues, the cloud provider don’t permits its customers to employ security observer/monitor or IDS (Intrusion Detection System) extending into administration services layer at the rear of virtualized cloud environment. Once data is stored in the remote storage space, cloud customer cannot maintain the supervision over the data, at this moment clients possibly will not be aware the complete security issues, vulnerabilities and malware incidents. To resist with the numerous security threats there has been corresponding advancement of mitigation mechanisms.

For achieving effective privacy and security of related cloud data and services, cloud providers build a Service Level Agreement (SLA) to the cloud clients, but there is no standard mechanism to design an SLA. Paper [4] illustrates a SLA report which associated to provided services, which is helpful for both clients and cloud providers. Unfortunately, these reports do not absolutely fulfill the client losses. Cloud providers like Google, Amazon and Sales force depend on SLA to assure privacy and security to their clients.

Figure 1.

Fundamental elements in cloud computing.

There are many key security elements in the cloud computing like data integrity, availability, confidentiality, access controllability and security as illustrated in Fig. 1. Data Integrity ensures the information held in a system is a proper information intended and that is not been modified by unauthorized person. Likewise, availability is the process of assuring that the data and resources are available to end user and applications, when and where they need it and at the same time resources are made unavailable by malicious activities. Moreover, confidentiality ensures that information is not disclosed to the unauthorized person. Access controllability means that the owner of the data can able to perform the selective restriction of access to his data outsourced to the cloud. Among all these significant elements of the cloud, security plays a major role and it is the main factor of customers concerns about the cloud technology. Security issues associated with cloud environment fall into two categories: Security issues faced by cloud providers (organizations providing SaaS, PaaS or IaaS via internet) and security complications faced by their customers (companies who store data or who host applications on the cloud). So, data security is becoming more significant for the future development of cloud computing technology in government, industry and business.

A variety of contributions presenting an analysis of security issues and challenges have been made in recent years. Various security challenges and future application scenarios of cloud computing are discussed in [6, 7, 8]. Similarly analysis of technical challenges for supporting real-time cloud computing is presented in [9, 10, 11]. Different security concerns of cloud delivery models are described in [12]. Whereas the integrity, privacy, availability audit and control of cloud is major security concerns with data privacy actions which are described in [13]. The insiders based DDoS attacks are discussed in [14, 15]. A Software Define Network-based cloud is addressed in [16] which helps to overcome DDoS attacks in cloud environment. To avoid unauthorized activities in cloud environment a novel anomaly detection system is introduced in [17]. A concise review given in [18, 19]which describes the malicious activities and corresponding mitigation techniques in virtual machine. We observed that, Majority of the existing work focused on the overall security challenges of the cloud computing but component based comparisons are not been mentioned in these reports. Therefore, in this study we classified security issues based on major cloud components in terms of network, virtual machine, storage and applications then corresponding mitigation mechanisms are figured out. In addition, different intrusion detection systems and security measures adopted by cloud providers are illustrated.

The rest of the paper is organized as follows: various threats and a concise analysis of security challenges in cloud based on its delivery models are given in Section 2. Section 3 presents classification of security attacks based on cloud components. The future research directions with conclusions are discussed in Section 4.

2. Security threats and issues in cloud computing

2.1 Security threats in cloud computing

The fast development in the field of “cloud computing” additionally incurs extreme security issues. Privacy and security are remained a continuous issues in the cloud. Cloud security alliance in [20] provided a summary for various threats which are related to the utilization of cloud services. Security insufficiency is the main obstacle in wide reception of cloud computing cause cloud is encompassed by numerous security issues like data breaches, improper utilization of cloud, malicious Insiders, vulnerable interfaces and APIs, account hijacking, data loss and identity theft.

2.1.1 Data breaches

A data breach is an occurrence in which sensitive, confined or private information is theft, viewed or used by an unauthorized user. This incident can be the prime intention of a targeted attack or just be the effect of an individual error or insufficient security. This data breaches can devastating any sort of data such as trade secrets, personally identifiable information (PII), health and financial information. Cloud providers organize security regulations to defend their environments. Eventually, organizations itself are answerable and responsible for shielding their own information in the cloud. Data integrity, storage security, data backup and maintenance policies are considers as some key solutions to avoid data breaches in cloud.

2.1.2 Malicious insiders

Nearly all organizations conceal their policies concerning the level of access to the workers. However, using higher stage access, an employee can get access to confidential data and services. All activities of the insider are monitor by the Intrusion Detection System (IDS) and imagine it to be an authorized action, but a reliable insider may turn into an attacker. In such a condition, insiders can cause a significant consequence on cloud services, like for instance, attacker (malicious insider) is capable to use private data and manage the services of cloud without any risk of detection. Such type of threat will related to SaaS, PaaS and IaaS. Appropriate supervision to thwart such type of threats becomes very essential in the cloud.

2.1.3 Vulnerable interfaces and APIs

Cloud providers frequently bring out a set of APIs to permit their clients to create an interface for communicating with cloud services. Each and every service and application of the cloud offers APIs. Customers and IT organizations use this interfaces for communication. Inappropriate use of interfaces will leads to threats like content transmission, clear-text authorization, improper authorization etc., because Interfaces will be the exposed element of the system. Service models like IaaS, PaaS and SaaS will affect due to this threats. This can be eliminated by using an appropriate security method for cloud provider’s interface and providing capable authentication method.

2.1.4 Account hijacking

This is the kind of hijacking which diverts the user to an improper website. Clients, services and accounts can create a new foundation for intruders. Usage of software vulnerabilities, fraud, phishing attack, reused identifications and passwords can cause to such hijacking. Some of the detection approaches to this threat contain protection policies, robust authentication and activity auditing.

2.1.5 Data loss

Permanent information loss due to cloud provider fault is extremely unusual in cloud. However, adversaries have been aware to remove the data in cloud to damage businesses. Data centers of cloud are as defenseless to natural disasters or hazards. In addition, eluding the loss of data is not only responsible of cloud provider alone. If a client encrypts his/her information before transmitting it to the cloud but misplaces the particular encryption key then undoubtedly the information will be lost. So, sufficient data backup techniques and disaster recovery mechanisms are necessary to protect data in the cloud.

2.1.6 Identity theft

Identity theft is a purposeful use of someone’s identity, to use resources and gain credentials of innocent users. The victim agonizes due to this losses and unpleasant consequences. Weak password, recovery workflows, phishing attacks, keyloggers and so on are comes under this type of thefts. However, every centralized storage system having private data for instance, confidential database of customers, passwords, private keys and so on. This private data is particularly valued target for malicious users. So, supervising, observing, key managing and identity protection should considerably be high priority.

2.2 Analysis of security issues in cloud service delivery models

Cloud computing uses three delivery models by which distinctive types of services are delivered to the client. Those models are SaaS, PaaS, and IaaS which provides infrastructure resources, application platform and software as service to the end user. SaaS service model facilitates remotely hosted applications to the customer on demand over the internet. Cloud customers can access servers, storage and virtual machine through the IaaS service model. Platform as a service model provides integrated set of developer environment that a developer can tap to build their new online applications. However, security and privacy is one of the chief issues which decreases the development of cloud computing and difficulties with the data protection keep on threatens the welfare of the cloud customers as well as providers.

Various security threats and malicious activities deteriorate the privacy, accessibility, availability and reliability of the cloud services and resources at various layers of the cloud [12]. These attacks can exploit different components at each and every layer of cloud service model to violate protection of the data and damages the quality of service. We found out security concerns of each layer in cloud as shown in Fig. 2.

Figure 2.

A detailed architecture of cloud with security concerns of each layer.

2.2.1 Security challenges in Software-as-a-service (SaaS)

In SaaS model customers can able to access cloud providers applications with the assistance of user interface such as web browsers. The entire organization and management of storage, server, and required infrastructure are maintained by cloud service provider. Cloud customers may not be bothered about any supervision and management. Once the data or application moves over the internet then the security and confidentiality of the data turn into censorious [108]. Unfortunately cloud customers were unaware of these security issues. Cloud provider must ensure that customers information constantly be secure in shared environment.

Securing the clients data from unauthorized or illegitimate access is the major challenge for service providers [107]. The major key security elements in SaaS model are data integrity, data security, network security, data access, data breaches, data availability, data authentication and authorization. Malicious users exploit these vulnerabilities in SaaS model and launch the attacks such as malware injections, web applications and interface issues.

2.2.2 Security challenges in Platform-as-a-service (PaaS)

In PaaS, the service provider allows customers to develop their own applications and documents on top of the platform. However, any protection beneath the application level such as NIDS or HIDS will still be in the possibility of the service provider and the provider need to proffer efficient assurance and support that the information remains unavailable/inaccessible among applications. PaaS permits cloud users and developers to construct their individual applications. This pact broadens to the security efficiencies [109].

Normally, in SaaS clients rely on the service provider for maintaining security and privacy of the application but in PaaS, management and security of the application is replaced to the client, whereas the service provider protects the primary cloud infrastructure such as operating systems, firewalls etc. Consequently, handling with major concerns like application configurations, vulnerabilities in SSL protocol and illegitimate privileges on data are turn into a client’s necessity [110]. By utilizing this flaws and vulnerabilities in PaaS malicious clients can raise some security issues like Man-In-The-Middle attack, Server injections to gain the control over legitimate user’s data.

Figure 3.

Classification of security attacks in cloud computing.

2.2.3 Security challenges in Infrastructure-as-a-service (IaaS)

IaaS offer virtualized computing resource through the internet. It provides resources which are extremely scalable and can be adapting on-demand. This causes the IaaS compatible for all types of workloads. With this service the customer have enhanced control by the privacy and security since there is no security gap/hole in the virtualization administrator. Practically, there are several security issues in virtualization environment [78].

One more aspect is the consistency and reliability of the information that is stored inside the service provider’s hardware. Considering the rapid development of virtualization, holding the control and maintenance over the data despite of its physical position will turn into critical. Several mechanisms have to be practiced, to gain utmost trust, privacy and security on resources of the cloud. IaaS provides only environmental security [105, 106]. Consequently the cloud user is in charge for the security maintenance of operating system, information and applications. The security issues such as denial of service, de-duplication attacks, VM migration and escape makes IaaS more vulnerable.

3. Classification of cloud security issues based on its components

The variety or diversity of cloud services makes the cloud computing platform more vulnerable to security attacks. Its vulnerability might be exposed through any of its core components: Network, Virtual machine, Storage and Application which are utilized as a basis for classification of attacks and their consequences [115]. Figure 3 illustrates the classification of security attacks in cloud based on its components.

3.1 Network based attacks

Network is the chief support of the cloud but vulnerabilities in network directly influence the security of the cloud. The cloud machines which are existing inside a cloud platform are associated through a network. An attacker may attack a cloud system across its network which may degenerate the quality and availability of the cloud services and may even put the security, privacy and confidentiality of data at risk. Some common type of network layer attacks is elucidated in Table 1.

3.1.1 DoS/DDoS attacks

In this attack, malicious user tries to flood the victim’s system by sending useless traffic/requests from innocent hosts. This kind of hosts is called as Zombies. The typical difference between DoS and DDoS is, in Denial of service (DoS) attack the attacker uses one computer and one internet connection to flood a targeted system and in DDoS attack [21, 22] computers and internet connections are used by the intruder to flood the victim’s system. The intension of the attacker is to exhaust all resources like computational power, performance time of the victim and this can be achieved by flooding huge amount of requests through zombies. This malicious attack interrupts the actual behavior of cloud and obviously it will affect the availability of cloud services.

Various types of packets like Transmission Control protocol (TCP) packet [23], User Datagram protocol (UDP) packet, and Internet Control Message Protocol (ICMP) echo request packet are sent by the attacker to its victim (server). First type of attack (TCP-SYN) is the most happening attack. In this attack the attacker overwhelmed plenty of TCP packets with SYN flag set to its victim [24, 25]. Victim thinks that these packets are coming from regular client and then he will make a TCP connection with the assistance of three way handshake protocol with the malicious user. For each and every request victim preserves resource and waits for acknowledgement from client. Certainly, attacker never sends any acknowledgement to the victim. The buffer in the server side is capable of containing only limited number of connections. This scenario finally leads to buffer overflow and as a result, service unavailable to the legitimate user. The second type of packet (UDP) flooding occurs when a malicious client sends Internet protocol packets containing UDP data grams with the intention of slowing down the victim to the moment that the victim can no longer handle valid connections. In the third type of packet, malicious user can flood huge number of Internet Control Message protocol “Echo request” packets to the victim’s network [28, 29]. Apparently the victim will respond with corresponding number of reply packets. This

Table 1
Network based attacks

Attack type	How? (Attack surface)	Attack implications	Vulnerable components	Affected cloud service	Authors
DoS/DDoS attack (Zombie attack)	Flooding large number of requests to the cloud server (victim) via zombies.	Affects availability of cloud services	Cloud network and storage	SaaS, IaaS	Yan et al. (2016); Yu et al. (2007); Ha et al. (2016); Scarfone et al. (2007)
Port scanning	Intruder uses this scan to identify which ports are open.	Violation of data protection	Cloud network	IaaS, SaaS	Riquet et al. (2012); Deshpande et al. (2013); Chen et al. (2013)
IP spoofing	Masquerades as a trusted host to conceal his identity. By doing this attacker can spoof a website, hijack browsers, or gain access to a network.	Huge part of network become vulnerable	Virtual network	IaaS	Duan et al. (2008); Wang et al. (2007); Jeyanth et al. (2013); Ehrenkranz et al. (2009)
Phishing attack	Permitting the clients to access forged web link.	Affects the sensitive information of cloud user	Cloud network	SaaS, IaaS	Khorshed et al. (2012); Kalra and Sood (2013); Dhamija et al. (2005); Huang et al. (2011)
SQL Injection	Intruder adds structured query language code into the login page of an application form to gain access to resources and make changes to data.	Causes data deterioration and service unavailability	Cloud network and storage	IaaS, SaaS	Wu et al. (2016); Bish et al. (2010); Chang et al. (2016)
Man In The Middle attack (MITM)	Intruder relays and alters the communication between two parties in a network secretly.	Affects mutual authentication	Cloud network	IaaS, SaaS	Gangan (2015); Modi et al. (2013); Sujitha et al. (2013); ma et al. (2015); Subashini et al. (2011); Grobauer et al. (2011)
Sniffer attack	If the packets in the network are not encrypted, a sniffer can examine, monitor, and captures data exchanges in network and can read the packets.	Causes network corruptions and crashes	Cloud network	IaaS, SaaS	Zhao et al. (2016); Xiong et al. (2013); Debar et al. (1999); Zeng et al. (2010)
Theft of service attack	Intruder can use the virtual machine for longer period of time by identifying the vulnerabilities of the hypervisor.	Effects on cloud Infrastructure	Cloud storage and network	IaaS	Ahmad et al. (2016); Claycomb et al. (2012); Dong et al. (2016)
DNS spoofing (Cache poisoning)	A malicious activity which originates the name server to send back fake IP address to the client to divert the traffic towards intruder’s computer.	Diversion of legitimate traffic to attackers system	Cloud storage and network	IaaS, SaaS	Satam et al. (2015); Basil et al. (2012); Wang et al. (2016)

attack is also known as smurf attack. In the presence of this flooding attack, the cloud provider needs to give more computational power to serve or handle massive number of requests. Recently, several efforts has been done to identify different types [26, 27] of DDoS attacks.

Yan et al. [30] described Software Define Networking (SDN) which provides an advanced and dynamic network architecture for cloud computing. Various capabilities in SDN like software-based traffic analysis, centralized control, global view of the network, dynamic updating of forwarding rules will cause easier detection of DDoS attacks. In this paper authors covered the various novel trends and characteristics of distributed denial of service attacks in cloud computing and they gave overview of defense mechanism against this DDoS attacks using Software Define Networking. Strength of this paper includes the SDN can act as a promising technology to defeat DDoS attacks in cloud environment, but they gave a concise description about how present technologies associated to SDN.

To overcome the DDoS attacks Yu et al. [31] proposed a dynamic allotment method of cloud resources to the customers who are facing denial of service attacks and then authors provided a queuing theory based mechanism for the Denial of service attack avoidance approach in cloud. In this paper performance evaluation of proposed mitigation mechanism is done from different perspectives. The proposed mechanism is capable to overcome the DDoS attacks and it assurance the quality of service for cloud customers. However, the authors described mitigation techniques of DDoS attacks which effects only on individual cloud hosted services.

Ha et al. [32] proposed a traffic sampling strategy for software-define networking (SDN) that completely uses checkup ability of any suspicious activity. Authors discussed that if the network traffic which is to be checked is more than the capacity of IDS then, IDS is not able to inspect every packet in the network. So, it is enviable to sample a particular amount of traffic from network switches and forward it to the Intrusion Detection System using the functionalities of SDN. In this paper authors proposed a sampling rate adjustment scheme that regulates the proper sampling rates at the network switches for completely using the checking capability of malicious traffic. According to authors this proposed scheme improves the performance of intrusion detection by evaluating the sampling rate for every switch.

IDS/IPS can be used to thwart cloud from various attacks. Scarfone et al. [33] presented an overview of intrusion detection and prevention systems (IDPS) which monitors a system or a network for malicious action and reported to an administrator. In this paper authors characterized the key capacities that IDS and IPS technologies will perform.

3.1.2 Port scanning

Port scanning is a kind of damaging attack which normally does not cause much impact on virtual machines. However, it gives the precise information concerning the condition of ports which can be used in further attacks such as Denial of Service attacks [34]. The primary move to initiate the malicious activity is to find the information regarding the system by port scanning. Consequently, attacker can get information like open ports, host based network services and protocols. Based on the gathered data, intruder tries to get the better and enhanced rights over target (victim). After obtaining the essential rights of the target intruder then injects/inserts malicious code.

A brief analysis of port scanning attacks and response of intrusion detection system is discussed in Deshpande et al. [35]. In these paper the authors explained tools like ‘Scapy’, ‘Nmap’ and ‘Metaslpoit’, which are utilized to initialize these attacks. These tools can offer complete information concerning the target machine and its status and SNORT Intrusion Detection system is used to detect the port scanning attacks. This work does not specify how private cloud will affect due to this port scan attacks.

To detect port scanning attacks, analysis of the attack plan sequence and logs (audit logs and alert logs) are elaborated in Chen et al. [36]. Hidden Markov mechanism is used in this approach to identify time sequence actions and to notice corresponding attacks. The simulation results in this paper show that the proposed mechanism is capable to detect port scan attack sequences.

Requet et al. [37] proposed on the effects on large scale coordinated attacks on cloud environment and its recent security remedies. The experimental results shows that distributed coordinated attacks can be launched without being noticed or identified. But in this paper authors concentrated only on distributed port scan further analysis of distributed attacks is not discussed.

3.1.3 IP spoofing

It is a process of counterfeiting or forging the source address in Internet protocol packet for the purpose of concealing the identity of the sender (intruder) or masquerading another computing system [38]. It is also called as IP packet forgery or host file hijack. This malicious activity is used by attackers in the network to overcome security limitations in the network. Due to this activity a huge part of the internet is sensitive and vulnerable.

An Inter domain packet filter (IDPF) framework is described in Duan et al. [38] which overcomes the Internet protocol packet spoofing attacks on the internet. The proposed packet filters are rely on Border Gateway Protocol route update messages transferred on the network to guess the legitimacy of the source address of a packet. According to simulations inclined by the authors this architecture is capable enough to identify valid or legitimate packets by investigating true origins of the intruders within a small number of candidate networks.

An intruder can masquerade Internet Packet header fields. However, he cannot forge all the hops an Internet Protocol packet takes to reach its end (destination). Wang et al. [39] presented a new filtering mechanism called Hop Count Filtering (HCF) to identify and eliminating spoofed packets by constructing a perfect Internet Packet-to-hop-count (IP2HC) mapping table. This mechanism is able to remove 90% spoofed traffic, but the proposed filtering technique does not experienced or deployed in sophisticated servers to observe its efficiency to defeat the spoofed traffic.

Jeyanth et al. [40] proposed a detection algorithm to identify the legitimate traffic by inspecting the IP address and related MAC address of each and every incoming packet. If the incoming packets contain same MAC address but different IP address then it will be considered as intruder and automatically packets will be rejected. This technique is capable to detect address spoofing for each request to a service, but this mechanism didn’t examine in real-time cloud environment.

Various defense mechanisms for IP spoofing such as IP Puzzles, Martian filtering, SAVE, BASE, IDPF StackPi and Hop-count filtering are indexed and discussed in Ehrenkranz and Li [41]. This work is advantageous to upcoming development of enhanced and better defenses.

3.1.4 Phishing

Phishing attacks are known for managing and manipulating a web link and deflecting a client to a fake link to gain sensitive information [42]. In Cloud, it can be possible that an intruder use the services of the cloud to host a phishing attack site to take control of accounts and services of other customers in the Cloud [43].

Khorshed et al. [42] classified top most security attacks which are threatening the cloud environment. In this approach authors proposed a database which contains number of packets sent and receive, number of open ports, usage of network and CPU for automatic detection of these attacks.

To secure cloud from various attacks an Elliptic Curve Cryptography (ECC)-based anti-phishing protocol is proposed in Kalra et al. [43] which is based on the idea of one-time password. This protocol useful in identifying phishing attacks efficiently particularly for legitimate users in cloud but, real time simulations of the protocol against attacks are not specified.

A Dynamic Security Skins mechanism proposed by Dhamija and Tygar [44] which permits a remote web server to confirm its uniqueness an identity in an approach that is trouble-free for a legitimate client to verify and tough to an intruder to spoof. This approach presents novel techniques to thwart spoofing. The strength of this scheme includes it places an incredibly low burden on the user in terms of time, effort and memory.

To beat phishing attacks Huang et al. [45] discussed a verification mechanism that authenticates all the users with one-time passwords rather than permanent user-defined password. The proposed mechanism is able to decrease the costs of deployment to almost zero, at the same time it increases the possibility of the solution. However, this instant report/message accounts will turn into selective targets for the attackers.

3.1.5 SQL Injection

An SQL query is a request of action executed on database. SQL Injection is a kind of code injection method, which is used to attack the applications in the cloud by inserting malicious code in the entry field of SQL statement. These injection activities can permits the intruders to perform identity spoofing, tampering the data, denial of service etc. [46] presented detailed description of the Structural Query language.

To detect SQL injection attacks in cloud application Wu et al. [46] suggested Cloud Computing SQLIA Detection (CSSD) mechanism. Moreover, this method can be useful and applicable to any cloud environment with high accurateness and low consumption of cost, but this mechanism is only useful for detecting injection attacks.

Bisht et al. [47] proposed a new approach CADID used to dynamically infer the programmer intended Structural Query Language queries structure and efficiently change applications so that they protect themselves against SQL injection attacks. This proposed technique is scale to most web applications.

Cloud Computing Adoption Framework is offered by Chang et al. [48] and this work is done by incorporating three major security technologies such as firewall, encryption and identity management. According to the authors this approach provides protection and security and capable to detect SQL injection issues in cloud. This technique is capable to identify and block 9995 viruses and Trojans. Conversely, the proposed mechanism is not able to detect false alarms.

3.1.6 Man-In-The-Middle attack

It is a malicious activity where the intruder stealthily alters the communication between two parties who thinks they are communicating with each other directly [49]. An instance of Man-In-The-Middle attack is eavesdropping, in which the intruder makes separate connections with two parties (victims) and delivers messages between them. In cloud, a malicious user is capable to access the information which transfers between datacenters [7, 50].

Karadsheh [51], Grobauer et al. [52] elaborated various major security issues which decreases the development of cloud computing and discussed various existing solutions. Authors gave a detailed description about common threats, vulnerabilities and risks in cloud.

Based on public key encryption a security mechanism is proposed by Sujitha et al. [53] to defense against various malicious activities. This technique affords an enhanced level of security by utilizing Rivest Shamir Adleman (RSA) algorithm. The advantage of this proposed mechanism is, it is adoptable for running any application.

Ma et al. [54] proposed an attacker detection mechanism using Bayesian-based prediction algorithm. This approach used Software Define Networking (SDN) technology to route ARP packets and manage communication and association of the entire network, but this approach is not been analyzed in real environment.

3.1.7 Sniffer attack

If packets in the network are not ciphered or encrypted, a sniffer (device or application) can examine, read and capture data exchanges in network and it can give complete outlook of packets data. Moreover, it can able to check the packets which are encapsulated except they are encrypted [55]. This malicious activity leads to victim network to crashes and turn into corrupted.

To improve the capability to defend against sniffer attack, SDN-based double hopping communication (DHC) is proposed in [55]. According to the authors this proposal will be helpful as an efficient anti-sniffer by actively transmitting the data across several paths by altering routing path, but this proposal is tested under a centralized controller.

Xiong et al. [56] elaborated an identity-based secure document self-destruction scheme by incorporating identity-based encryption algorithm and distributed hash table network for securing the confidentiality of the user’s private data in the cloud. This approach concentrated more on Sybil and brute force attacks. Moreover, this approach supports flexible policies of access control during the lifetime of the original documents.

Debar et al. [57] presents a classification that elucidates the characteristics of various security attacks and intrusion-detection systems and described recent developments appropriately. Further, authors delineate number of examples from past and present activities, but this paper does not provide sufficient information about identification of major attacks like insider attacks.

3.1.8 Theft of service

An intruder initially identifies all the vulnerabilities of hypervisor and is capable of using the VM for longer period time and that will cause a financial effect on cloud infrastructure consequently, there will be no record of legitimate client’s activity which originates a significant risk to cloud environment [58].

Ahmad et al. [58] reviewed the all the imperfections of Kernel Virtual machine and presented a key solution by implementing an Application Program Interface, on the basis of virtual machine power consumption that will detect and thwart theft-of-service attacks. This proposed technology is able to give additional secure cloud platform to practitioners, but this approach is processed on private cloud along with minimal processor cores and storage.

Insider threats which are associated with cloud are reviewed in Claycomb and Nicoll [59]. Authors gave brief presentation of occurrences of insider threats and elaborated the classification of service providers in cloud, but this paper gave solutions and explanations on exiting issues only there is no detection mechanisms are discussed which are deal with actual threats in cloud environment.

Quantum verification/authentication mechanism is proposed in Dong et al. [60] to thwart malicious users from interfering into services of the cloud. According to this paper, any individual who tries to break the identity of cloud service provider, data owner and data user of a cloud model to harm the data in the cloud then he can be identified, but this paper not discussed about protection of confidentiality and privacy in cloud computing based on quantum authentication.

3.1.9 DNS spoofing

DNS (Domain Name Server) spoofing or poisoning is a kind of cyber-attack or hacking of the computer that uses vulnerabilities of the system in the domain name server to redirect traffic away from genuine servers and manage it to intruders computer. i.e., it is a malicious activity in which fraudulent Domain Name System data is suggested into a DNS resolver’s cache (client side of the DNS) inducing the name server to send back a false or fake IP address [61, 62]. Consequently, traffic will be sidetracked to malicious user’s computer.

An anomaly based IDS (Intrusion Detection System) for DNS is presented in Satam et al. [61] to identify abnormal activities in DNS. In this proposed detection mechanism, an anomaly metric is developed for Domain Name System protocol and considered it as a metric of temporal statistics for both genuine and malicious activities.

Bassil et al. [63] offered an S-DNS (secure-DNS) protocol for preventing DNS poisoning attacks and man-in-the-middle attacks by using a capable Identity Based Encryption key mechanism which mitigates DNS collaborating/interacting systems, but this protocol is not able to avert other attacks like Denial of service.

By tracing the anomalous/abnormal actions of name servers Wang et al. [64]proposed a feature analysis/examination mechanism. In this paper real time analysis of DNS traffic in the extensive network environment is done, but this approach was analyzed normal/common domain servers not suspicious name servers.

3.2 Virtual Machine based attacks

By identifying vulnerabilities in virtual machine, attackers can launch the malicious activities to violate protection of data and damage services of the cloud. In multi-tenancy environment [65], several VMs concurrently being hosted on a system causes more security hazards. We consider four types of attacks which are illustrated in Table 2.

3.2.1 VM migration attack

The Virtual Machine Migration is a procedure of relocating a VM to a different physical machine without shutting down the VM. This process is implement for the various reasons like maintenance, balancing the load and fault tolerance with respective to sharing and storage space management. At the time of the migration, VM contents are uncovered to the network that will bring out privacy, confidentiality and integrity issues [66, 67].

Wang et al. [68] Discussed the mechanism of evaluating possible threats which are concealed behind the regular Virtual Machine Migration and investigated the pitfalls of present Intrusion Detection and Prevention system for protecting a novel Distributed Denial of Service attack such as CDF (Cloud-Droplet-Freezing) attack, which is capable to obstruct/congest cloud servers network communication, but this approach doesn’t specify any definite mitigation mechanisms.

A novel securing VM migration auction process is proposed by Majhi and Dhal [69] to increase the accessibility of the resources of the cloud by the business association of cloud provider. This work analyses possible threats and related security necessities for Virtual Machine Migration Auction system, but this approach illustrates finite number of threats and vulnerabilities.

To avoid downtime of Virtual Network in migration process a virtual network clone migration mechanism is proposed by Melo et al. [70]. This approach performs cloning function of Virtual Router and relocates the Virtual router to other physical machine, but this mechanism is vulnerable under suspicious hypervisor.

By considering and analyzing the necessity for physical isolation between reliable and unreliable virtual resources, Liu et al. [71] presented security specifications of virtual network. Authors proposed two algorithms to resolve the security and privacy-aware network embedding issue, but in this approach parameters of the algorithms are chosen statistically.

Table 2
Virtual Machine based attacks

Attack type	How? (Attack surface)	Attack implications	Vulnerable components	Affected cloud service	Authors
Virtual Machine migration attack	Contents of VM are exposed to network at the time of migration that will lead to confidentiality and privacy issues of data.	Causes data privacy, confidentiality and Integrity issues	Virtual Machine, Hypervisor and network	IaaS, SaaS, Paas	Wang et al. (2014); Majhi et al. (2016); Melo et al. (2014); Liu et al. (2015)
Virtual Machine Rollback attack	An attacker is capable to bypass some security checks by leveraging rollback mechanism.	Infringement of cloud data protection	Virtual Machine and Hypervisor	IaaS, SaaS	Shoundic et al. (2016); Hongwei et al. (2016); Zang et al. (2011); Dunlap et al. (2006)
VM based side-channel attack	Intruder is able to monitor the co-resident VM’s activities by using shared resources in cloud.	Bypasses the Virtual Machine Isolation	Virtual Machine and Time shared cache	IaaS, SaaS	Godfrey et al. (2014); Ristenpart et al. (2009); Shi et al. (2011)
VM escape attack	Virtual Machine can access root privileges by directly interacting with hypervisor.	Disruption of privacy and integrity of hypervisor and other VMs	Virtual Machine and Hypervisor	IaaS, PaaS and SaaS	Rehman et al. (2014); Luo et al. (2011); Shi et al. (2014)
VM scheduling attack	Malicious activity on schedulers.	Theft-of-service	Virtual Machine scheduler	IaaS, PaaS SaaS	Zhou et al. (2013); Yang et al. (2012); Prajapati et al. (2013)

3.2.2 VM Rollback attack

In virtualization environment, to generate a preview of processor status, disk and memory of the VM, the hypervisor is able to suspend a virtual Machine during its execution and later it can resume that snapshot. This functionality is useful for maintenance of Virtual Machine and fault tolerance. Unfortunately, malicious users leverage this process to launch the rollback attacks by bypassing some security checks in the Virtual Machine and are able to employ brute force attack to damage the privacy of the VM. Specifically, a hypervisor is compromised by the attacker capable to run a Virtual Machine from a previous preview/snapshot without client’s awareness. This leads to confidentiality and integrity issues [7].

Various rollback security issues were discussed and analyzed in Shoundic et al. [73]. Authors proposed a key solution to Virtual Machine issues by designing extended hyper-wall framework, which persuade integrity and privacy of user’s data in a cloud environment, but the proposed architecture is capable for thwarting only rollback attacks.

Zhang et al. [74] discussed an approach named as CloudVisor which affords efficient integrity and privacy assurance of data in virtual environment, even if the Virtual Machine Monitor (VMM) and software management are compromised by the attackers. This mechanism can be achieved by using available hardware backing for virtualization and reliable computing, but the functionality of this proposed mechanism is quite simple and not feasible to employ in firmware.

For proper identification of virus in Virtual Environment, an antivirus scheme VirtAV is proposed in Tang et al. [75]. This proposed scheme uses signature of the memory to identify infectious actions. By sampling three thousand samples VirtAV achieved cent percent finding rate from open virus specimen, but this approach is will possibly take more time to scan the virus.

Yields additional attacks that can be migrated to the cloud Dunlap et al. [76] introduced a new technology called ReVirt to solve integrity issues of logger in virtualization environment by employing audit logging. This mechanism wraps the target system (applications and OS) inside a VM and then the logging system is resided below under VM.

3.2.3 VM based side-channel attack

Resource sharing is one of the major benefits of the cloud, but allowing malicious users access to the same resource causes cache-based side channel attacks. This attack functions by building an association between the software and basic hardware. Intruders used to identify the actions of a co-resident Virtual Machines by inspecting utilization of cache and able to take out or extract the confidential cryptographic keys of innocent hosts. This kind of malicious actions bypasses the VM isolation in the cloud environment also.

Godfrey and Zulkernine [77] discussed a pair of techniques to mitigate this side channel attacks. Among them first technique is flushing the cache selectively among the Prime and Trigger steps, in that way thwarting the inquiring occurrence from ever seeing a pattern in the shared cache hit information. The second one is, partitioning the cache into several smaller chunks and permits each Virtual Machine access to a division of these sections. According to authors the proposed mechanisms are efficient to detect and prevent side channel attacks in shared environment, but these techniques are probably overhead to deploy in the cloud.

The discussion of various security concerns occurred from sharing the physical resources is presented in Ristenpart et al. [78]. In this approach, authors elaborate probability of mapping the infrastructure of the cloud and categorize the location of victims Virtual Machine and then incorporates the new Virtual Machine. Authors described this prevention technique to defense against cache-based side-channel attacks.

The scenario of cache-based side-channel in a shared environment is explained by Shi et al. [79]. Authors presented a novel coloring technique to cache division vigorously to thwart side-channel attacks during an application executing secure sensitive-operations, but this method is not applicable to authenticate another virtualization mechanisms.

3.2.4 Virtual machine escape

VMs are intended to run in self-supported and confined situation. However, malicious user executes the program on a virtual machine that permits an OS running within it to come out and communicate with the hypervisor directly [80]. By doing this an intruder will able to get root privileges and able to access the host machine and each and every VM running on the host. This malicious activity causes disruption in the confidentiality and security of the virtual environment.

Rehman et al. [80] reviewed various security issues in the virtual environment. The main intension this approach is clear understanding of the risks and vulnerabilities by the cloud client while scheming and employing the VM. In this paper, authors provided simulations regarding some familiar attacks on virtualization.

A secured architecture is presented in Luo et al. [81] which is used to effectively resolve the risks occurring in the virtualization. This proposed security scheme which presents some key possibilities to tackle the growth of virtual Machine issues, vulnerabilities and risks, but this work didn’t provide any real time simulations of these defense mechanisms.

Hardware based mechanism is discussed in Jin et al. [82] to secure guest Virtual machines beneath unreliable hypervisor. This method increases the hardware maintenance for storage virtualization on the basis of nested paging with reduced hardware cost. This approach decreases the complexity and provides security against various physical intrusions in cloud datacenter.

3.2.5 VM scheduling attack

In Virtual environment a hypervisor is able is offer a number of VMs (Virtual Machines) on a particular PM Physical Machine. Each VM executes a unique OS instance. All the scheduling functionalities of these VMs such as Input output performance, load balancing are handled by the scheduler in virtual machine. The scheduler become vulnerable [83] to malicious activities done by the intruders [84] who are trying to do theft-of-service or exploiting more usage of resources by the same admin domain.

By considering flaws in the scheduler utilized by the Xen hypervisor and Amazon EC2 Zhou et al. [83] elaborated timing-based manipulation vulnerabilities. Authors gave detailed description about the mechanisms that Xen and Amazon EC2 schedulers using to thwart scheduler layer attacks. This paper presented detail analysis-based modifications which are used to prevent scheduling issues.

An input and output performance analysis mechanism named as vExplorer is introduced in Yang et al. [84]. This proposed method facilitates to recognize the features of disk Input/Output scheduler in Xen and VMware hypervisors. However, this approach identified I/O scheduling issues only on hypervisor. But the Scheduling based vulnerabilities on Virtual Machine are not specified.

To resolve the issues of resource scheduling, a variety of scheduling algorithms based on factors like security conscious, energy efficiency are addressed by Prajapati et al. [85]. This survey found that in cloud computing there is inadequacy of security-aware scheduling mechanisms and algorithms. The analysis of existing algorithms is based on criteria’s like performance, cost, and utilization of resource, computation time, priority, bandwidth and availability of resources.

3.3 Storage based attacks

Nowadays, many organizations are using cloud storage to store massive data. However, due to various security issues in cloud such as privacy, integrity and confidentiality, the protection of data is become critical [86, 87]. If an efficient security mechanism is not implemented, a malicious insider or an attacker possibly will steal and alter the customer’s data effortlessly. We considered two storage layer attacks on cloud as illustrated in Table 3.

Table 3
Storage layer attacks

Attack type	How? (Attack surface)	Attack implications	Vulnerable components	Affected cloud service	Authors
Data de-duplication	Attacker identifying other user’s files and contents. There is a possibility of malicious software installation.	Data leakage	Cloud storage and network	PaaS, SaaS	Kaaniche and Laurent (2014); Miao et al. (2015); Puzio et al. (2013)
Data scavenging	Erased data is recovered by an intruder.	Violation of data protection and sensitive data leakage	Cloud storage	IaaS and SaaS	Hashizume et al. (2013); Somani et al. (2010); Kaaniche and Laurent (2014)

3.3.1 Data de-duplication

It is method that stores only single copy of a redundant data in cloud storage and links the repeated copies of the data to the original data copy. This procedure is used decrease bandwidth and storage of the cloud. On the other hand, this process raises security issues in cloud computing [88, 89]. An intruder is capable to identify the files as well as the contents of legitimate user and there is a possibility for the attackers to install harmful software in genuine users system.

Kaaniche and Laurent [89] presented a detailed preview of de-duplication mechanism in cloud environment and demonstrated that how this scheme will be a communication channel to identify the data inside the genuine users files. This work discusses other security issues regarding de-duplication and presented a novel mechanism that permits cross-client de-duplication used to decrease leakage of the data. This proposed technique used to enhance privacy assurance to the cloud customers regarding their data.

A novel de-duplication encryption mechanism is proposed in Miao et al. [90] which is used to defend the collision attack between various key servers and cloud server and this scheme is based on threshold signature. This security system is helpful to oppose the brute force attack and achieved the required security and privacy properties.

To attain confidentiality and integrity, a security-based mechanism is proposed in Puzio et al. [9] named as CloudDedup. This proposed mechanism facilitates block level de-duplication. This approach is completely adaptable with storage Application Program Interfaces (APIs) and evident for cloud providers, but this mechanism analyzed only storage and retrieval operations. Complete analysis of performance is not provided.

3.3.2 Data scavenging

While erasing information from a repository, the system does not remove the data completely. As a result, the erased data is recovered by the malicious user this process is referred as data scavenging [92, 93]. In multi-tenant environment, data scavenging is occurring when same resource is allocated to multiple users. The information and storage of earlier/previous customer may available to new customer.

A detailed description for cloud computing security is presented in Hashizume et al. [92]. The vulnerabilities due to data scavenging are addressed and to mitigate this activity, detection strategies on Service level agreements (SLA) are specified.

A digitized signature mechanism for providing secured communication of data is described in Somani et al. [93]. The proposed approach utilized RSA algorithm. A message digest is hashed and consequently encrypted. For further verification the encrypted text is then decrypted. In the same way, Kaaniche and Laurent [94] presented an approach for data sharing on a cloud using de-duplication. This mechanism facilitates security and privacy by encrypting/enciphering data and wrapping up security rights in isolated record. The deciphering/decryption of data is able to carry out only by legitimate or authorized customers.

3.4 Application based attacks

Various applications which are running on the cloud environment are uncovered to different kind of attacks. Intruders can insert/inject malicious code which can able to detect execution procedure and utilized this execution scheme for performing malicious activities. Consequently, the protocols used for security provision on a cloud environment are vulnerable to the malicious activities and any running application may utilize them as an initiation of the intrusion [12]. We considered a few application layer attacks as elucidated in Table 4.

Table 4
Application layer attacks

Attack type	How? (Attack surface)	Attack implications	Vulnerable components	Affected cloud service	Authors
Web service attacks	Attacker manipulates the message headers of web service protocols.	Theft-of-service	Web services and protocols	SaaS, PaaS and IaaS	Scarfone et al. (2007); Gruschka and Iacono (2009)
Malware injection	To change the path of execution, an intruder injects malicious code into a vulnerable program.	Hazardous manipulation of data	Cloud network and storage	SaaS, IaaS	Liu et al. (2011); Martignoni et al. (2009)
Shared architecture issues	Tracing of legitimate user execution path.	Data leakage	Shared caches	PaaS	Coppens et al. (2009); Doychev et al. (2013)
Steganography attacks	Insertion of malicious code within the files during transmission.	Malicious manipulation of the data	Cloud network and storage	SaaS, IaaS	Liu et al. (2011); Mazurczyk and Szczypiorski (2011)

3.4.1 Web service attacks

The web services use several protocols like E-Business XML, Block Extensible Exchange Protocol (BEEP), and Simple Access Object Protocol (SOAP). An attacker can exploit and manipulate the message headers with invalid requests [95]. For assuring valid request and executing of the services safely, the verification scheme and security strategies can be employed. To handle various possible web services layer attacks, firewalls can be utilized to detect and mitigate [96].

Intrusion detection and Prevention system (IDPS) is used to monitor and analyze suspicious incidents and generate reports to network administrator in Scarfone et al. [33]. This system examines the application protocol behavior to detect and mitigate the unauthorized access and abnormal traffic flow.

The Detection mechanism of signature wrapping attacks in web services is presented in Gruschka and Iacono [95]. This approach describes the validation mechanism needed to effectively monitor the arriving Simple Access Object Protocol requests. By analyzing the vulnerabilities of Amazon Elastic Cloud, a realistic directive for managing a vigorous and efficient SOAP request security verification scheme is provided.

3.4.2 Malware injection

If a cloud platform permits a customer to an insecure and unprotected interface for developing the application then an intruder can capable to perform malicious service implementation. Such type of malware possibly will serve any specific purpose the intruder is intended in. Specifically, in malware injection attack an intruder uploads a falsified copy of a genuine user’s service instance in order that a few service instances to victim (genuine user) service are managed and processed inside that malicious instance. So as to achieve this, the intruder has to obtain control over the data of victim in the cloud environment.

A novel mechanism which identifies malware attacks using historical information is discussed in Liu and Chen [97]. This approach utilizes logs to developing and scripting of files in PE (Portable Executable) format. Whichever changes are made to Portable Executable files due to malware injections subsequently, log manager will capture all the suspicious activities. Simulations of this approach show that it is efficient to detect the attacks with 83% accuracy.

A scheme for active analysis of malware and malicious code is presented in Martignoni et al. [98]. Once the code is submitted to the cloud, then examination of code is done systematically to find out whether it is a normal code or malicious code. This mechanism performs efficiently to detect and mitigate the suspicious malware activities in the cloud.

3.4.3 Shared architecture issues

On a multi-tenant environment, malicious client can able to trace normal user’s execution path. This activity can be additionally used to identify victim’s movements/actions and take control over his (victims) account.

Coppens et al. [111] discussed if-conversion mechanism which is used to handle time based side-channel attacks. The recommended mitigating mechanism facilitates control-flow based side channels in which the execution of the program is traced by detecting the path pursue through the program execution. The code transformation for conditional execution safeguard in opposition to the side channel attacks.

A mitigation mechanism which examine cache based side channel issues is characterized in Doychev et al. [112]. For analysis and detection of the such attacks, this scheme considered cache parameters and a binary file. This mechanism utilizes the components like iterator and parsers to analyze the issues.

3.4.4 Steganography attacks

During file transmission in a network, the Intruders insert malicious code inside the files. Security mechanisms ignored the files which contains the malicious content and treated them as regular files. Therefore, in recent times, analysts discovered that such attacks will be very severe in certain hazards on security and integrity in cloud storage.

To thwart steganography attacks Liu et al. [113] proposed a scheme called stegAD which integrates two algorithms named as enhanced-RS and SADI for identifying the damaged files and regulate hidden places with random noise correspondingly. The main intention of this scheme is to defend the audio steganography attacks.

Categorization of steganographic communication schemes in cloud computing based on steganograms receiver locations is discussed in Mazurczyk and Szczypiorski [114]. These mechanisms and threats have to be taken into account while designing secure and protected cloud services.

4. Other directions in cloud security

4.1 Security precautions initiated by cloud service providers

Cloud computing is a new phenomenon, the mechanisms required to uphold its security and privacy are still in their infancy. However, security measures [7] initiated by a few cloud providers are discussed below.

Google App Engine is a cloud platform for developing web applications. This App Engine uses Java Virtual Machine (JVM) in a sandbox which is a security system for detaching running java programs. Within the secured controls and supervisions, each and every java byte code will be managed and operated. Additionally, the Python interpreter is also functioning in a protected and secured sandbox.

Amazon Web Services (AWS) provides a set of services that create a pay-per-use (on demand) policy. It offers both platform and Infrastructure to the cloud user. Amazon Elastic Cloud brings out an interface for web service to build firewall setup, which monitors network traffic.

Through Secure Socket Layer (SSL) encrypted endpoints, Amazon S3 (simple storage service) can be available and it is the cloud customers duty to encipher the information before uploading into Amazon S3.

Force.com provides platform to cloud customers and permits every user through secure login. It uses Secure Assertion Markup language (SAML) for maintaining authenticity. This company offers physical level security, transmission level security and logical security.

Windows Azure is used to create for supervising, managing and deploying applications to Microsoft handled-datacenters through the network and it provides the services like infrastructure and platform. For protection and security it employs filtering routers, secured patch management, firewalls, centralized monitoring, and segmentation in the network and administration access of service.

By using secure sandbox characteristics, it is possible to reduce the cloud infrastructure deterioration and SSL customer certificates helps for controlling the updates and configurations.

Joyent Inc. specializes in virtualization of applications and it provides platform and infrastructure. It adopts security measures like Secure Socket Layer acceleration, sophisticated traffic analysis and security, advanced Domain Name System.

This organization introduces segregation of storage and network at the virtualization level and customers have control over all the root privileges.

4.2 Various Intrusion Detection Systems to safeguard the cloud

Intrusion Detection is a practice of observing the actions taking place in a network or computer system and analyzing those occurring events for sign of possible activities, which are information breaches or upcoming threats of infringement of security and privacy policies of computer, adequate use methods, or regular security policies. Possible activities includes denial of services, intruders obtaining illegitimate access to systems from the internet and getting authorized privileges of authorized users, malware injections.

An IDS (Intrusion Detection System) is software or hardware tool which is installed on a single host or network to identify and report malicious activities to the network administrator. For an instance, by utilizing the vulnerabilities in the system, an intruder is capable to compromise the system effectively. Then, the IDS possibly will report/inform the intrusion attempt to security administrator, after that admin could take up the appropriate action to reduce the disturbance caused by the malicious activity. An IPS (Intrusion Prevention System) performs like IDS, but it can able to prevent the malicious activity. In contrast, Firewall is a software or device that builds between a local network and the Internet which is used to monitors and filters the detrimental network traffic.

Generally, the chief element of a cloud is an efficient network; it should be secured by an Intrusion Detection System. A NIDS (Network-Based Intrusion Detection System) monitors the traffic in the network devices and analyzes the application and network protocol activities to analyze malicious activities [4] (DDoS). Similar to that to provide security for a single host, HIDS (Host-Based Detection System) is used. This HIDS observes a particular host’s characteristics and incidents for identifying wary activities.

The detection methodologies in Intrusion Detection System (IDS) includes signature-based [33], anomaly-based analysis. Signature-based recognition is efficient to identify known attacks but it is unsuccessful at identifying unfamiliar (unknown) attacks. Anomaly-based detection model keeps the profiles concerning applications, customers, hosts and protocols. Subsequently correlate present activity with the characteristics of the profile for any anomalies. Some Intrusion detection/prevention systems are listed below.

Snort is an open source NIDS (Network Intrusion Detection System) [99] which offers packet sniffing mechanism that monitors traffic in the network, captures and examines each packet and displayed to the customer to identify suspicious activities or anomalies. To make alerts, it utilizes packet sniffer components named as detection engine, pre-processor and logger.

Suricata: Suricata IDS [100] is a fast and sophisticated anomaly detection engine. It is efficient enough to do intrusion detection in real time and capable to do IPS (inline intrusion prevention) and network security monitoring (NSM).It is a rule-based detection system that uses set of rules to monitor traffic in the network. If any malicious activity occurs in the network, it alarms the network admin.

Bro Intrusion detection System is a network monitoring mechanism [101] able to identify intrusions through real-time observing and monitoring, Interpreter is incorporate in these IDS to perform policy scripts. It is an engine to handle incidents and to monitor streams of the packets. Once stream of the packets are captured by the engine then it assures that the received packets are regular and legitimate. Likewise, illegitimate or invalid packet is then terminated and an incident is generating to communicate the issue.

Samhain is a HIDS (Host-based Intrusion Detection System) which offers reliability and integrity checking in files, log file monitoring and analyzing, port monitoring, and detection of root kit [102]. It presents support for innermost logging and repository in database. It can be utilized as separate standalone application on a particular host. It allows users to view and analyze on-going activities through its web-based control.

NIDES is abbreviated as Next Generation Intrusion Detection Expert System [103] that regulates the traffic in the network by monitoring user activities in real time on several target computers associated using Ethernet. By utilizing rule-based analysis it is able to identify suspicious activities and correlate with known anomaly types.

eXpert-BSM is an efficient and sophisticated service for separating security misuse and essential security related caution indicators [104]. It evaluates the real time Solaris BSM audit stream details, provides alert report and return/feedback support. This mechanism is continues to increase in its efficiency and accessibility all the way through comprehensive analysis and testing.

5. Conclusions

Cloud computing offers a variety of services and on-demand resources through the internet. Distinct features such as reduction of cost, better flexibility and elasticity increases pervasiveness of the cloud. However, There are several issues concerning security, integrity and privacy of the cloud computing. This paper provides a survey of threats and security attacks in cloud Environment. We analyzed the security challenges of the cloud based on its delivery models. Then, the component-based classification of security concerns and a survey on existing countermeasures to address major issues at each layer of cloud are presented in this work. Finally, we discussed some intrusion detection and prevention systems which facilitate to thwart malicious activities in cloud environment.

With the growing utilization of cloud services it is attainable to gather adequate evidence of security measures followed by the cloud service providers. This can assist the infrastructure providers, customers to prefer accurate services from cloud vendors. Developing confidence and assurance in the cloud is a curious area of our future research.

Footnotes

Authors’ Bios

Damai Jessica Prathyusha is a Research Scholar in School of Computing Science and Engineering at VIT University, Vellore. She earned degrees in Bachelor of Technology (B.Tech) from Annamacharya Institute of Technology and Sciences, Tirupati, Master of Technology (M.tech) from Sree Vidyanikethan Engineering College, Tiruapti. She has published three papers in international journals. Her research interest is Cloud computing and Network security.

Shaik Naseera is an Associate Professor in School of Computing Science and Engineering at VIT University, Vellore. She holds degrees in Bachelor of Engineering (B.E) from University of Madras, Master of Technology (M.tech) from Pondicherry University, Pondicherry, and Doctor of Philosophy (Ph.D) from Sri Venkateswara University, Tirupati. She has published about 25 research papers in a number of SCOPUS indexed, high-impact factor journals and IEEE conferences. Her main research interest is Distributed Computing, Grid/cloud Computing, Artificial Intelligence, Neural Networks and Image Processing.

References

Buyya

Braberg

and Goscinski

A.M.

, Cloud Computing Principles and Para-digms, Wiley Publishing, New Jersey, USA, 2011.

Ponemon, Security of cloud computing providers study, 2011. http://www3.ca.com/∼/media/Files/IndustryResearch/security-of-cloud-computing-providers-final-april-2011.pdf.

Lee

S.G.

and Rajan

, Cloud Computing Vulnerability Incidents: A Statistical Overview, 2013.

Kandukuri

B.R.

and Rakshit

, Cloud security issues, in: Services Computing, SCC’09, IEEE International Conference on 2009 Sep 21–25, Bangalore, India, IEEE, 2009, pp. 517–520.

Sripanidkulchai

Sahu

Ruan

Shaikh

and Dorai

, Are clouds ready for large distributed applications? ACM SIGOPS Operating Systems Review, New York, NY, USA 44(2) (April 2010), 18–23.

Singh

and Chatterjee

, Cloud security issues and challenges: A survey, Journal of Network and Computer Applications 79 (2017), 88–115.

Modi

Patel

Borisaniya

Patel

and Rajarajan

, A survey on security issues and solutions at different layers of Cloud computing, The Journal of Supercomputing 63(2) (2013), 561–592.

Jeferry

Kousiouris

Kyriazis

Altmann

Ciuffoletti

Maglogiannis

and Zhao

, Challenges emerging from future cloud application scenarios, Procedia Computer Science 68 (2015), 227–237.

Ali

Khan

S.U.

and Vasilakos

A.V.

, Security in cloud computing: Opportunities and challenges, Information Sciences 305(1) (2015), 357–383.

10.

García-Valls

Cucinotta

and Lu

, Challenges in real-time virtualization and predictable cloud computing, Journal of Systems Architecture 60(9) (2014), 726–740.

11.

and Zhao

, A State-of-the-Art Survey on Real-Time Issues in Embedded Systems Virtualization, Journal of Software Engineering and Applications 5(4) (2012), 277–290.

12.

Subashini

and Kavitha

, A survey on security issues in service delivery models of cloud computing, Journal of Network and Computer Applications 34(1) (2011), 1–11.

13.

Zhou

Zhang

Xie

Qian

and Zhou

, Security and privacy in cloud computing: A survey, in: Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on, Washington, DC, USA, IEEE, November 2010, pp. 105–112.

14.

Shahzad

, State-of-the-art survey on cloud computing security Challenges, approaches and solutions, Procedia Computer Science 37 (January 2014), 357–362.

15.

Duncan

A.J.

Creese

and Goldsmith

, Insider attacks in cloud computing, in: Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, Washington, DC, USA, IEEE, June 2012, pp. 857–862.

16.

Yan

F.R.

Gong

and Li

, Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges, IEEE Communications Surveys and Tutorials 18(1) (2016), 602–622.

17.

Pandeeswari

and Kumar

, Anomaly detection system in cloud environment using fuzzy clustering based ANN, Mobile Networks and Applications 21(3) (2016), 494–505.

18.

Hwang

Kulkareni

and Hu

, Cloud security with virtualized defense and reputation-based trust mangement, in: Dependable, Autonomic and Secure Computing, 2009. DASC’09, Eighth IEEE International Conference on, Chengdu, China, IEEE, December 2009, pp. 717–722.

19.

Bakshi

and Dujodwala

Y.B.

, Securing cloud from ddos attacks using intrusion detection system in virtual machine, in: Communication Software and Networks, 2010. ICCSN’10, Second International Conference on, Singapore, IEEE, February 2010, pp. 260–264.

20.

Top 7 threats to cloud computing. Help net Security. https://www.helpnetsecurity.com/2010/03/01/top-7-threats-to-cloud-computing/.

21.

Deshmukh

R.V.

and Devadkar

K.K.

, Understanding DDoS attack and its effect in cloud environment, Procedia Computer Science 49 (2015), 202–210.

22.

History of DDoS, http://www.timetoast.com/timelines/history-of-ddos.

23.

Mercyshalinie

Madhupriya

Vairamani

and Velayutham

, Defense against DoS attack: PSO approach in virtualization, in: 2014 Sixth International Conference on Advanced Computing (ICoAC), Chennai, India IEEE, December 2014, pp. 199–204.

24.

Aishwarya

and Malliga

, Intrusion detection system-An efficient way to thwart against Dos/DDos attack in the cloud environment, in: Recent Trends in Information Technology (ICRTIT), 2014 International Conference on, Chennai, IEEE, April 2014, pp. 1–6.

25.

Eddy

W.M.

, TCP SYN flooding attacks and common mitigations, 2007.

26.

Shameli-Sendi

Pourzandi

Fekih-Ahmed

and Cheriet

, Taxonomy of Distributed Denial of Service mitigation approaches for cloud computing, Journal of Network and Computer Applications 58 (2015), 165–179.

27.

Prabadevi

and Jeyanthi

, Distributed Denial of service Attacks and its effects on Cloud Environment-a Survey, in: Networks, Computers and Communications, The 2014 International Symposium on, IEEE, June 2014, pp. 1–5.

28.

Guerid

Serhrouchni

Achemlal

and Mittig

, A novel traceback approach for direct and reflected ICMP attacks, in: Network and Information Systems Security (SAR-SSI), 2011 Conference on, La Rochelle, France, IEEE, May 2011, pp. 1–5.

29.

Kumar

, Smurf-based distributed denial of service (ddos) attack amplification in internet, in: Internet Monitoring and Protection, 2007. ICIMP 2007, Second International Conference on, San Jose, CA, USA, IEEE, July 2007, pp. 25–25.

30.

Yan

F.R.

Gong

and Li

31.

Tian

Guo

and Wu

D.O.

, Can we beat DDoS attacks in clouds? IEEE Transactions on Parallel and Distributed Systems 25(9) (2014), 2245–2254.

32.

Kim

Narantuya

Jeong

Kim

and Lim

, Suspicious Traffic Sampling for Intrusion Detection in Software-Defined Networks, Computer Networks 109 (2016), 172–182.

33.

Scarfone

and Mell

, Guide to intrusion detection and prevention systems (idps), NIST Special Publication 800 (2007), 94. Available: http://csrcnist.gov/publications/nistpubs/800-94/SP800-94.pdf.

34.

Riquet

Grimaud

and Hauspie

, Large-scale coordinated attacks: Impact on the cloud security, in: Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2012 Sixth International Conference on, Palermo, Italy, IEEE, July 2012, pp. 558–563.

35.

Deshpande

Aggarwal

Sharma

S.C.

Kumar

P.S.

and Abraham

, Distributed port-scan attack in cloud environment, in: Computational Aspects of Social Networks (CASoN), 2013 Fifth International Conference on, Fargo, ND, USA, IEEE, August 2013, pp. 27–31.

36.

Chen

C.M.

Guan

D.J.

Huang

Y.Z.

and Ou

Y.H.

, State-based attack detection for cloud, in: Next-Generation Electronics (ISNE), 2013 IEEE International Symposium on, IEEE, February 2013, pp. 177–180.

37.

Riquet

Grimaud

and Hauspie

38.

Duan

Yuan

and Chandrashekar

, Controlling ip spoofing through interdomain packet filters, IEEE Transactions on Dependable and Secure Computing 5(1) (2008), 22–36.

39.

Wang

Jin

and Shin

K.G.

, Defense against spoofed IP traffic using hop-count filtering, IEEE/ACM Transactions on Networking (ToN) 15(1) (2007), 40–53.

40.

Jeyanthi

Barde

Sravani

Tiwari

and Iyengar

N.C.S.N.

, Detection of distributed denial of service attacks in cloud computing by identifying spoofed IP, International Journal of Communication Networks and Distributed Systems 11(3) (2013), 262–279.

41.

Ehrenkranz

and Li

, On the state of IP spoofing defense, ACM Transactions on Internet Technology (TOIT) 9(2) (2009), 6.

42.

Khorshed

M.T.

Ali

A.S.

and Wasimi

S.A.

, A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing, Future Generation Computer Systems 28(6) (2012), 833–851.

43.

Kalra

and Sood

, ECC-based anti-phishing protocol for cloud computing services, International Journal of Security and Networks 8(3) (2013), 130–138.

44.

Dhamija

and Tygar

J.D.

, The battle against phishing: Dynamic security skins, in: Proceedings of the 2005 symposium on usable privacy and security, ACM, July 2005, pp. 77–88.

45.

Huang

C.Y.

S.P.

and Chen

K.T.

, Using one-time passwords to prevent password phishing attacks, Journal of Network and Computer Applications 34(4) (2011), 1292–1301.

46.

T.Y.

Chen

C.M.

Sun

Liu

and Lin

J.C.W.

, A Countermeasure to SQL Injection Attack for Cloud Environment, Wireless Personal Communications, 1–15.

47.

Bisht

Madhusudan

and Venkatakrishnan

V.N.

, CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks, ACM Transactions on Information and System Security (TISSEC) 13(2) (2010), 14.

48.

Chang

Kuo

Y.H.

and Ramachandran

, Cloud computing adoption framework: A security framework for business clouds, Future Generation Computer Systems 57 (2016), 24–41.

49.

Gangan

, A review of man-in-the-middle attacks, arXiv preprint arXiv:1504.02115, 2015.

50.

Fernandes

D.A.

Soares

L.F.

Gomes

J.V.

Freire

M.M.

and Inácio

P.R.

, Security issues in cloud environments: a survey, International Journal of Information Security 13(2) (2014), 113–170.

51.

Karadsheh

, Applying security policies and service level agreement to IaaS service model to enhance security and transition, Computers and Security 31(3) (2012), 315–326.

52.

Grobauer

Walloschek

and Stocker

, Understanding cloud computing vulnerabilities, IEEE Security and Privacy 9(2) (2011), 50–57.

53.

Sujitha

Varadharajan

Rao

Y.V.

Sridev

Gauthaum

M.S.

Narayanan

and Shalinie

S.M.

, Improving security of parallel algorithm using key encryption technique, Information Technology Journal 12(12) (2013), 2398.

54.

Ding

Yang

and Zhang

, SDN-Based ARP Attack Detection for Cloud Centers, in: Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom), 2015 IEEE 12th Intl Conf on, IEEE, August 2015, pp. 1049–1054.

55.

Zhao

Gong

Liu

and Zhang

, SDN-based Double Hopping Communication against sniffer attack, Mathematical Problems in Engineering, 2016.

56.

Xiong

Yao

Liu

and Li

, A secure document self-destruction scheme with identity based encryption, in: Intelligent Networking and Collaborative Systems (INCoS), 2013 5th International Conference on, Xi’an, China, IEEE, September 2013, pp. 239–243.

57.

Debar

Dacier

and Wespi

, Towards a taxonomy of intrusion-detection systems, Computer Networks 31(8) (1999), 805–822.

58.

Ahmad

Nasser

and Anan

, An identification and prevention of theft-of-service attack on cloud computing, in: Selected Topics in Mobile and Wireless Networking (MoWNeT), 2016 International Conference on, Cairo, Egypt, IEEE, April 2016, pp. 1–6.

59.

Claycomb

W.R.

and Nicoll

, Insider threats to cloud computing: Directions for new research challenges, in: 2012 IEEE 36th Annual Computer Software and Applications Conference, Izmir, Turkey, IEEE, July 2012, pp. 387–394.

60.

Dong

Xiao

and Chen

, Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing, International Journal of Theoretical Physics 55(12) (2016), 5106–5117.

61.

Satam

Alipour

Al-Nashif

and Hariri

, Dns-ids: Securing dns in the cloud era, in: Cloud and Autonomic Computing (ICCAC), 2015 International Conference on, Boston, MA, USA, IEEE, September 2015, pp. 296–301.

62.

Yan

and Wang

, A cache-splitting scheme for DNS recursive server, in: 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems, Hangzhou, China, IEEE, Vol. 3, October 2012, pp. 1267–1271.

63.

Bassil

Hobeica

Itani

Ghali

Kayssi

and Chehab

, Security analysis and solution for thwarting cache poisoning attacks in the domain name system, in: Telecommunications (ICT), 2012 19th International Conference on, Jounieh, Lebanon, IEEE, April 2012, pp. 1–6.

64.

Wang

M.Z.

and Yan

B.R.

, Tracking anomalous behaviors of name servers by mining DNS traffic, in: International Symposium on Parallel and Distributed Processing and Applications, Springer Berlin Heidelberg, December 2006, pp. 351–357.

65.

Studnia

Alata

Deswarte

Kaâniche

and Nicomette

, Survey of security problems in cloud computing virtual machines, in: Computer and Electronics Security Applications Rendez-vous (CandESAR 2012). Cloud and security: threat or opportunity, November 2012, pp. p–61.

66.

Bradford

Kotsovinos

Feldmann

and Schiöberg

, Live wide-area migration of virtual machines including local persistent state, in: Proceedings of the 3rd International Conference on Virtual Execution Environments, San Diego, California, USA, ACM, June 2007, pp. 169–179.

67.

Yeh

J.R.

Hsiao

H.C.

and Pang

A.C.

, Migrant Attack: A Multi-resource DoS Attack on Cloud Virtual Machine Migration Schemes, in: Information Security (AsiaJCIS), 2016 11th Asia Joint Conference on, Fukuoka, Japan, IEEE, August 2016, pp. 92–99.

68.

Wang

and Zhang

, From high-availability to collapse: quantitative analysis of “Cloud-Droplet-Freezing” attack threats to virtual machine migration in cloud computing, Cluster Computing 17(4) (2014), 1369–1381.

69.

Majhi

S.K.

and Dhal

S.K.

, Threat Modelling of Virtual Machine Migration Auction, Procedia Computer Science 78 (2016), 107–113.

70.

Melo

Sargento

and Carapinha

, Optimal virtual network migration: A step closer for seamless resource mobility, Journal of Network and Computer Applications 64 (2016), 124–136.

71.

Liu

Cai

and Xu

, Towards security-aware virtual network embedding, Computer Networks 91 (2015), 151–163.

72.

Xia

Liu

Chen

and Zang

, Defending against vm rollback attack, in: Dependable Systems and Networks Workshops (DSN-W), 2012 IEEE/IFIP 42nd International Conference on, Orlando, FL, USA, IEEE, June 2012, pp. 1–5.

73.

Shoundic

Chandran

Krishna

Reddy

Jayachandra

and Pande

, Extended-HyperWall: Hardware support for rollback secure virtualization, in: Advances in Computing, Communications and Informatics (ICACCI), 2016 International Conference on, Jaipur, India, IEEE, September 2016, pp. 1674–1681.

74.

Zhang

Chen

and Zang

, CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization, in: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, ACM, October 2011, pp. 203–216.

75.

Tang

Feng

Zhao

and Jin

, VirtAV: An agentless antivirus system based on in-memory signature scanning for virtual machine, in: Advanced Communication Technology (ICACT), 2016 18th International Conference on, Pyeongchang, South Korea, IEEE, January 2016, pp. 1–2.

76.

Dunlap

G.W.

King

S.T.

Cinar

Basrai

M.A.

and Chen

P.M.

, ReVirt: Enabling intrusion analysis through virtual-machine logging and replay, ACM SIGOPS Operating Systems Review 36(SI) (2002), 211–224.

77.

Godfrey

M.M.

and Zulkernine

, Preventing cache-based side-channel attacks in a cloud environment, IEEE Transactions on Cloud Computing 2(4) (2014), 395–408.

78.

Ristenpart

Tromer

Shacham

and Savage

, Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, in: Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA, ACM, November 2009, pp. 199–212.

79.

Shi

Song

Chen

and Zang

, Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring, in: Dependable Systems and Networks Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference on, Hong Kong, China, IEEE, June 2011, pp. 194–199.

80.

Rehman

Alqahtani

Altameem

and Saba

, Virtual machine security challenges: case studies, International Journal of Machine Learning and Cybernetics 5(5) (2014), 729–742.

81.

Luo

Lin

Chen

Yang

and Chen

, Virtualization security for cloud computing service, in: Cloud and Service Computing (CSC), 2011 International Conference on, Hong Kong, China, IEEE, December 2011, pp. 174–179.

82.

Jin

Ahn

Seol

Cha

Huh

and Maeng

, H-SVM: Hardware-Assisted Secure Virtual Machines under a Vulnerable Hypervisor, IEEE Transactions on Computers 64(10) (2015), 2833–2846.

83.

Zhou

Goel

Desnoyers

and Sundaram

, Scheduler vulnerabilities and coordinated attacks in cloud computing, Journal of Computer Security 21(4) (2013), 533–559.

84.

Yang

Fang

Zhao

and Huang

H.H.

, Understanding the effects of hypervisor I/O scheduling for virtual machine performance interference, in: Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on, Taipei, Taiwan, IEEE, December 2012, pp. 34–41.

85.

Prajapati

K.D.

Raval

Karamta

and Potdar

M.B.

, Comparison of virtual machine scheduling algorithms in cloud computing, International Journal of Computer Applications 83(15) (2013), 0975–8887.

86.

Stefanov

and Shi

, Oblivistore: High performance oblivious cloud storage, in: Security and Privacy (SP), 2013 IEEE Symposium on, Berkeley, CA, USA, IEEE, May 2013, pp. 253–267.

87.

Jung

X.Y.

Wan

and Wan

, Privacy preserving cloud data access with multi-authorities, in: INFOCOM, 2013 Proceedings IEEE, IEEE, April 2013, pp. 2625–2633.

88.

Harnik

Pinkas

and Shulman-Peleg

, Side channels in cloud services: Deduplication in cloud storage, IEEE Security and Privacy 8(6) (2010), 40–47.

89.

Kaaniche

and Laurent

, A secure client side deduplication scheme in cloud storage environments, in: New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, Dubai, United Arab Emirates, United Arab Emirates, IEEE, March 2014, pp. 1–7.

90.

Miao

Wang

and Chen

, Secure multi-server-aided data deduplication in cloud computing, Pervasive and Mobile Computing 24 (2015), 129–137.

91.

Puzio

Molva

Onen

and Loureiro

, ClouDedup: secure deduplication with encrypted data for cloud storage, in: Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on, Bristol, UK, IEEE, Vol. 1, December 2013, pp. 363–370.

92.

Hashizume

Rosado

D.G.

Fernández-Medina

and Fernandez

E.B.

, An analysis of security issues for cloud computing, Journal of Internet Services and Applications 4(1) (2013), 5.

93.

Somani

Lakhani

and Mundra

, Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing, in: Parallel Distributed and Grid Computing (PDGC), 2010 1st International Conference on, Solan, India, IEEE, October 2010, pp. 211–216.

94.

Kaaniche

and Laurent

95.

Gruschka

and Iacono

L.L.

, Vulnerable cloud: Soap message security validation revisited, in: Web Services, 2009. ICWS 2009. IEEE International Conference on, Los Angeles, CA, USA, IEEE, July 2009, pp. 625–631.

96.

OWASP, 2015. Web Application Firewall.URL https://www.owasp.org/index.php/Web_Application_Firewall.

97.

Liu

S.T.

and Chen

Y.M.

, Retrospective detection of malware attacks by cloud computing, International Journal of Information Technology, Communications and Convergence 1(3) (2011), 280–296. Boston.

98.

Martignoni

Paleari

and Bruschi

, A framework for behavior-based malware analysis in the cloud, in: International Conference on Information Systems Security, Springer Berlin Heidelberg, December 2009, pp. 178–192.

99.

Roesch

, 2014, SnortUerManual2.9.7.URL http://www.snort.org/documents/1, October.

100.

OISF, 2015, Suricata Guide User URL https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_User_Guide.

101.

Paxson

, Bro: a system for detecting network intruders in real-time, Computer Networks 31(23) (1999), 2435–2463.

102.

Samhain, 2006, The Samhain File Integrity/Host-Based Intrusion Detection Syatem.URL http://www.la-samhna.de/samhain/.

103.

Anderson

Frivold

and Valdes

, Next-generation intrusion detection expert system (NIDES): A summary, 1995.

104.

Lindqvist

and Porras

P.A.

, eXpert-BSM: A host-based intrusion detection solution for Sun Solaris, in: Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual, New Orleans, LA, USA, USA, IEEE, December 2001, pp. 240–251.

105.

Watson

M.R.

Marnerides

A.K.

Mauthe

and Hutchison

, Malware detection in cloud computing infrastructures, IEEE Transactions on Dependable and Secure Computing 13(2) (2016), 192–205.

106.

Xie

and Li

, Research and implementation of a role-based trustworthiness mechanism for IaaS, in: Cloud Computing and Intelligent Systems (CCIS), 2012 IEEE 2nd International Conference on, Hangzhou, China, IEEE, Vol. 1, October 2012, pp. 313–317.

107.

Abdelrazek

M.A.

Grundy

and Ibrahim

A.S.

, Improving Tenants’ Trust in SaaS Applications Using Dynamic Security Monitors, in: Engineering of Complex Computer Systems (ICECCS), 2015 20th International Conference on, Gold Coast, QLD, Australia, IEEE, December 2015, pp. 70–79.

108.

Chouhan

P.K.

Yao

and Sezer

, Software as a service: Understanding security issues, in: Science and Information Conference (SAI), 2015, London, UK, IEEE, July 2015, pp. 162–170.

109.

Sandikkaya

M.T.

and Harmanci

A.E.

, Security problems of platform-as-a-service (paas) clouds and practical solutions to the problems, in: Reliable Distributed Systems (SRDS), 2012 IEEE 31st Symposium on, Irvine, CA, USA, IEEE, October 2012, pp. 463–468.

110.

Rodero-Merino

Vaquero

L.M.

Caron

Muresan

and Desprez

, Building safe PaaS clouds: A survey on security in multitenant software platforms, Computers and Security 31(1) (2012), 96–108.

111.

Coppens

Verbauwhede

De Bosschere

and De Sutter

, Practical mitigations for timing-based side-channel attacks on modern x86 processors, in: Security and Privacy, 2009 30th IEEE Symposium on, Oakland, CA, USA, IEEE, May 2009, pp. 45–60.

112.

Doychev

Köpf

Mauborgne

and Reineke

, Cacheaudit: A tool for the static analysis of cache side channels, ACM Transactions on Information and System Security (TISSEC) 18(1) (2015), 4.

113.

Liu

Wang

Wei

Zhao

and Su

, Thwarting audio steganography attacks in cloud storage systems, in: Cloud and Service Computing (CSC), 2011 International Conference on, Hong Kong, China, IEEE, December 2011, pp. 259–265.

114.

Mazurczyk

and Szczypiorski

, Is Cloud Computing Steganography-proof? in: Multimedia Information Networking and Security (MINES), 2011 Third International Conference on, Shanghai, China, IEEE, November 2011, pp. 441–442.

115.

Khan

M.A.

, A survey of security issues for cloud computing, Journal of Network and Computer Applications 71 (2016), 11–29.

A study on cloud security issues

Abstract

Keywords

1. Introduction

2.1 Security threats in cloud computing

2.1.1 Data breaches

2.1.2 Malicious insiders

2.1.3 Vulnerable interfaces and APIs

2.1.4 Account hijacking

2.1.5 Data loss

2.1.6 Identity theft

2.2 Analysis of security issues in cloud service delivery models

2.2.2 Security challenges in Platform-as-a-service (PaaS)

3. Classification of cloud security issues based on its components

3.1 Network based attacks

3.1.1 DoS/DDoS attacks

Table 1 Network based attacks

3.1.3 IP spoofing

3.1.4 Phishing

3.1.5 SQL Injection

3.1.6 Man-In-The-Middle attack

3.1.7 Sniffer attack

3.1.8 Theft of service

3.1.9 DNS spoofing

3.2 Virtual Machine based attacks

3.2.1 VM migration attack

Table 2 Virtual Machine based attacks

3.2.3 VM based side-channel attack

3.2.4 Virtual machine escape

3.2.5 VM scheduling attack

3.3 Storage based attacks

Table 3 Storage layer attacks

3.3.2 Data scavenging

3.4 Application based attacks

Table 4 Application layer attacks

3.4.2 Malware injection

3.4.3 Shared architecture issues

3.4.4 Steganography attacks

4. Other directions in cloud security

4.1 Security precautions initiated by cloud service providers

4.2 Various Intrusion Detection Systems to safeguard the cloud

5. Conclusions

Footnotes

Authors’ Bios

References

Table 1
Network based attacks

Table 2
Virtual Machine based attacks

Table 3
Storage layer attacks

Table 4
Application layer attacks