Journal of Computing Science and Engineering

  • 제9권3호
  • /
  • Pages.119-133
  • /
  • 2015
  • /
  • 1976-4677(pISSN)
  • /
  • 2093-8020(eISSN)
한국정보과학회 (Korean Institute of Information Scientists and Engineers)
권호 표지
DOI QR코드

DOI QR Code

A Survey of Security and Privacy Challenges in Cloud Computing: Solutions and Future Directions

  • Liu, Yuhong (Department of Information Science and Technology) ;
  • Sun, Yan Lindsay (Department of Electrical, Computer and Biomedical Engineering, University of Rhode Island) ;
  • Ryoo, Jungwoo (Department of Information Science and Technology) ;
  • Rizvi, Syed (Department of Information Science and Technology) ;
  • Vasilakos, Athanasios V. (Department of Computer Science, Electrical and Space Engineering, Lulea University of Technology)
  • 투고 : 2015.05.29
  • 심사 : 2015.06.25
  • 발행 : 2015.09.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

While cloud computing is gaining popularity, diverse security and privacy issues are emerging that hinder the rapid adoption of this new computing paradigm. And the development of defensive solutions is lagging behind. To ensure a secure and trustworthy cloud environment it is essential to identify the limitations of existing solutions and envision directions for future research. In this paper, we have surveyed critical security and privacy challenges in cloud computing, categorized diverse existing solutions, compared their strengths and limitations, and envisioned future research directions.

키워드

참고문헌

  1. P. Mell and T. Grance, "The NIST definition of cloud computing," 2011; http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.
  2. P. Viswanathan, "Cloud computing - Is it really all that beneficial?" http://mobiledevices.about.com/od/additionalresources/a/Cloud-Computing-Is-It-Really-All-That-Beneficial.htm.
  3. F. Gens, "New IDC IT cloud services survey: top benefits and challenges," 2009; http://blogs.idc.com/ie/?p=730.
  4. D. Sheppard, "Is loss of control the biggest hurdle to cloud computing?" 2014; http://www.itworldcanada.com/blog/isloss-of-control-the-biggest-hurdle-to-cloud-computing/95131.
  5. Top Threats Working Group, "The notorious nine: cloud computing top threats in 2013," 2013; https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf.
  6. Independently Conducted by Ponemon Institute LLC, "Achieving Data Privacy in the Cloud," 2012; http://download.microsoft.com/download/F/7/6/F76BCFD7-2E42-4BFBBD20-A6A1F889435C/Microsoft_Ponemon_Cloud_Privacy_Study_Germany.pdf.
  7. J. R. Raphael, "The worst cloud outages of 2013 (so far)," 2013; http://www.infoworld.com/article/2606768/cloud-computing/107783-The-worst-cloud-outages-of-2013-so-far.html.
  8. S. Pearson and A. Benameur, "Privacy, security and trust issues arising from cloud computing," in Proceedings of 2010 IEEE 2nd International Conference on Cloud Computing Technology and Science (CloudCom), Indianapolis, IN, 2010, pp. 693-702.
  9. A. Murphy, "Storing data in the cloud raises compliance challenges," 2012; http://www.forbes.com/sites/ciocentral/2012/01/19/storing-data-in-the-cloud-raises-compliance-challenges/.
  10. R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina, "Controlling data in the cloud: outsourcing computation without outsourcing control," in Proceedings of the 2009 ACM Workshop on Cloud Computing Security, Chicago, IL, 2009, pp. 85-90.
  11. R. Maggiani, "Cloud computing is changing how we communicate," in Proceedings of IEEE International Professional Communication Conference (IPCC 2009), Waikiki, HI, 2009, pp. 1-4.
  12. S. Condon, "FTC questions cloud-computing security," 2009; http://www.cnet.com/news/ftc-questions-cloud-computing-security/.
  13. R. Singel, "NetFlix cancels recommendation contest after privacy lawsuit," 2010; http://www.wired.com/2010/03/netflix-cancels-contest.
  14. W. Pauley, "Cloud provider transparency: an empirical evaluation," IEEE Security & Privacy, vol. 8, no. 6, pp. 32-39, 2010. https://doi.org/10.1109/MSP.2010.140
  15. B. P. Rimal, E. Choi, and I. Lumb, "A taxonomy and survey of cloud computing systems," in Proceedings of 5th International Joint Conference on INC, IMS and IDC (NCM'09), Seoul, Korea, 2009, pp. 44-51.
  16. Virtualization Special Interest Group and PCI Security Standards Council, "PCI DSS Virtualization Guidelines," 2011; https://www.pcisecuritystandards.org/documents/Virtualization_InfoSupp_v2.pdf.
  17. X. Luo, L. Yang, L. Ma, S. Chu, and H. Dai, "Virtualization security risks and solutions of Cloud Computing via divideconquer strategy," in Proceedings of 2011 3rd International Conference on Multimedia Information Networking and Security (MINES), Shanghai, China, 2011, pp. 637-641.
  18. A. Jasti, P. Shah, R. Nagaraj, and R. Pendse, "Security in multi-tenancy cloud," in Proceedings of 2010 IEEE International Carnahan Conference on Security Technology (ICCST), San Jose, CA, 2010, pp. 35-41.
  19. D. Hyde, "A survey on the security of virtual machines," 2009; http://www.cs.wustl.edu/-jain/cse571-09/ftp/vmsec.pdf.
  20. K. Owens, "Securing virtual compute infrastructure in the cloud," Savvis Inc., Town and Country, MO, 2009.
  21. M. Zheng, "Virtualization security in data centers and clouds," 2011; http://www.cse.wustl.edu/-jain/cse571-11/ftp/virtual/.
  22. W. J. Brown, V. Anderson, and Q. Tan, "Multitenancy-security risks and countermeasures," in Proceedings of 2012 15th International Conference on Network-Based Information Systems (NBiS), Melbourne, Australia, 2012, pp. 7-13.
  23. A. Behl and K. Behl, "An analysis of cloud computing security issues," in Proceedings of 2012 World Congress on Information and Communication Technologies (WICT), Trivandrum, India, 2012, pp. 109-114.
  24. K. Wood and M. Anderson, "Understanding the complexity surrounding multitenancy in cloud computing," in Proceedings of 2011 IEEE 8th International Conference on e-Business Engineering (ICEBE), Beijing, China, pp. 119-124.
  25. P. Sun, Q. Shen, L. Gu, Y. Li, S. Qing, and Z. Chen, "Multilateral security architecture for virtualization platform in multi-tenancy cloud environment," in IEEE Conference Anthology, China, 2013, pp. 1-5.
  26. H. Aljahdali, P. Townend, and J. Xu, "Enhancing multi-tenancy security in the cloud IaaS model over public deployment," in Proceedings of 2013 IEEE 7th International Symposium on Service Oriented System Engineering (SOSE), Redwood City, CA, 2013, pp. 385-390.
  27. A. A. Almutairi, M. I. Sarfraz, S. Basalamah, W. G. Aref, and A. Ghafoor, "A distributed access control architecture for cloud computing," IEEE Software, vol. 29, no. 2, pp. 36-44, 2011. https://doi.org/10.1109/MS.2011.153
  28. F. X. Standaert, "Introduction to side-channel attacks," in Secure Integrated Circuits and Systems. New York, NY: Springer, pp. 27-42, 2010.
  29. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds," in Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, 2009, pp. 199-212.
  30. R. Chiang, S. Rajasekaran, N. Zhang, and H. Huang, "Swiper: exploiting virtual machine vulnerability in thirdparty clouds with competition for I/O resources," IEEE Transactions on Parallel and Distributed Systems, vol. 26, no. 6, pp. 1732-1742, 2014.
  31. V. Varadarajan, T. Kooburat, B. Farley, T. Ristenpart, and M. M. Swift, "Resource-freeing attacks: improve your cloud performance (at your neighbor's expense)," in Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh, NC, 2012, pp. 281-292.
  32. C. Momm and W. Theilmann, "A combined workload planning approach for multi-tenant business applications," in Proceedings of 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops (COMPSACW), Munich, Germany, 2011, pp. 255-260.
  33. S. Luo, Z. Lin, X. Chen, Z. Yang, and J. Chen, "Virtualization security for cloud computing service," in Proceedings of 2011 International Conference on Cloud and Service Computing (CSC), Hong Kong, 2011, pp. 174-179.
  34. L. Abate, "Top 5 security challenges of cloud storage," 2010; http://www.nasuni.com/89-top_5_security_challenges_of_cloud_storage/.
  35. Y. Peng, W. Zhao, F. Xie, Z. Dai, Y. Gao, and D. Chen, "Secure cloud storage based on cryptographic techniques," The Journal of China Universities of Posts and Telecommunications, vol. 19, sup. 2, pp. 182-189, 2012. https://doi.org/10.1016/S1005-8885(11)60424-X
  36. A. Bessani, M. Correia, B. Quaresma, F. Andre, and P. Sousa, "DepSky: dependable and secure storage in a cloudof-clouds," ACM Transactions on Storage (TOS), vol. 9, no. 4, article no. 12, 2013.
  37. G. Danezis and B. Livshits, "Towards ensuring client-side computational integrity," in Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, Chicago, IL, 2011, pp. 125-130.
  38. B. R. Sekhar, B, S. Kumar, L. S. Reddy, and V. PoornaChandar, "CP-ABE based encryption for secured cloud storage access," International Journal of Scientific & Engineering Research, vol. 3, no. 9, pp. 1-5, 2012.
  39. S. El-etriby, E. M. Mohamed, and H. S. Abdul-kader, "Modern encryption techniques for cloud computing," in Proceedings of International Conference on Communications and Information Technology (ICCIT2012), Hammamet, Tunisia, 2012, pp. 800-805..
  40. S. Sajithabanu and E. G. P. Raj, "Data storage security in cloud," IJCST, vol. 2, no. 4, pp. 436-440, 2011.
  41. A. A. Atayero and O. Feyisetan, "Security issues in cloud computing: the potentials of homomorphic encryption," Journal of Emerging Trends in Computing and Information Sciences, vol. 2, no 10, pp. 546-552, 2011.
  42. C. Wang, Q. Wang, K. Ren, and W. Lou, "Ensuring data storage security in cloud computing," in Proceedings of 17th International Workshop on Quality of Service (IWQoS), Charleston, SC, 2009, pp. 1-9.
  43. C. Wang, N. Cao, K. Ren, and W. Lou, "Enabling secure and efficient ranked keyword search over outsourced cloud data," IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 8, pp. 1467-1479, 2012. https://doi.org/10.1109/TPDS.2011.282
  44. Y. Song, H. Kim, and A. Mohaisen, "A private walk in the clouds: Using end-to-end encryption between cloud applications in a personal domain," in Trust, Privacy, and Security in Digital Business. Switzerland, Springer International Publishing, pp. 72-82, 2014.
  45. A. O. Joseph, J. W. Kathrine, and R. Vijayan, "Cloud security mechanisms for data protection: a survey," International Journal of Multimedia and Ubiquitous Engineering, vol. 9, no. 9, pp. 81-90, 2014. https://doi.org/10.14257/ijmue.2014.9.9.09
  46. S. J. Yang, P. C. Lai, and J. Lin, "Design role-based multitenancy access control scheme for cloud services," in Proceedings of 2013 International Symposium on Biometrics and Security Technologies (ISBAST), Chengdu, China, 2013, pp. 273-279.
  47. S. Yu, C. Wang, K. Ren, and W. Lou, "Achieving secure, scalable, and fine-grained data access control in cloud computing," in Proceedings 2010 IEEE INFOCOM, San Diego, CA, 2010, pp. 1-9.
  48. K. Scarfone, M. Souppaya, and P. Hoffman, Guide to Security for Full Virtualization Technologies. Gaithersburg, MD: National Institute of Standards and Technology, 2011.
  49. R. Weber, EDP Auditing: Conceptual Foundations and Practice, 2nd ed. New York, NY: McGraw-Hill, 1988.
  50. C. Wang, K. Ren, W. Lou, and J. Li, "Toward publicly auditable secure cloud data storage services," IEEE Network, vol. 24, no. 4, pp. 19-24, 2010. https://doi.org/10.1109/MNET.2010.5510914
  51. C. Wang, S. S. Chow, Q. Wang, K. Ren, and W. Lou, "Privacy-preserving public auditing for secure cloud storage," IEEE Transactions on Computers, vol. 62, no. 2, pp. 362-375, 2013. https://doi.org/10.1109/TC.2011.245
  52. T. A. Parker, "A secure European system for applications in a multi-vendor environment (the SESAME project)," in Information Security. London: Chapman & Hall, pp. 139-156, 1993.
  53. N. Y. Lee and Y. K. Chang, "Hybrid provable data possession at untrusted stores in cloud computing," in Proceedings of 2011 IEEE 17th International Conference on Parallel and Distributed Systems (ICPADS), Tainan, 2011, pp. 638-645.
  54. C. C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, "Dynamic provable data possession," ACM Transactions on Information and System Security (TISSEC), vol. 17, no. 4, article no. 15, 2015.
  55. M. T. Goodrich, R. Tamassia, and A. Schwerin, "Implementation of an authenticated dictionary with skip lists and commutative hashing," in Proceedings of DARPA Information Survivability Conference & Exposition II (DISCEX'01), Anaheim, CA, 2001, pp. 68-82.
  56. Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, "Enabling public verifiability and data dynamics for storage security in cloud computing," in Proceedings of 14th European Symposium on Research in Computer Security, Saint-Malo, France, 2009, pp. 355-370.
  57. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," ACM SIGOPS Operating Systems Review, vol. 37, no. 5, pp. 164-177, 2003. https://doi.org/10.1145/1165389.945462
  58. H. Raj, R. Nathuji, A. Singh, and P. England, "Resource management for isolation enhanced cloud services," in Proceedings of the 2009 ACM Workshop on Cloud Computing Security, Chicago, IL, 2009, pp. 77-84.
  59. A. Gulati, A. Merchant, and P. J. Varman, "mClock: handling throughput variability for hypervisor IO scheduling," in Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, Vancouver, Canada 2010, pp. 1-7.
  60. B. Verghese, A. Gupta, and M. Rosenblum, "Performance isolation: sharing and isolation in shared-memory multiprocessors," ACM SIGPLAN Notices, vol. 33, no. 11, pp. 181-192, 1998. https://doi.org/10.1145/291006.291044
  61. A. Shieh, S. Kandula, A. Greenberg, and C. Kim, "Seawall: performance isolation for cloud datacenter networks," in Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, Boston, MA, 2010.
  62. N. Rafique, W. T. Lim, and M. Thottethodi, "Effective management of DRAM bandwidth in multicore processors," in Proceedings of 16th International Conference on Parallel Architecture and Compilation Techniques (PACT2007), Brasov, Romania, 2007, pp. 245-258.
  63. K. J. Nesbit, J. Laudon, and J. E. Smith, "Virtual private caches," ACM SIGARCH Computer Architecture News, vol. 35, no. 2, pp. 57-68, 2007. https://doi.org/10.1145/1273440.1250671
  64. S. Jeuk, S. Zhou, and M. Rio, "Tenant-id: tagging tenant assets in cloud environments," in Proceedings of 2013 13th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), Delft, the Netherlands, 2013, pp. 642-647.
  65. M. Factor, D. Hadas, A. Hamama, N. Har'El, E. K. Kolodner, A. Kurmus, A. Shulman-Peleg, and A. Sorniotti, "Secure logical isolation for multi-tenancy in cloud storage," in Proceedings of 2013 IEEE 29th Symposium on Mass Storage Systems and Technologies (MSST), Long Beach, CA, 2013, pp. 1-5.
  66. L. Q. Tian, C. Lin, and Y. Ni, "Evaluation of user behavior trust in cloud computing," in Proceedings of 2010 International Conference on Computer Application and System Modeling (ICCASM), Taiyuan, China, 2010, pp. 567-572.
  67. H. Sato, A. Kanai, and S. Tanimoto, "A cloud trust model in a security aware cloud," in Proceedings of 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT), Seoul, Korea, 2010, pp. 121-124.
  68. Z. Yang, X. Qin, Y. Yang, and W. Li, "A new dynamic trust approach for cloud computing," in Proceedings of the International Workshop on Cloud Computing and Information Security (CCIS2013), Shanghai, China, 2013.
  69. S. K. Prajapati, S. Changder, and A. Sarkar, "Trust management model for cloud computing environment," in Proceedings of the International Conference on Computing, Communication and Advanced Network (ICCCAN2013), Nassau, Bahamas, 2013, pp. 1-5.
  70. X. Sun, G. Chang, and F. Li, "A trust management model to enhance security of cloud computing environments," in Proceedings of 2011 Second International Conference on Networking and Distributed Computing (ICNDC), Beijing, China, 2011, pp. 244-248.
  71. Q. Guo, D. Sun, G. Chang, L. Sun, and X. Wang, "Modeling and evaluation of trust in cloud computing environments," in Proceedings of 2011 3rd International Conference on Advanced Computer Control (ICACC), Harbin, China, 2011 pp. 112-116.
  72. X. Y. Li, L. T. Zhou, Y. Shi, and Y. Guo, "A trusted computing environment model in cloud architecture," in Proceedings of 2010 International Conference on Machine Learning and Cybernetics (ICMLC), Qingdao, China, 2010, pp. 2843-2848.
  73. Z. Yang, L. Qiao, C. Liu, C. Yang, and G. Wan, "A collaborative trust model of firewall-through based on Cloud Computing," in Proceedings of 2010 14th International Conference on Computer Supported Cooperative Work in Design (CSCWD), Shanghai, China, 2010, pp. 329-334.
  74. J. Fu, C. Wang, Z. Yu, J. Wang, and J. G. Sun, "A watermark- aware trusted running environment for software clouds," in Proceedings of 2010 Fifth Annual ChinaGrid Conference (ChinaGrid), Guangzhou, China, 2010, pp. 144-151.
  75. W. Itani, A. Kayssi, and A. Chehab, "Hardware-based security for ensuring data privacy in the cloud," in Security Engineering for Cloud Computing: Approaches and Tools: Approaches and Tools. Hershey, PA: IGI Global, pp. 147-170, 2013.
  76. Trusted computing Group, "Trusted computing," http://www.trustedcomputinggroup.org/trusted_computing.
  77. M. Achemlal, S. Gharou, and C. Gaber, "Trusted platform module as an enabler for security in cloud computing," in Proceedings of 2011 Conference on Network and Information Systems Security (SAR-SSI), La Rochelle, France, 2011, pp. 1-6.
  78. E. Ghazizadeh, M. Zamani, J. L. Ab Manan, and M. Alizadeh, "Trusted computing strengthens cloud authentication," The Scientific World Journal, vol. 2014, article id. 260187, 2014.
  79. CloudAudit Working Group, https://cloudsecurityalliance.org/group/cloudaudit/.
  80. Z. Zhang and Q. Wen, "An authorization model for multitenancy services in cloud," in Proceedings of 2012 IEEE 2nd International Conference on Cloud Computing and Intelligent Systems (CCIS), Hangzhou, China, pp. 260-263.
  81. N. H. Bien and T. D. Thu, "Hierarchical multi-tenant pattern," in Proceedings of 2014 International Conference on Computing, Management and Telecommunications (ComManTel), Da Nang, Vietnam, 2014, pp. 157-164.
  82. V. Goyal, A. Jain, O. Pandey, and A. Sahai, "Bounded ciphertext policy attribute based encryption," in Automata, Languages and Programming. Heidelberg, Germany: Springer, pp. 579-591, 2008.
  83. D. A. Osvik, A. Shamir, and E. Tromer, "Cache attacks and countermeasures: the case of AES," in Topics in Cryptology-CT-RSA 2006. Heidelberg, Germany: Springer, pp. 1-20, 2006.
  84. D. Page, "Theoretical use of cache memory as a cryptanalytic side-channel," Department of Computer Science, University of Bristol, UK, 2002.
  85. D. Page, "Defending against cache-based side-channel attacks," Information Security Technical Report, vol. 8, no. 1, pp. 30-44, 2003. https://doi.org/10.1016/S1363-4127(03)00104-3
  86. D. Page, "Partitioned cache architecture as a side-channel defence mechanism," Department of Computer Science, University of Bristol, UK, 2005.
  87. C. Percival, "Cache missing for fun and profit," 2005; http://css.csail.mit.edu/6.858/2011/readings/ht-cache.pdf.
  88. S. M. Habib, S. Hauke, S. Ries, and M. Muhlhauser, "Trust as a facilitator in cloud computing: a survey," Journal of Cloud Computing, vol. 1, no. 1, pp. 1-18, 2012. https://doi.org/10.1186/2192-113X-1-1
  89. S. De Capitani Di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, "Over-encryption: management of access control evolution on outsourced data," in Proceedings of the 33rd International Conference on Very Large Data Bases, Vienna, Austria, 2007, pp. 123-134.
  90. Y. Liu, J. Ryoo, and S. Rizvi, "Ensuring data confidentiality in cloud computing: an encryption and trust-based solution," in Proceedings of 2014 23rd Wireless and Optical Communication Conference (WOCC), Newark, NJ, 2014, pp. 1-6.
  91. L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen, and A. V. Vasilakos, "Security and privacy for storage and computation in cloud computing," Information Sciences, vol. 258, pp. 371-386, 2014. https://doi.org/10.1016/j.ins.2013.04.028
  92. L. Wei, H. Zhu, Z. Cao, W. Jia, and A. V. Vasilakos, "Seccloud: bridging secure storage and computation in cloud," in Proceedings of 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops (ICDCSW), Genova, Italy, 2010, pp. 52-61.

피인용 문헌

  1. A survey on cloud computing security: Issues, threats, and solutions vol.75, 2016, https://doi.org/10.1016/j.jnca.2016.09.002
  2. The Effective Ransomware Prevention Technique Using Process Monitoring on Android Platform vol.2016, 2016, https://doi.org/10.1155/2016/2946735
  3. Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms vol.111, 2017, https://doi.org/10.1016/j.comcom.2017.07.006
  4. Cloud computing capability: its technological root and business impact vol.28, pp.3, 2018, https://doi.org/10.1080/10919392.2018.1480926
  5. An Effective Sensor Cloud Control Scheme Based on a Two-Stage Game Approach vol.6, pp.2169-3536, 2018, https://doi.org/10.1109/ACCESS.2018.2815578