International Journal of Computer Science & Network Security

국제컴퓨터통신보호논문지학회 (International Journal of Computer Science & Network Security)
권호 표지
DOI QR코드

DOI QR Code

Cloud Security and Privacy: SAAS, PAAS, and IAAS

  • 투고 : 2024.03.05
  • 발행 : 2024.03.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

키워드

참고문헌

  1. ANAS, M., IMAM, R. and ANWER, F., 2022, January. Elliptic curve cryptography in cloud security: a survey. In 2022 12th International Conference on Cloud Computing, Data Science & Engineering (Confluence) (pp. 112-117). IEEE. 
  2. AL NAFEA, R., and ALMAIAH, MA, (2021, July). Cyber security threats in the cloud: A literature review. In 2021 International Conference on Information Technology (ICIT) (pp. 779-786). IEEE. 
  3. DENG, H., QIN, Z., WU, Q., GUAN, Z., DENG, R.H., WANG, Y. and ZHOU, Y., 2020. Identity-based encryption transformation for flexible sharing of encrypted data in the public cloud. IEEE Transactions on Information Forensics and Security, 15, pp.3168-3180.  https://doi.org/10.1109/TIFS.2020.2985532
  4. GIRS, S., SENTILLES, S., ASADOLLAH, SA, ASHJAEI, M. and MUBEEN, S. (2020). A systematic literature study on the definition and modeling of service-level agreements for cloud services in IoT. IEEE Access, 8, pp.134498-134513.  https://doi.org/10.1109/ACCESS.2020.3011483
  5. GROZEV, N. and BUYYA, R., 2014. Inter-Cloud architectures and application brokering taxonomy and survey. Software: Practice and Experience, 44(3), pp.369-390.  https://doi.org/10.1002/spe.2168
  6. HASAN, M.M. and RAHMAN, M.A., 2020. A signaling game approach to mitigate co-resident attacks in an IaaS cloud environment. Journal of Information Security and Applications, 50, p.102397. 
  7. IQBAL, S., KIAH, M.L.M., ANUAR, N.B., DAGHIGHI, B., WAHAB, A.W.A. and KHAN, S., 2016. Service delivery models of cloud computing: security issues and open challenges. Security and Communication Networks, 9(17), pp.4726-4750.  https://doi.org/10.1002/sec.1585
  8. KHAN, S., GANI, A., WAHAB, A.W.A., BAGIWA, M.A., SHIRAZ, M., KHAN, S.U., BUYYA, R. and ZOMAYA, A.Y., 2016. Cloud log forensics: Foundations, state of the art, and future directions. ACM Computing Surveys (CSUR), 49(1), pp.1-42. 
  9. KHAN, S. U., KHAN, H. U., ULLAH, N., and KHAN, R. A. (2021). Challenges and Their Practices in Adoption of Hybrid Cloud Computing: An Analytical Hierarchy Approach. Security and Communication Networks, 2021, 1-20. 
  10. KIM, D. and VOUK, MA, (2014, December). A survey of common security vulnerabilities and corresponding countermeasures for SaaS. In 2014 IEEE Globecom Workshops (GC Wkshps) (pp. 59-63). IEEE. 
  11. KONG, L., LI, Q. and ZHENG, X., 2010, November. A novel model supporting customization sharing in SaaS applications. In 2010 international conference on multimedia information networking and security (pp. 225-229). IEEE. 
  12. KUMAR, A., LEE, BG, LEE, H. and KUMARI, A., 2012, October. Secure storage and access of data in cloud computing. In 2012 International Conference on ICT Convergence (ICTC) (pp. 336-339). IEEE. 
  13. LIU, Z., 2013, September. A secure, anonymous identity-based access control over cloud data. In 2013 Fourth International Conference on Emerging Intelligent Data and Web Technologies (pp. 292-295). IEEE. 
  14. MODI, C., PATEL, D., BORISANIYA, B., PATEL, A. and RAJARAJAN, M., 2013. A survey on security issues and solutions at different layers of Cloud computing. The Journal of Supercomputing, 63, pp.561-592.  https://doi.org/10.1007/s11227-012-0831-5
  15. RAMACHANDRA, G., IFTIKHAR, M. and KHAN, F.A., 2017. A comprehensive survey on security in cloud computing. Procedia Computer Science, 110, pp.465-472.  https://doi.org/10.1016/j.procs.2017.06.124
  16. TABRIZCHI, H. and KUCHAKI RAFSANJANI, M., 2020. A survey on security challenges in cloud computing: issues, threats, and solutions. The Journal of Supercomputing, 76(12), pp.9493-9532.  https://doi.org/10.1007/s11227-020-03213-1
  17. WEN, P.X. and DONG, L., 2013, September. Quality model for evaluating SaaS service. In 2013 Fourth international conference on emerging intelligent data and web technologies (pp. 83-87). IEEE.