Cloud Computing Security: A Survey
Top Cited Papers
Open Access
- 3 February 2014
- Vol. 3 (1), 1-35
- https://doi.org/10.3390/computers3010001
Abstract
Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.Keywords
This publication has 16 references indexed in Scilit:
- A survey on vehicular cloud computingJournal of Network and Computer Applications, 2014
- An analysis of security issues for cloud computingJournal of Internet Services and Applications, 2013
- A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computingFuture Generation Computer Systems, 2012
- Addressing cloud computing security issuesFuture Generation Computer Systems, 2012
- Toward Secure and Dependable Storage Services in Cloud ComputingIEEE Transactions on Services Computing, 2011
- Cloud Computing RoundtableIEEE Security & Privacy, 2010
- ELMO: Energy Aware Local Monitoring in Sensor NetworksIEEE Transactions on Dependable and Secure Computing, 2010
- Comparison of the three CPU schedulers in XenACM SIGMETRICS Performance Evaluation Review, 2007
- Using thematic analysis in psychologyQualitative Research in Psychology, 2006
- The Status of Method: Flexibility, Consistency and CoherenceQualitative Research, 2003