CFP last date
20 January 2025
Reseach Article

Cloud Computing Security Aspects, Vulnerabilities and Countermeasures

by Sarang V. Hatwar, R. K. Chavan
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 119 - Number 17
Year of Publication: 2015
Authors: Sarang V. Hatwar, R. K. Chavan
10.5120/21163-4218

Sarang V. Hatwar, R. K. Chavan . Cloud Computing Security Aspects, Vulnerabilities and Countermeasures. International Journal of Computer Applications. 119, 17 ( June 2015), 46-53. DOI=10.5120/21163-4218

@article{ 10.5120/21163-4218,
author = { Sarang V. Hatwar, R. K. Chavan },
title = { Cloud Computing Security Aspects, Vulnerabilities and Countermeasures },
journal = { International Journal of Computer Applications },
issue_date = { June 2015 },
volume = { 119 },
number = { 17 },
month = { June },
year = { 2015 },
issn = { 0975-8887 },
pages = { 46-53 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume119/number17/21163-4218/ },
doi = { 10.5120/21163-4218 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:04:52.890086+05:30
%A Sarang V. Hatwar
%A R. K. Chavan
%T Cloud Computing Security Aspects, Vulnerabilities and Countermeasures
%J International Journal of Computer Applications
%@ 0975-8887
%V 119
%N 17
%P 46-53
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Security issue in cloud computing is an active area of research. Thousands of users are connecting to a cloud daily for their day to day work. Unfortunately they are ignorant about the risk involved while doing transactions on the internet. End user systems as well as cloud based data centers must be able to overcome the threats due to Viruses, Trojan and Malware etc. This paper highlights the major security threats in cloud computing system and introduce the most suitable countermeasures for these threats. Threats are classified according to different perspectives, providing a list of threats. In this article some effective countermeasures are enlisted and discussed.

References
  1. R. Burnside, 1987. Electronic Communications Privacy Act of 1986: The Challenge of Applying Ambiguous Statutory Language to Intricate Telecommunication Technologies. The Rutgers Computer & Tech. LJ.
  2. David Linthicum, chief technology officer of Blue Mountain Labs, http://www. ebizq. net/blogs/cloudsoa/ 2010/06/top-10-reasons-to-use-and-not-use-cloud-computing. php
  3. N Santos, K Gummadi, R Rodrigues, 2009. Towards Trusted Cloud Computing. In Proc. of the conference on Hot Topics in Cloud Computing, USA.
  4. H Kim, H Lee, W Kim, Y Kim, 2010. A Trust Evaluation Model for QoS Guarantee in Cloud Systems. In Proceedings of the International Journal of Grid and Distributed Computing.
  5. Z Yang, L Qiao, C Liu, C Yang, G Wan, 2010. A Collaborative Trust Model of Firewall-through based on Cloud Computing. In Proceedings of the 14th International Conference on Computer Supported Cooperative Work in Design, China.
  6. M Ahmed, Y Xiang, S Ali, 2010. Above the Trust and Security in Cloud Computing: A Notion towards Innovation. In Proceedings of the IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, Australia.
  7. Paolo Bonzini, November 12, 2014. http://www. linuxk vm. org/page/Main_Page
  8. Minqi Z, Rong Z, Wei X, Weining Q, Aoying Z, 2010. Security and Privacy in Cloud Computing: A Survey. In Proceedings of the Sixth international conference on Semantics Knowledge and Grid (SKG).
  9. Siani Pearson, 2009. Taking Account of Privacy when Designing Cloud Computing Services. In Proceedings of the ICSE Workshop on Software Engineering Challenges of Cloud Computing.
  10. S Ghemawat, H Gobioff, and S. Leung, 2003. The Google file system. In Proceedings of the 19th Symposium on Operating Systems Principles.
  11. Yahoo! Hadoop distributed file system architecture, 2008. http://hadoop. apache. org/common/docs/current/hdfs_design. html
  12. Nida, Pinki, Harsh Dhiman, 2014. A survey on Identity and Access Management in Cloud Computing. In Proceeding of International Journal of Engineering & Technology (IJERT).
  13. T Mather, S Kumaraswamy, S Latif, 2009. Cloud Security and Privacy: An Enterprise perspective of Risks and Compliance. O'Reilly Media, Inc.
  14. Coud Sercurity Alliance, 2010. Top Threats to Cloud Computing.
  15. J Chen, C Guo, 2006. Online detection and prevention of phishing attacks. In Proceedings of the First international conference on communications and networking, China.
  16. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel,and G. Vigna. Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In Proceedings of the Network and Distributed System.
  17. S Luo, Z Lin, X Chen, Z Yang, J Chen, 2011. Virtualization security for cloud computing services. In Proceedings of the Int. Conference on Cloud and Service Computing.
  18. Paolo Bonzini, https://lwn. net/Articles/619332/
  19. V Ashktorab, Seyed Taghizadeh, 2012. Security threats and countermeasure in cloud computing. In Proceedings of the International journal of application or innovation in engineering and management.
  20. John E. Dunn, 2009. Spammers break Hotmail's CAPTCHA yet again. Tech-world.
  21. J S Reuben, 2007. A Survey on Virtual Machine Security. Seminar of Network Security, Helsinki University of Technology.
  22. G. von Laszewski, J. Diaz, F. Wang, and G. C. Fox, 2012. Comparison of multiple cloud frameworks. In Proceedings of the 5th Int. Conf. on Cloud Computing.
  23. Abu Shohel Ahemad, Ericsson Technology, Robert Clark, HP Technology, 2014. Identifying Security Issues in OpenStack. In Proc. of OpenStack Summit.
  24. Char Sample, Senior Scientist, BBN Technologies, Diana Kelley, Partner, Security Curve. Cloud computing security: Routing and DNS security threats.
  25. D. Gollmann, 2008. Securing Web Applications. Information Security Technical Report.
  26. M Louw, V. N. Venkatakrishnan, 2009. BluePrint: Robust Prevention of Cross-Site scripting attacks for existing browsers. In Proceedings of the 30th IEEE Symposium on Security and Privacy.
  27. Travis Waldo, IT Auditor, NIGC. Information Technology Security: The Changing Threat Environment.
  28. Z Trabelsi, H Rahmani, K Kaouech, M Frikha, 2004. Malicious Sniffing System Detection Platform. In Proceedings of the International Symposium on Applications and the Internet (SAINT'04).
  29. Eric Ogren, 2009. Whitelists SaaS modify traditional security, tackle flaws.
  30. G Singh, A Sharma, M S Lehal, 2011. Security Apprehensions in Different Regions of Cloud Captious Grounds. In Proceedings of the International Journal of Network Security & Its Applications (IJNSA).
  31. A Liu, Yi Yuan, D Wijesekera, and Anglos Stavroun, 2009. SQLProb: A Proxy-based Architecture towards Preventing SQL Injection Attacks. In Proceedings of the SAC.
  32. K. Vieira, A. Schulter, C. B. Westphall, and C. M. Westphall, 2010. Intrusion detection techniques for Grid and Cloud Computing Environment. In Proceedings of the IEEE Computer Society.
  33. R Lua and K C Yow, 2011. Mitigating DDoS Attacks with Transparent and Intelligent Fast-Flux Swarm Network. In Proceedings of the IEEE Network.
  34. R. Gellman, 2009. Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing.
  35. A Bakshi, Yogesh B. , 2010. Securing cloud from DDoS Attacks using Intrusion Detection System in Virtual Machine. In Proceedings of the Second International Conference on Communication Software and networks.
  36. SNORT: An open source intrusion prevention system, https://www. snort. org/
  37. Claudio Mazzariello, Roberto Bifulco and Roberto Canonico, 2010. Integrating a Network IDS into an Open Source Cloud Computing Environment. In Proceedings of the Sixth International Conference on Information Assurance and Security, USA.
  38. D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff, and D. Zagorodnov, 2009. The Eucalyptus open-source cloud-computing system. In Proceedings of the 9th IEEE/ACM International Symposium on Cluster and Grid computing.
  39. F Lombardi, R Pietro, 2011. Secure Virtualization for Cloud Computing. In Proceedings of the Journal of Network and Computer Applications. Academic Press Ltd. London, UK.
  40. H Wu, Yi Ding, C Winer, Li Yao, 2010. Network Security for Virtual Machines in Cloud Computing. In Proceedings of the 5th Int'l Conference on Computer Sciences and Convergence Information Technology, Seoul.
  41. Security Notes by OpenStack Security Group (OSSG), https://wiki. openstack. org/wiki/Security_Notes.
  42. R Khan, J Ylitalo, A Ahmed, 2011. OpenID Authentication As A Service in OpenStack. In Proceedings of the 7th International Conference on Information Assurance and Security.
Index Terms

Computer Science
Information Sciences

Keywords

Cloud computing security vulnerabilities/threats and countermeasures.