Skip to main content
Springer Nature Link
Log in

Security and service assurance issues in Cloud environment

  • Original Article
  • Published:
International Journal of System Assurance Engineering and Management Aims and scope Submit manuscript

Abstract

Cloud security and service assurance is a wide research area with an unrestrained amount of apprehensions, ensuring equipment and stage innovations, to secure information and asset access. In spite of the colossal advantages of Cloud computing paradigm, the security and service concerns have consistently been the center of various Cloud clients and obstruction to its extensive acceptance. The paper reports a meticulous review in the field of Cloud computing with a focus on the security risk assessment and service assurance. This effort will serve as a ready reckoner to the research aspirants to encompass a general thought of the risk factors in security and the service assurance in a Cloud environment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  • Abraham A, Thomas J, Ghinea G (2003) Mining network quality of service for human computer interaction using neural networks. In: Proceedings of the 10th International Conference on Human–Computer Interaction; 2003 Jun 23–27; Crete, Greece; p 1193–1197

  • Ayala L, Vega M, Vargas L (2013) Emerging threats, risk and attacks in distributed systems: Cloud computing. Lect Notes Electr Eng 152:37–52

    Article  Google Scholar 

  • Balepin I, Maltsev S, Rowe J, Levitt K (2003) Using specification-based intrusion detection for automated response. Lect Notes Comput Sci 2820:136–154

    Article  Google Scholar 

  • Barron C,Yu H, Zhan J (2013) Cloud computing security case studies and research. In: Proceedings of World Congress on Engineering, 2013 Jul 3–5; London, UK; pp 1–5

  • Bellovin S, Blaze M, Diffie W, Landau S, Neumann P, Rexford J (2008) Risking communications security: potential hazards of the protect America act. IEEE Secur Priv 6(1):24–33

    Article  Google Scholar 

  • Bisong A, Rahman S (2011) An overview of the security concerns in enterprise Cloud computing. Int J Netw Secur Appl 3(1):30–45

    Google Scholar 

  • Brown E (2012) NIST issues Cloud computing guidelines for managing security and privacy: National Institute of Standards and Technology Special Publication; 2012. p. Report No.: 800-144

  • Chen D, Zhao H (2012) Data Security and privacy protection issues in Cloud computing. In: Proceedings of International Conference Computer Science and Electronics Engineering, 2012 Mar 23–25; Hangzhou; pp 647–651

  • Chhetri M, Vo Q, Kowalczyk R (2012) Policy-based automation of SLA establishment for Cloud computing services. 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing; 2012 May 13–16; Ottawa, Canada; pp 164–171

  • Cloud Security Alliance CSA: The Notorious Nine Cloud Computing Threats, 2013; pp 1–21. https://cloudsecurityalliance.org/ download/the-notorious-nine-Cloud-computing-top-threats-in-2013/

  • Cronin E, Sherr M, Blaze M (2008) On the (un)reliability of eavesdropping. Int J Secur Netw 3(2):103–113

    Article  Google Scholar 

  • Dahbur K, Mohammad B (2011) A survey of risks, threats and vulnerabilities in Cloud computing. In: Proceedings of International Conference on Intelligent Semantic Web-Services and Applications, 2011 Apr. 18–20; Amman, Jordan; pp 1–6

  • Debar H, Dacier M, Wespi A (1999) Towards a taxonomy of intrusion-detection systems. Comput Netw Int J Comput Telecommun Netw 31(8):805–822

    Google Scholar 

  • Deshpande P, Sharma S. Peddoju S, Abraham A (2013) Distributed port scan attack in Cloud environment. In: Proceedings of the Fifth International Conference on Computational Aspects of Social Networks, 2013 Aug 12–14; Fargo, ND; pp 27–31

  • Deshpande P, Sharma S, Sateeshkumar P, Junaid S (2014a) HIDS: an host based intrusion detection system. Int J Syst Assur Eng Manag. doi:10.1007/s13198-014-0277-7

    Google Scholar 

  • Deshpande P, Sharma S, Peddoju S (2014b) Implementation of a private Cloud: a case study. Adv Int Syst Comput 259:635–647

    Google Scholar 

  • Goudarzi H, Ghasemazar M, Pedram M (2012) SLA-based optimization of power and migration cost in Cloud computing. 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing; 2012 May 13–16; Ottawa, Canada; pp 172–179

  • Harauz J, Kauifman M, Potter B (2009) Data security in the world of Cloud computing. IEEE Secur Priv 7(4):61–64

    Article  Google Scholar 

  • Hashizume K, Rosado D, Medina E, Fernandez E (2013) An analysis of security issues for Cloud computing. J Integr Serv Appl 4(5):1–13

    Google Scholar 

  • Ho J, Woo P, Ho E, Myoung C (2011) Multi-level intrusion detection system and log management in Cloud computing. In: Proceedings of 13th International Conference on Advanced Communication Technology, 2011 Feb 13–16; Seoul; pp 552–555

  • Hou Q, Xie Q, Li S (2016) The model of information security risk assessment based on advanced evidence theory. Int J Syst Assur Eng Manag. doi:10.1007/s13198-016-0424-4

    Google Scholar 

  • Iyengar S, Ganapathy G, Kumar M, Abraham A (2014) A multilevel thrust filtration defending mechanism against DDoS attacks in Cloud computing environment. Int J Grid Util Comput 5(4):236–248

    Article  Google Scholar 

  • Jansen W, Grance T (2011) Guidelines on security and privacy in public Cloud computing, 2011 Dec 09. p. NIST SP - 800-144

  • Julisch K, Hall M (2010) Security and control in the Cloud. Inf Secur J Glob Perspect 19(6):299–309

    Article  Google Scholar 

  • Kalyanaraman R (2007) A rule based static configuration validation technique in an autonomous distributed environment. In: Proceedings of Second International Conference on Systems, 2007 Apr 22–28; Martinique; p 53

  • Karlin J, Forrest S, Rexford J (2008) Autonomous security for autonomous systems. Comput Netw: Int J Comput Telecommun 52(15):2908–2923

    Article  MATH  Google Scholar 

  • Kaufman L (2009) Data security in the world of Cloud computing. IEEE Secur Priv 7(4):61–64

    Article  Google Scholar 

  • Khajeh A, Sommerville I, Bogaerts J, Teregowda P (2011) Decision support tools for Cloud migration in the enterprise. In: Proceedings of IEEE International Conference on Cloud Computing, 2011 July 4–9; Washington, DC; pp 541–548

  • Kim J, Tong L, Thomas R (2014) Data framing attack on state estimation. IEEE J Sel Areas Commun 32(7):1460–1470

    Article  Google Scholar 

  • Kruegel C, Valeur F, Vigna G (2005) Intrusion detection and correlation-challenges and solutions. Advances in information security. Springer, New York

    MATH  Google Scholar 

  • Lo C, Huang C, Ku J (2010) A cooperative IDS framework for Cloud computing network. In: Proceedings of 39th International Conference on parallel processing workshops, 2010 Sep 13–16; San Diego, CA; pp 280–284

  • Noureddin A, Damodaran M (2008) Security in Web 2.0 application development. In: Proceedings of the 10th International Conference on Information Integration and Web-based Applications and Services, 2008 Nov 24–26; Linz, Austria; pp 681–685

  • Oberle K, Cherubini D, Cucinotta T (2013) End-to-end service quality for Cloud applications. Lect Notes Comput Sci 8193:228–243

    Article  Google Scholar 

  • Ostermann S, Iosup A, Yigitbasi N, Prodan R, Fahringer T, Eperna D (2010) A performance analysis of EC2 Cloud computing services for scientific computing. LNICST 34:115–131

    Google Scholar 

  • Pengye X, Gary S (2010) Distributed joint optimization of traffic engineering and server selection. In: Proceedings of 18th International Packet Video Workshop, 2010 Dec 13–14; Hong Kong; pp 86–93

  • Rane P Securing SaaS applications: A Cloud security perspective for application providers [Internet]. http://www.Infosectoday.com/Articles/Securing_SaaS_Applications.htm

  • Ren K, Wang C, Wang Q (2012) Security challenges for the public Cloud. IEEE J Internet Comput 16(1):69–73

    Article  Google Scholar 

  • Rosado D, Gomez R, Mellado D, Medina E (2012) Security analysis in the migration to Cloud environment. J Future Internet 4(2):469–487

    Article  Google Scholar 

  • Shangguang W, Zhipiao L, Qibo S, Hua Z, Fangchun Y (2014) Towards an accurate evaluation of quality of Cloud service in service-oriented Cloud computing. J Intell Manuf 25(2):283–291

    Article  Google Scholar 

  • Shanmughaneethi S, Shyni S, Swamynathan S (2009) SBSQLID: Securing web applications with service based SQL injection detection. In: Proceedings of International Conference on Advances in Computing, Control, & Telecommunication Technologies, 2009 Dec 28–29; Tiruanantpuram, India; pp 702–704

  • Sklavos N, Koufopavlou O (2004) Computer network security: report from MMM-ACNS. IEEE Secur Priv 2(1):49–52

    Article  Google Scholar 

  • Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of Cloud computing. J Netw Comput Appl 34(1):1–11

    Article  Google Scholar 

  • Takabi H, Joshi J, Ahn G (2010) Security and privacy challenges in Cloud computing environments. IEEE Secur Priv 8(6):24–31

    Article  Google Scholar 

  • Trabelsi Z, Rahemani H, Kamel K, Mounir M (2004) Malicious sniffing system detection platform. In: Proceedings of International Symposium on Applications and the Internet, 2004 Jan 26–30; Tokyo, Japan; pp 201–207

  • Tran H, Mellouk A, Perez J, Hoceini S, Zeadally S (2014) QoE-based server selection for content distribution networks. IEEE Trans Comput 63(11):2803–2815

    Article  MathSciNet  MATH  Google Scholar 

  • Verwoerd T, Hunt R (2002) Intrusion detection techniques and approaches. Comput Commun 25(15):1356–1365

    Article  Google Scholar 

  • Vieira K, Schulter A, Westphall C, Westphall C (2010) Intrusion detection techniques for Grid and Cloud computing environment. IT Prof 12(4):38–43

    Article  Google Scholar 

  • Wang L, Tao J, Kunze M, Castellanos A, Kramer D, Karl W (2008) Scientific Cloud computing: Early definition and experience. In: Proceedings of 10th IEEE International Conference on High Performance Computing and Communication, 2008 Sept 25–27; Dalian, Chaina; pp 825–830

  • Web2.0/SaaS Security, Tokyo Research Laboratory, IBM Research[Internet]. http://www.trl.ibm.com/projects/web20sec/web20sec_e.htm date accessed?

  • Wu L, Garg S, Buyya R (2011) SLA-based resource allocation for software as a service provider (SaaS) in Cloud computing environments. In: Proceedings of 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing; 2011 May 23–26; Newport, CA, USA; pp 195–204

  • Xu J, Zhengnan L, Shuqin L, Bin Q, Gexu T (2015) A Cloud-user behavior assessment based dynamic access control model. Int J Syst Assur Eng Manag. doi:10.1007/s13198-015-0411-1

    Google Scholar 

  • Yaar A, Perrig A, Song D (2006) StackPi: new packet marking and filtering mechanisms for DDoS and IP spoofing defense. IEEE J Sel Areas Commun 24(10):1853–1863

    Article  Google Scholar 

  • Youseff L, Seymour K, You H, Dongarra, J, Wolski R (2008) The impact of paravirtualized memory hierarchy on linear algebra computational kernels and software. In: Proceedings of the 17th International symposium on high performance distributed computing, 2008 Jun 23–27; Boston, MA; pp 141–152

  • Zhang X, Wuwong N, Hao L, Zhang X (2010) Information Security Risk Management Framework for the Cloud Computing Environments. In: Proceedings of 10th International Conference on Computer and Information Technology, 2010 Jul 1; Bradford; pp 1328–1334

Download references

Author information

Authors and Affiliations

  1. Department of Applied Science and Engineering, Indian Institute of Technology Roorkee, Roorkee, 247667, India

    Prachi Deshpande & S. C. Sharma

  2. Department of Computer Science and Engineering, Indian Institute of Technology Roorkee, Roorkee, 247667, India

    Sateesh K. Peddoju

  3. Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Ajith Abraham

  4. IT4Innovations - Center of Excellence, VSB -Tech. University of Ostrava, Ostrava, Czech Republic

    Ajith Abraham

Authors
  1. Prachi Deshpande
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. S. C. Sharma
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Sateesh K. Peddoju
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Ajith Abraham
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Prachi Deshpande.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Deshpande, P., Sharma, S.C., Peddoju, S.K. et al. Security and service assurance issues in Cloud environment. Int J Syst Assur Eng Manag 9, 194–207 (2018). https://doi.org/10.1007/s13198-016-0525-0

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13198-016-0525-0

Keywords