Potential Security Issues in Implementing IaaS and PaaS Cloud Service Models
Keywords:
Cloud computing, Cloud service model, Cyber security, Cyber-crime, Cloud security framework, Machine Learning, MITM, MITB, Microsoft Azure
Abstract
As the digital world evolves, so does potential problem
that computer users encounter. Cybersecurity threats
are still evolving and expanding. Unfortunately, most
computer users do not understand this properly. The
cloud models offered by various public cloud providers
remain concentrated on infrastructure resources,
application platforms, and software services despite the
recent increase in the popularity of cloud computing.
The first step in this study will be a literature review to
get an understanding of accessible cloud service
models. The papers chosen for the study spans 2010 to
2020. All data was gathered from pertinent and related
literature on cyber security and cloud computing. The
following tenets serve as the foundation for this
architecture. First, in the described architecture, the
perimeter scanner serves as the first entry point for
external cyberattacks. Firewall and other security layers
become next barriers if the attack can get past first layer.
On the other side, the machine learning system will
detect every successful assault that gets past the security
layers. As a result, there are numerous viewpoints and
categorization systems for diverse attacks. It is possible
to advance cyber security research in the context of
cloud technology by merging the results of existing
studies and developing international guiding
standards
References
Ahamed, F., Shahrestani, S., & Ginige, A. (2013). Cloud computing: Security and
reliability issues. Communications of the IBIMA, 2013, 1.
Alhenaki, L., Alwatban, A., Alahmri, B., & Alarifi, N. (2019). Security in cloud
computing: a survey. International Journal of Computer Science and Information
Security (IJCSIS), 17(4).
Aljumah, A., & Ahanger, T. A. (2020). Cyber security threats, challenges and defence
mechanisms in cloud computing. IET Communications, 14(7), 1185-1191.
Bhandari, P. (2020). A step-by-step guide to data collection. Scribbr.
https://www.scribbr.com/methodology/data-collection/
Campfield, M. (2021). Mind the gap: the cloud security skills shortage. Computer Fraud
& Security, 2021(8), 6-10.
Coppolino, L., D’Antonio, S., Mazzeo, G., & Romano, L. (2017). Cloud security:
Emerging threats and current solutions. Computers & Electrical
Engineering, 59, 126-140.
Curran, K., Carlin, S., & Adams, M. (2011). Cloud computing security. Journal of
Network Engineering, 37(1), 4069-4072.
Darwish, M., Ouda, A., & Capretz, L. F. (2013). Cloud-based DDoS attacks and
defenses. In International Conference on Information Society (i-Society 2013) (pp.
67-71). IEEE
De Donno, M., Giaretta, A., Dragoni, N., Bucchiarone, A., & Mazzara, M. (2019).
Cyber-storms come from clouds: Security of cloud computing in the IoT
era. Future Internet, 11(6), 127.
Evangelopoulou, M. (2021). Cyber Security Fundamentals (M).
Fitzek, F. H. P., Granelli, F., & Seeling, P. (2020). Network slicing. In Computing in
Communication Networks (1st ed., p. 71). Academic Press.
Forcepoint. (2019). What is Security as a Service (SECaaS)? Forcepoint.
https://www.forcepoint.com/cyber-edu/security-as-a-service-secaas
Fujs, D., Mihelič, A., & Vrhovec, S. L. (2019, August). The power of interpretation:
Qualitative methods in cybersecurity research. In Proceedings of the 14th
International Conference on Availability, Reliability and Security (pp. 1-10).
Google Cloud Tech. (2020). Google Data Center Security: 6 Layers Deep.
https://www.youtube.com/watch?v=kd33UVZhnAA
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An
analysis of security issues for cloud computing. J Internet Serv Appl 4 (1): 1–
13.
Hawedi, M., Talhi, C., & Boucheneb, H. (2018). Security as a service for public cloud
tenants (SaaS). Procedia computer science, 130, 1025-1030.
Help Net Security. (2021). What is the impact of remote work on security best
practices? Help Net Security.
https://www.helpnetsecurity.com/2021/06/24/remote-work-securitypractices/
Indu, I., Anand, P. R., & Bhaskar, V. (2018). Identity and access management in cloud
environment: Mechanisms and challenges. Engineering science and technology,
an international journal, 21(4), 574-588.
Iqbal, S., Kiah, M. L. M., Dhaghighi, B., Hussain, M., Khan, S., Khan, M. K., & Choo,
K. K. R. (2016). On cloud security attacks: A taxonomy and intrusion
detection and prevention as a service. Journal of Network and Computer
Applications, 74, 98-120.
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in
cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993.
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2009, September). On technical
security issues in cloud computing. In 2009 IEEE international conference on
cloud computing (pp. 109-116). Ieee.
Kaelin, M. (2019). How to create a cloud-based virtual network in Microsoft Azure.
TechRepublic. https://www.techrepublic.com/article/how-to-create-acloud-based-virtual-network-in-microsoft-azure/
Khan, M. A. (2016). A survey of security issues for cloud computing. Journal of network
and computer applications, 71, 11-29.
Kofahi, N. A., & Al-Rabadi, A. R. (2018). Identifying the top threats in cloud
computing and its suggested solutions: a survey. Networks, 6(1), 1-13
Makkawi, A. M., & Yousif, A. (2020). Machine Learning for Cloud DDoS Attack
Detection: A Systematic Review. In 2020 International Conference on Computer,
Control, Electrical, and Electronics Engineering (ICCCEEE) (pp. 1-9). IEEE.
Mallik, A. (2019). Man-in-the-middle-attack: Understanding in simple
words. Cyberspace: Jurnal Pendidikan Teknologi Informasi, 2(2), 109-134.
Microsoft. (2021a). Virtual Network – Virtual Private Cloud | Microsoft Azure. Virtual
Network. https://azure.microsoft.com/en-gb/services/virtual-network/
Microsoft. (2021b). What is a virtual machine and how does it work | Microsoft Azure.
https://azure.microsoft.com/en-gb/overview/what-is-a-virtual-machine/
Monika, G., & Kalpana, Y. (2016). Data Security is the Major Issue in Cloud
Computing-A Review. Indian Journal of Science and Technology, 9, 43.
Mouli, V. R., & Jevitha, K. P. (2016). Web services attacks and security-a systematic
literature review. Procedia Computer Science, 93, 870-877.
Nassif, A. B., Talib, M. A., Nasir, Q., Albadani, H., & Dakalbab, F. M. (2021). Machine
learning for cloud security: a systematic review. IEEE Access, 9, 20717-20735.
NIST. (2018). Evaluation of Cloud Computing Services Based on NIST SP 800-145.
https://www.nist.gov/publications/evaluation-cloud-computingservices-based-nist-sp-800-145
Nketah, G. U. (2016). Comparison of Machine Learning Services. University of
Stavanger, Norway. http://hdl.handle.net/11250/2413901
Nugraha, B. (2016). Analisis Teknik-Teknik Keamanan Pada Future Cloud Computing
vs Current Cloud Computing: Survey Paper. Jurnal Nasional Teknologi dan
Sistem Informasi, 2(2), 35-42.
Nunnikhoven, M. (2021). Top Cloud Security Challenges for 2021. Trend Micro.
https://www.trendmicro.com/en_se/devops/21/b/top-cloud-securitychallenges-for-2021.html
OWASP. (n.d.). Man-in-the-browser Software Attack | OWASP Foundation. Retrieved
November 15, 2021, from https://owasp.org/wwwcommunity/attacks/Man-in-the-browser_attack
Singh, A. (2019). Security concerns and countermeasures in cloud computing: a
qualitative analysis. International Journal of Information Technology, 11(4), 683-
690.
Singh, S., & Jeong, Y. S. park, Jong.(2016). A Survey on Cloud Computing Security:
Issues, Threats, and Solutions. Journal of Network and Computer
Applications, 75.
Sosinsky, B. (2011). Cloud Computing Bible. Wiley Publishing, Inc.
Subashini, S., & Kavitha, V. (2011). Review: A survey on security issues in service
delivery models of cloud computing. J. Netw. Comput. Appl, 341.
Subramanian, N., & Jeyaraj, A. (2018). Recent security challenges in cloud
computing. Computers & Electrical Engineering, 71, 28-42.
Tchifilionova, V. (2010). Security and privacy implications of cloud computing–Lost
in the cloud. In International Workshop on Open Problems in Network
Security (pp. 149-158). Springer, Berlin, Heidelberg.
Tripathi, A., & Mishra, A. (2011). Cloud computing security considerations. In 2011
IEEE International Conference on Signal Processing, Communications and
Computing (ICSPCC) (pp. 1-5). IEEE.
Wang, X., Zhang, Y., Zhang, H., Wei, X., & Wang, G. (2019). Identification and
authentication for wireless transmission security based on RF-DNA
fingerprint. EURASIP Journal on Wireless Communications and
Networking, 2019(1), 1-12.
You, P., Peng, Y., Liu, W., & Xue, S. (2012). Security issues and solutions in cloud
computing. In 2012 32nd International Conference on Distributed Computing
Systems Workshops (pp. 573-577). IEEE.
Zaman, S., Alhazmi, K., Aseeri, M. A., Ahmed, M. R., Khan, R. T., Kaiser, M. S., &
Mahmud, M. (2021). Security threats and artificial intelligence based
countermeasures for internet of things networks: a comprehensive
survey. Ieee Access, 9, 94668-94690
reliability issues. Communications of the IBIMA, 2013, 1.
Alhenaki, L., Alwatban, A., Alahmri, B., & Alarifi, N. (2019). Security in cloud
computing: a survey. International Journal of Computer Science and Information
Security (IJCSIS), 17(4).
Aljumah, A., & Ahanger, T. A. (2020). Cyber security threats, challenges and defence
mechanisms in cloud computing. IET Communications, 14(7), 1185-1191.
Bhandari, P. (2020). A step-by-step guide to data collection. Scribbr.
https://www.scribbr.com/methodology/data-collection/
Campfield, M. (2021). Mind the gap: the cloud security skills shortage. Computer Fraud
& Security, 2021(8), 6-10.
Coppolino, L., D’Antonio, S., Mazzeo, G., & Romano, L. (2017). Cloud security:
Emerging threats and current solutions. Computers & Electrical
Engineering, 59, 126-140.
Curran, K., Carlin, S., & Adams, M. (2011). Cloud computing security. Journal of
Network Engineering, 37(1), 4069-4072.
Darwish, M., Ouda, A., & Capretz, L. F. (2013). Cloud-based DDoS attacks and
defenses. In International Conference on Information Society (i-Society 2013) (pp.
67-71). IEEE
De Donno, M., Giaretta, A., Dragoni, N., Bucchiarone, A., & Mazzara, M. (2019).
Cyber-storms come from clouds: Security of cloud computing in the IoT
era. Future Internet, 11(6), 127.
Evangelopoulou, M. (2021). Cyber Security Fundamentals (M).
Fitzek, F. H. P., Granelli, F., & Seeling, P. (2020). Network slicing. In Computing in
Communication Networks (1st ed., p. 71). Academic Press.
Forcepoint. (2019). What is Security as a Service (SECaaS)? Forcepoint.
https://www.forcepoint.com/cyber-edu/security-as-a-service-secaas
Fujs, D., Mihelič, A., & Vrhovec, S. L. (2019, August). The power of interpretation:
Qualitative methods in cybersecurity research. In Proceedings of the 14th
International Conference on Availability, Reliability and Security (pp. 1-10).
Google Cloud Tech. (2020). Google Data Center Security: 6 Layers Deep.
https://www.youtube.com/watch?v=kd33UVZhnAA
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An
analysis of security issues for cloud computing. J Internet Serv Appl 4 (1): 1–
13.
Hawedi, M., Talhi, C., & Boucheneb, H. (2018). Security as a service for public cloud
tenants (SaaS). Procedia computer science, 130, 1025-1030.
Help Net Security. (2021). What is the impact of remote work on security best
practices? Help Net Security.
https://www.helpnetsecurity.com/2021/06/24/remote-work-securitypractices/
Indu, I., Anand, P. R., & Bhaskar, V. (2018). Identity and access management in cloud
environment: Mechanisms and challenges. Engineering science and technology,
an international journal, 21(4), 574-588.
Iqbal, S., Kiah, M. L. M., Dhaghighi, B., Hussain, M., Khan, S., Khan, M. K., & Choo,
K. K. R. (2016). On cloud security attacks: A taxonomy and intrusion
detection and prevention as a service. Journal of Network and Computer
Applications, 74, 98-120.
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in
cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993.
Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2009, September). On technical
security issues in cloud computing. In 2009 IEEE international conference on
cloud computing (pp. 109-116). Ieee.
Kaelin, M. (2019). How to create a cloud-based virtual network in Microsoft Azure.
TechRepublic. https://www.techrepublic.com/article/how-to-create-acloud-based-virtual-network-in-microsoft-azure/
Khan, M. A. (2016). A survey of security issues for cloud computing. Journal of network
and computer applications, 71, 11-29.
Kofahi, N. A., & Al-Rabadi, A. R. (2018). Identifying the top threats in cloud
computing and its suggested solutions: a survey. Networks, 6(1), 1-13
Makkawi, A. M., & Yousif, A. (2020). Machine Learning for Cloud DDoS Attack
Detection: A Systematic Review. In 2020 International Conference on Computer,
Control, Electrical, and Electronics Engineering (ICCCEEE) (pp. 1-9). IEEE.
Mallik, A. (2019). Man-in-the-middle-attack: Understanding in simple
words. Cyberspace: Jurnal Pendidikan Teknologi Informasi, 2(2), 109-134.
Microsoft. (2021a). Virtual Network – Virtual Private Cloud | Microsoft Azure. Virtual
Network. https://azure.microsoft.com/en-gb/services/virtual-network/
Microsoft. (2021b). What is a virtual machine and how does it work | Microsoft Azure.
https://azure.microsoft.com/en-gb/overview/what-is-a-virtual-machine/
Monika, G., & Kalpana, Y. (2016). Data Security is the Major Issue in Cloud
Computing-A Review. Indian Journal of Science and Technology, 9, 43.
Mouli, V. R., & Jevitha, K. P. (2016). Web services attacks and security-a systematic
literature review. Procedia Computer Science, 93, 870-877.
Nassif, A. B., Talib, M. A., Nasir, Q., Albadani, H., & Dakalbab, F. M. (2021). Machine
learning for cloud security: a systematic review. IEEE Access, 9, 20717-20735.
NIST. (2018). Evaluation of Cloud Computing Services Based on NIST SP 800-145.
https://www.nist.gov/publications/evaluation-cloud-computingservices-based-nist-sp-800-145
Nketah, G. U. (2016). Comparison of Machine Learning Services. University of
Stavanger, Norway. http://hdl.handle.net/11250/2413901
Nugraha, B. (2016). Analisis Teknik-Teknik Keamanan Pada Future Cloud Computing
vs Current Cloud Computing: Survey Paper. Jurnal Nasional Teknologi dan
Sistem Informasi, 2(2), 35-42.
Nunnikhoven, M. (2021). Top Cloud Security Challenges for 2021. Trend Micro.
https://www.trendmicro.com/en_se/devops/21/b/top-cloud-securitychallenges-for-2021.html
OWASP. (n.d.). Man-in-the-browser Software Attack | OWASP Foundation. Retrieved
November 15, 2021, from https://owasp.org/wwwcommunity/attacks/Man-in-the-browser_attack
Singh, A. (2019). Security concerns and countermeasures in cloud computing: a
qualitative analysis. International Journal of Information Technology, 11(4), 683-
690.
Singh, S., & Jeong, Y. S. park, Jong.(2016). A Survey on Cloud Computing Security:
Issues, Threats, and Solutions. Journal of Network and Computer
Applications, 75.
Sosinsky, B. (2011). Cloud Computing Bible. Wiley Publishing, Inc.
Subashini, S., & Kavitha, V. (2011). Review: A survey on security issues in service
delivery models of cloud computing. J. Netw. Comput. Appl, 341.
Subramanian, N., & Jeyaraj, A. (2018). Recent security challenges in cloud
computing. Computers & Electrical Engineering, 71, 28-42.
Tchifilionova, V. (2010). Security and privacy implications of cloud computing–Lost
in the cloud. In International Workshop on Open Problems in Network
Security (pp. 149-158). Springer, Berlin, Heidelberg.
Tripathi, A., & Mishra, A. (2011). Cloud computing security considerations. In 2011
IEEE International Conference on Signal Processing, Communications and
Computing (ICSPCC) (pp. 1-5). IEEE.
Wang, X., Zhang, Y., Zhang, H., Wei, X., & Wang, G. (2019). Identification and
authentication for wireless transmission security based on RF-DNA
fingerprint. EURASIP Journal on Wireless Communications and
Networking, 2019(1), 1-12.
You, P., Peng, Y., Liu, W., & Xue, S. (2012). Security issues and solutions in cloud
computing. In 2012 32nd International Conference on Distributed Computing
Systems Workshops (pp. 573-577). IEEE.
Zaman, S., Alhazmi, K., Aseeri, M. A., Ahmed, M. R., Khan, R. T., Kaiser, M. S., &
Mahmud, M. (2021). Security threats and artificial intelligence based
countermeasures for internet of things networks: a comprehensive
survey. Ieee Access, 9, 94668-94690
Published
2022-09-26
How to Cite
[1]
W. K. Erlangga and M. R. Ramadhan, “Potential Security Issues in Implementing IaaS and PaaS Cloud Service Models”, INJIISCOM, vol. 3, no. 2, pp. 143-162, Sep. 2022.
