A Survey on Cloud Security

doi:10.3969/j.issn.1673-5188.2017.02.006

ZTE Communications ›› 2017, Vol. 15 ›› Issue (2): 42-47.DOI: 10.3969/j.issn.1673-5188.2017.02.006

• Review • Previous Articles Next Articles

A Survey on Cloud Security

WU Chunming, LIU Qianjun, LI Yuwei, CHENG Qiumei, ZHOU Haifeng

College of Computer Science and Technology, Zhejiang University, Hangzhou 310058, China

Received:2016-10-24 Online:2017-04-25 Published:2019-12-24
About author:WU Chunming (wuchunming@zju.edu.cn) received the Ph.D. degree in computer science from Zhejiang University in 1995. He is currently a professor with the College of Computer Science and Technology of Zhejiang University, and the Associate Director of the Research Institute of Computer System Architecture and Network Security. His research fields include Software-Defined Network, reconfigurable networks, proactive network defense, cloud security, network virtualization, and intelligent networks.|LIU Qianjun (liuqj0522@163.com) is now a Ph.D. candidate at the College of Computer Science, Zhejiang University, Hangzhou, China. Her research interests involve cloud security, big data security and smart security analytics.|LI Yuwei (liyuwei@zju.edu.cn) is now a Ph.D. candidate at the College of Computer Science, Zhejiang University, Hangzhou, China. Her research interests involve system security, code security and smart security.|CHENG Qiumei (chengqiumei@zju.edu.cn) is currently pusuing the Ph.D. degree with the College of Computer Science and Technology, Zhejiang University, Hangzhou, China. Her research interests include cloud security, software-defined security, network virtualization, software-defined networks, and proactive network defense.|ZHOU Haifeng (zhouhaifeng@zju.edu.cn) is currently pursuing the Ph.D. degree with the College of Computer Science and Technology, Zhejiang University, Hangzhou, China. His research interests include software-defined networks, software-defined network security, cloud security, proactive network defense, intelligent networks and security systems, network traffic engineering, and innovative network and security technologies.
Supported by:
This work was supported by the National Key Research and Development Program of China under Grant the Fundamental Research Funds for the Central Universities, and the ZTE Industry-Academia-Research Cooperation Funds.(2016YFB0800102);the National High Technology Research Program of China under Grant(2015AA016103);the Fundamental Research Funds for the Central Universities;the ZTE Industry-Academia-Research Cooperation Funds

Abstract

Abstract:

Cloud computing system packages infrastructures, applications and other resources as services, and delivers the services to market in an elastic and fast way. The significant advantages of cloud computing, e.g., scalability, elasticity, and pay-per-use, bring it considerable commercial values. Nevertheless, owing to the new application scenario, e.g., multi-tenant, cloud computing is encountering potential security risks. This paper reviews the state-of-art research in cloud security. According to the attack levels, it analyzes four kinds of attacks in the cloud, i.e., network-based attacks, VM-based attacks, storage-based attacks, and application-based attacks. The countermeasures and corresponding techniques are then introduced. Furthermore, this paper also discusses an innovative and promising solution for cloud security by dynamically changing system configuration.

Key words: cloud computing, security, virtualization, storage

WU Chunming, LIU Qianjun, LI Yuwei, CHENG Qiumei, ZHOU Haifeng. A Survey on Cloud Security[J]. ZTE Communications, 2017, 15(2): 42-47.

Figures/Tables 2

References 28

[1]	P. Mell, and T. Grance, .(2011, Sept.). The NIST definition of cloud computing [Online]. Available:
[2]	Cisco. ( 2016. Cisco global cloud index: forecast and methodology, 2015-2020 [online]. Available:
[3]	R. Ko, S. Lee, V. Rajan . ( 2013, Mar.). Cloud computing vulnerability incidents: a statistical overview [Online]. Available: . March
[4]	Symantec. ( 2015). Internet security threat report [Online]. Available:
[5]	W. Lin and D. Lee, “Traceback attacks in cloud—pebbletrace botnet,” in IEEE International Conference on Distributed Computing Systems Workshops, 2014, pp. 417-426.
[6]	A. Web, S. Overview, S. P. May . ( 2009, Jun.). Amazon web services: overview of security processes [Online]. Available: . pdf
[7]	N. Kaaniche, and M. Laurent, “A secure client side deduplication scheme in cloud storage environments,” in 6th International Conference on New Technologies, Mobility and Security , Dubai, United Arab Emirates, 2014, pp. 1-7. doi: 10.1109/NTMS.2014.6814002.
[8]	R. Sanchez, F. Almenares, P. Arias , et al., “Enhancing privacy and dynamic federation in IdM for consumer cloud computing,” IEEE Transactions on Consumer Electronics, vol. 58, no. 58, pp. 95-103, 2012.
[9]	J. Wei, X. Zhang, G. Ammons , et al., “Managing security of virtual machine images in a cloud environment,” in ACM Cloud Computing Security Workshop, 2009, pp. 91-96.
[10]	Y. Zhang, A. Juels, M. K. Reiter , et al., “Cross-VM side channels and their use to extract private keys,” in ACM Conference on Computer and Communications Security, Chicago,USA, 2012, pp. 91-96. doi: 10.1145/1655008.1655021.
[11]	F. Zhou, M. Goel, P. Desnoyers , et al., “Scheduler vulnerabilities and coordinated attacks in cloud computing,” in IEEE International Symposium on Network Computing and Applications, Cambridge,USA, 2011, pp. 123-130. doi: 10.1109/NCA.2011.24.
[12]	Q. Wang, C. Wang, J. Li , et al., “Enabling public verifiability and data dynamics for storage security in cloud computing,” in 14th European Conference on Research in Computer Security, Saint-Malo,France, 2009, pp. 335-370.
[13]	J. Sen , “Security and privacy issues in cloud computing,” in Architectures and Protocols for Secure Information Technology Infrastructures, Hershey, USA: IGI Global, 2013.
[14]	Y. Zhang, A. Juels, M. K. Reiter , et al., “Cross-tenant side-channel attacks in PaaS clouds,” in ACM SIGSAC Conference on Computer and Communications Security, Scottsdale,USA, 2014, pp. 990-1003. doi: 10.1145/2660267.2660356.
[15]	N. Gruschka and L . L. Iacono, “Vulnerable cloud: SOAP message security validation revisited,” in IEEE International Conference on Web Services, Los Angeles, USA, 2009, pp. 625-631. doi: 10.1109/ICWS.2009.70.
[16]	R. Sailer, E. Valdez, T. Jaeger , “sHype: secure hypervisor approach to trusted virtualized systems, ” IBM, Yorktown Heights, USA, Research Report RC23511, 2005.
[17]	J. Wei, X. Zhang, G. Ammons , et al., “Managing security of virtual machine images in a cloud environment,” in ACM Workshop on Cloud Computing Security, Chicago, USA, 2009, pp. 91-96. doi: 10.1145/1655008.1655021.
[18]	K. Eguro and R. Venkatesan , “FPGAs for trusted cloud computing,” in IEEE International Conference on Field Programmable Logic and Applications (FPL), Oslo, Norway, 2012 , pp. 63-70.
[19]	A. R. Sadeghi, T. Schneider, M. Winandy , “Token-based cloud computing: secure outsourcing of data and arbitrary computations with lower latency,” in International Conference on Trust and Trustworthy Computing, Berlin, Germany, 2010, pp. 417-429.
[20]	J. Tang , “Ensuring security and privacy preservation for cloud data services,” ACM Computing Surveys (CSUR), vol. 49, no. 1, article 13, Jul. 2016. doi: 10.1145/2906153.
[21]	C. Wang, K. Ren, W. Lou , et al., “Toward publicly auditable secure cloud data storage services,” IEEE Network , vol. 24, no. 4, pp.. 19-24, Jul./Aug. 2010.
[22]	M. Jensen, S. Schäge, J. Schwenk , “Towards an anonymous access control and accountability scheme for cloud computing,” in IEEE International Conference on Cloud Computing, Miami,USA, 2010, pp. 540-541. doi: 10.1109/CLOUD.2010.61.
[23]	K. D. Bowers, A. Juels, A. Oprea , “Proofs of retrievability: theory and implementation,” in ACM Workshop on Cloud Computing Security, Chicago,USA, 2009, pp. 43-54. doi: 10.1145/1655008.1655015.
[24]	L. Yan, C. Rong, G. Zhao , “Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography,” in International Conference on Cloud Computing, Bangalore, India, 2009, pp. 167-177 .
[25]	S. Yu, C. Wang, K. Ren , et al., “Achieving secure, scalable, and fine-grained data access control in cloud computing,” in Proc. IEEE INFOCOM, San Diego,USA, 2010, pp. 534-542. doi: 10.1109/INFCOM.2010.5462174.
[26]	H. Zhou, C. Wu, M. Jiang , et al., “Evolving defense mechanism for future network security,” IEEE Communications Magazine, vol. 53, no. 4, pp. 45-51, 2015. doi: 10.1109/MCOM.2015.7081074.
[27]	S. Lins, P. Grochol, S. Schneider , et al., “Dynamic certification of cloud services: trust, but verify,” IEEE Security & Privacy Magazine, vol. 14, no. 2, pp. 66-71, 2016. doi: 10.1109/MSP.2016.26.
[28]	Open Networking Foundation . ( 2012, Apr. 13). Software-defined networking: the new norm for networks [Online]. Available: . pdf

A Survey on Cloud Security

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 2

References 28

Related Articles 15

Recommended Articles

Metrics

[1]	CAO Yinfeng, CAO Jiannong, WANG Yuqin, WANG Kaile, LIU Xun. Security in Edge Blockchains: Attacks and Countermeasures [J]. ZTE Communications, 2022, 20(4): 3-14.
[2]	LU Haitao, YAN Xincheng, ZHOU Qiang, DAI Jiulong, LI Rui. Key Intrinsic Security Technologies in 6G Networks [J]. ZTE Communications, 2022, 20(4): 22-31.
[3]	HE Miao, LI Xiangman, NI Jianbing. Physical Layer Security for MmWave Communications: Challenges and Solutions [J]. ZTE Communications, 2022, 20(4): 41-51.
[4]	YAN Xincheng, TENG Huiyun, PING Li, JIANG Zhihong, ZHOU Na. Study on Security of 5G and Satellite Converged Communication Network [J]. ZTE Communications, 2021, 19(4): 79-89.
[5]	YANG Howard H., ZHAO Zhongyuan, QUEK Tony Q. S.. Enabling Intelligence at Network Edge:An Overview of Federated Learning [J]. ZTE Communications, 2020, 18(2): 2-10.
[6]	WU Hequan. Ten Reflections on 5G [J]. ZTE Communications, 2020, 18(1): 1-4.
[7]	TANG Kai. Risk Analysis of Industrial InternetIdentity System [J]. ZTE Communications, 2020, 18(1): 44-48.
[8]	MA Baoluo, CHEN Wenqu, CHI Cheng. Security Risk Analysis Model for Identification and Resolution System of Industrial Internet [J]. ZTE Communications, 2020, 18(1): 49-54.
[9]	ZHANG Yunyong, XU Lei, TAO Ye. SDN Based Security Services [J]. ZTE Communications, 2018, 16(4): 9-14.
[10]	WANG Hua, ZHAO Yongli, WANG Dajiang, WANG Jiayu, WANG Zhenyu. A Quantum Key Re-Transmission Mechanism for QKD-Based Optical Networks [J]. ZTE Communications, 2018, 16(3): 52-58.
[11]	LUO Shengmei, LU Youyou, YANG Hongzhang, SHU Jiwu, ZHANG Jiacheng. Persistent Data Layout in File Systems [J]. ZTE Communications, 2018, 16(3): 59-66.
[12]	HU Baiqing, WANG Wenjie, Chi Harold Liu. Open Source Initiatives for Big Data Governance and Security: A Survey [J]. ZTE Communications, 2018, 16(2): 55-66.
[13]	Alexander A. Okandeji, Muhammad R. A. Khandaker, WONG Kai-Kit, ZHANG Yangyang, ZHENG Zhongbin. Secure Beamforming Design for SWIPT in MISO Full-Duplex Systems [J]. ZTE Communications, 2018, 16(1): 38-46.
[14]	MENG Ziqian, GUAN Zhi, WU Zhengang, LI Anran, CHEN Zhong. Security Enhanced Internet of Vehicles with Cloud-Fog-Dew Computing [J]. ZTE Communications, 2017, 15(S2): 47-51.
[15]	CHEN Aiguo, WU Huaigu, TIAN Ling, LUO Guangchun. HCOS: A Unified Model and Architecture for Cloud Operating System [J]. ZTE Communications, 2017, 15(4): 23-29.