An Overview of the State-of-the-Art of Cloud Computing Cyber-Security
Added on 2022-09-18
13 Pages5219 Words19 Views
See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/314296425
An Overview of the State-of-the-Art of Cloud Computing Cyber-Security
Conference Paper in Lecture Notes in Computer Science · March 2017
DOI: 10.1007/978-3-319-55589-8_4
CITATIONS
9
READS
112
3 authors:
Some of the authors of this publication are also working on these related projects:
Wireless Sensor Networks for Smart Grid Applications View project
Smart Grid & Renewable Energies View project
Hanane Bennasar
Ecole Nationale Supérieure d'Informatique et d'Analyse des Systèmes
5 PUBLICATIONS 16 CITATIONS
SEE PROFILE
Ahmed Bendahmane
Abdelmalek Essaâdi University
21 PUBLICATIONS 85 CITATIONS
SEE PROFILE
Mohamed Essaaidi
Ecole Nationale Supérieure d'Informatique et d'Analyse des Systèmes
280 PUBLICATIONS 894 CITATIONS
SEE PROFILE
All content following this page was uploaded by Mohamed Essaaidi on 13 December 2019.
The user has requested enhancement of the downloaded file.
An Overview of the State-of-the-Art of Cloud Computing Cyber-Security
Conference Paper in Lecture Notes in Computer Science · March 2017
DOI: 10.1007/978-3-319-55589-8_4
CITATIONS
9
READS
112
3 authors:
Some of the authors of this publication are also working on these related projects:
Wireless Sensor Networks for Smart Grid Applications View project
Smart Grid & Renewable Energies View project
Hanane Bennasar
Ecole Nationale Supérieure d'Informatique et d'Analyse des Systèmes
5 PUBLICATIONS 16 CITATIONS
SEE PROFILE
Ahmed Bendahmane
Abdelmalek Essaâdi University
21 PUBLICATIONS 85 CITATIONS
SEE PROFILE
Mohamed Essaaidi
Ecole Nationale Supérieure d'Informatique et d'Analyse des Systèmes
280 PUBLICATIONS 894 CITATIONS
SEE PROFILE
All content following this page was uploaded by Mohamed Essaaidi on 13 December 2019.
The user has requested enhancement of the downloaded file.
An Overview of the State-of-the-Art of Cloud
Computing Cyber-Security
H. Bennasar1, A. Bendahmane2, and M. Essaaidi1(B)
1 ENSIAS, Mohammed V University in Rabat, Rabat, Morocco
essaaidi@ieee.org
2 ENS, Abdelmalek Essaadi University, T ́etouan, Morocco
Abstract. We presented an overview of the state-of-the-art of cloud
computing security which covers its essential challenges through the
main different cyber-security threats, the main different approaches,
algorithms and techniques developed to address them, as well as the
open problems which define the research directions in this area. The
bottom line is that the state of maturity of cloud computing security
is very promising and there are many research directions still open and
which promise continued improvements of cloud security and privacy.
1 Introduction
Cloud computing is the use of computing resources that are delivered as a service
via Internet [1] to provide a secure, and on demand network access to shared
pool of configurable resources and different kind of services, such as, Software as
a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a service
(IaaS). During the last decade, there has been an increasing demand and adop-
tion of cloud computing systems, technologies, applications and services. This
is owing mainly to the many advantages this technology offers for businesses
and organizations such as its high resources elasticity and scalability which pro-
vide important savings in terms of investment and manpower. However, Cyber-
security is still considered among the most important issues and concerns limiting
the widespread adoption of cloud computing. Among the major issues related
with Cloud Computing security we can mention data security, intrusions attacks,
confidentiality and data integrity Cloud computing provides several advantages
allowing to have new business opportunities. However, it also involves potential
cyber-security risks and vulnerabilities. For instance, storing data in the cloud
may expose them to serious cyber-security attacks. The main objective of this
paper is to present an up-to-date overview of cloud computing cyber-security
issues. This will allow to identify the major research challenges in this increas-
ingly important area. The remainder of this paper is organized as follows. In
Sect. 2 we provide an overview of cloud computing, Sect. 3 is dedicated to the
state of the art of cloud computing challenges, the current approaches used to
circumvent them and a comparative study of related approaches.
c© Springer International Publishing AG 2017
S. El Hajji et al. (Eds.): C2SI 2017, LNCS 10194, pp. 56–67, 2017.
DOI: 10.1007/978-3-319-55589-8 4
Computing Cyber-Security
H. Bennasar1, A. Bendahmane2, and M. Essaaidi1(B)
1 ENSIAS, Mohammed V University in Rabat, Rabat, Morocco
essaaidi@ieee.org
2 ENS, Abdelmalek Essaadi University, T ́etouan, Morocco
Abstract. We presented an overview of the state-of-the-art of cloud
computing security which covers its essential challenges through the
main different cyber-security threats, the main different approaches,
algorithms and techniques developed to address them, as well as the
open problems which define the research directions in this area. The
bottom line is that the state of maturity of cloud computing security
is very promising and there are many research directions still open and
which promise continued improvements of cloud security and privacy.
1 Introduction
Cloud computing is the use of computing resources that are delivered as a service
via Internet [1] to provide a secure, and on demand network access to shared
pool of configurable resources and different kind of services, such as, Software as
a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a service
(IaaS). During the last decade, there has been an increasing demand and adop-
tion of cloud computing systems, technologies, applications and services. This
is owing mainly to the many advantages this technology offers for businesses
and organizations such as its high resources elasticity and scalability which pro-
vide important savings in terms of investment and manpower. However, Cyber-
security is still considered among the most important issues and concerns limiting
the widespread adoption of cloud computing. Among the major issues related
with Cloud Computing security we can mention data security, intrusions attacks,
confidentiality and data integrity Cloud computing provides several advantages
allowing to have new business opportunities. However, it also involves potential
cyber-security risks and vulnerabilities. For instance, storing data in the cloud
may expose them to serious cyber-security attacks. The main objective of this
paper is to present an up-to-date overview of cloud computing cyber-security
issues. This will allow to identify the major research challenges in this increas-
ingly important area. The remainder of this paper is organized as follows. In
Sect. 2 we provide an overview of cloud computing, Sect. 3 is dedicated to the
state of the art of cloud computing challenges, the current approaches used to
circumvent them and a comparative study of related approaches.
c© Springer International Publishing AG 2017
S. El Hajji et al. (Eds.): C2SI 2017, LNCS 10194, pp. 56–67, 2017.
DOI: 10.1007/978-3-319-55589-8 4
An Overview of the State-of-the-Art of Cloud Computing Cyber-Security 57
2 Cloud Computing
A. Definition
According to the National Institute of Standards and Technology (NIST) [2]:
“Cloud Computing is a model for enabling ubiquitous, convenient, on demand
network access to a shared pool of configurable computing resources (e.g., net-
works, servers, storage, applications and services) that can be rapidly provisioned
and released with minimal management effort or service provider interaction.
B. Cloud Computing Characteristics
The main characteristics and features of Cloud Computing can be summarized
in the following:
(1) Multi-Tenancy [3] which refers to having more than one occupants of the
cloud, living and sharing other occupants of the provider’s infrastructures,
including computational resources, storage, services, and applications. By
multi-tenancy, clouds provide simultaneous, secure hosting of services for
various clients or customers using the same cloud infrastructure resources.
It is an exclusive characteristic to resource sharing in clouds.
(2) Elasticity [4] is another important feature of cloud computing and it implies
that the user is able to scale up or down resources assigned to services or
resources based on the current demand. For providers, scaling up and down
of a tenant’s resources give a prospect to other tenants to use the tenant
previously assigned resources.
(3) Availability of Information based on the Service level Agreement (SLA) [6]
which is a trust bond between the cloud provider and the customer. This
defines the maximum time for which the network resources or applications
may not be available for the customer. Due to the complex nature of the
customer demands, a simple measure and trigger process may not work for
SLA enforcement.
(4) Multiple Stakeholder in the cloud Computing model means that there are
different Stakeholders involved [5], such as the cloud provider (an entity that
delivers infrastructures to the cloud’s customers), the service provider (an
entity that uses the cloud infrastructure to deliver applications/services to
end users), and the customer (an entity that uses services hosted in the
cloud infrastructure). Each stakeholder has its own security management
systems/processes and its own requirements and capabilities distributed
from/to other stakeholders.
(5) Third-Party Control [7] which is considered to be the major security chal-
lenge, that is, the owner of the data has no control on their processing. The
biggest change for Information Technology (IT) department of an organiza-
tion using cloud computing will be reduced control even as it is being tasked
to tolerate increased responsibility for the confidentiality and compliance of
computing practices in the organization.
C. Service Models
Cloud Computing offers services that can be grouped into three categories, as
shown in Fig. 1
2 Cloud Computing
A. Definition
According to the National Institute of Standards and Technology (NIST) [2]:
“Cloud Computing is a model for enabling ubiquitous, convenient, on demand
network access to a shared pool of configurable computing resources (e.g., net-
works, servers, storage, applications and services) that can be rapidly provisioned
and released with minimal management effort or service provider interaction.
B. Cloud Computing Characteristics
The main characteristics and features of Cloud Computing can be summarized
in the following:
(1) Multi-Tenancy [3] which refers to having more than one occupants of the
cloud, living and sharing other occupants of the provider’s infrastructures,
including computational resources, storage, services, and applications. By
multi-tenancy, clouds provide simultaneous, secure hosting of services for
various clients or customers using the same cloud infrastructure resources.
It is an exclusive characteristic to resource sharing in clouds.
(2) Elasticity [4] is another important feature of cloud computing and it implies
that the user is able to scale up or down resources assigned to services or
resources based on the current demand. For providers, scaling up and down
of a tenant’s resources give a prospect to other tenants to use the tenant
previously assigned resources.
(3) Availability of Information based on the Service level Agreement (SLA) [6]
which is a trust bond between the cloud provider and the customer. This
defines the maximum time for which the network resources or applications
may not be available for the customer. Due to the complex nature of the
customer demands, a simple measure and trigger process may not work for
SLA enforcement.
(4) Multiple Stakeholder in the cloud Computing model means that there are
different Stakeholders involved [5], such as the cloud provider (an entity that
delivers infrastructures to the cloud’s customers), the service provider (an
entity that uses the cloud infrastructure to deliver applications/services to
end users), and the customer (an entity that uses services hosted in the
cloud infrastructure). Each stakeholder has its own security management
systems/processes and its own requirements and capabilities distributed
from/to other stakeholders.
(5) Third-Party Control [7] which is considered to be the major security chal-
lenge, that is, the owner of the data has no control on their processing. The
biggest change for Information Technology (IT) department of an organiza-
tion using cloud computing will be reduced control even as it is being tasked
to tolerate increased responsibility for the confidentiality and compliance of
computing practices in the organization.
C. Service Models
Cloud Computing offers services that can be grouped into three categories, as
shown in Fig. 1
58 H. Bennasar et al.
Fig. 1. Cloud computing service model
(1) Infrastructure-as-a-Service (IaaS) [1] through which the cloud providers
deliver computation, storage and network resources. In this model, customers
do not need to maintain huge servers; they just need to choose their required
infrastructure using a web browser and they will be provided with all sorts of
hardware infrastructure by the cloud service provider (CSP). As an examples
of IaaS vendors, we can cite Citrix, 3tera, VMware, HP, and Dell.
(2) Platform-as-a-service (PaaS) [1] for which Cloud providers deliver platform,
tools and business services to develop, deploy and manage their applications.
PaaS facilitates the customer organization in developing software applica-
tions, without investing huge amounts of money on infrastructure, which will
be delivered to the users over Internet on-demand and rent basis (i.e. pay-
as-you-use). Web servers, application servers, development environment, and
runtime environment are some example components with respect to PaaS. In
this model, customers need not maintain underlying infrastructure includ-
ing servers, cooling, operating systems, storage, etc. As examples of PaaS
vendors, we can mention Google AppEngine, force.com, Microsoft Windows.
(3) Software-as-a-Service (SaaS) [1] for which Cloud computing providers offer
applications hosted in the cloud infrastructures for application implementa-
tion. Example components for SaaS are office suites (docs), online games,
email applications, online readers, online movie players, etc. In this model,
customers need not maintain heavy investment on system configuration
to run all these applications; they just require Internet access and a web
browser. Salesforce.com, Amazon, Zoho, Microsoft Dynamics CRM, and
Google are some examples of SaaS vendors.
D. Service Deployement
A cloud deployment model means a specific type of cloud computing environ-
ment, characterized by several features such as ownership, size, and access mode.
As shown in Fig. 2, there are three common cloud deployment models, namely,
private cloud, public cloud, and hybrid cloud.
(1) Private cloud [1] is for the only use of a single company/organization and its
customers. This setup may reside inside or outside the customer’s premises.
Fig. 1. Cloud computing service model
(1) Infrastructure-as-a-Service (IaaS) [1] through which the cloud providers
deliver computation, storage and network resources. In this model, customers
do not need to maintain huge servers; they just need to choose their required
infrastructure using a web browser and they will be provided with all sorts of
hardware infrastructure by the cloud service provider (CSP). As an examples
of IaaS vendors, we can cite Citrix, 3tera, VMware, HP, and Dell.
(2) Platform-as-a-service (PaaS) [1] for which Cloud providers deliver platform,
tools and business services to develop, deploy and manage their applications.
PaaS facilitates the customer organization in developing software applica-
tions, without investing huge amounts of money on infrastructure, which will
be delivered to the users over Internet on-demand and rent basis (i.e. pay-
as-you-use). Web servers, application servers, development environment, and
runtime environment are some example components with respect to PaaS. In
this model, customers need not maintain underlying infrastructure includ-
ing servers, cooling, operating systems, storage, etc. As examples of PaaS
vendors, we can mention Google AppEngine, force.com, Microsoft Windows.
(3) Software-as-a-Service (SaaS) [1] for which Cloud computing providers offer
applications hosted in the cloud infrastructures for application implementa-
tion. Example components for SaaS are office suites (docs), online games,
email applications, online readers, online movie players, etc. In this model,
customers need not maintain heavy investment on system configuration
to run all these applications; they just require Internet access and a web
browser. Salesforce.com, Amazon, Zoho, Microsoft Dynamics CRM, and
Google are some examples of SaaS vendors.
D. Service Deployement
A cloud deployment model means a specific type of cloud computing environ-
ment, characterized by several features such as ownership, size, and access mode.
As shown in Fig. 2, there are three common cloud deployment models, namely,
private cloud, public cloud, and hybrid cloud.
(1) Private cloud [1] is for the only use of a single company/organization and its
customers. This setup may reside inside or outside the customer’s premises.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Overview of the State-of-the-Art of Cloud Computing Cyber-Security | Presentationlg...
|13
|900
|44
Smart City Sensing and Communication Sub-Infrastructurelg...
|5
|4431
|87