An overview of threats to data security and integrity in cloud computing
DOI:
https://doi.org/10.30837/rt.2023.1.212.03Keywords:
cloud computing, cloud computing security, integrity, integrity threats, security threats, integrity methodsAbstract
Cloud computing has become an integral part of our lives, and today it is used almost everywhere. In general, cloud computing is a concept of providing IT resources in the form of services. There are two cloud computing models: deployment models, which differ in the type of cloud management and access to the cloud and the level of security, and service models, which differ in the level of service provision, which affects, among other things, the level of responsibility of the service provider and the consumer. Cloud services began to gain popularity in 2009, and the demand for them has grown exponentially every year. They became especially popular during the pandemic in 2019, when people had to stay at home without interrupting their work processes, and now, in post-covid times, they also remain popular due to their convenience, high availability, easy scalability and cost savings. Due to the widespread use of cloud computing services, a high level of security is required. Unfortunately, the popularity of cloud computing has its drawbacks – in addition to the fact that it is more difficult to monitor the security of a remote environment than the security of a local computer, there are many other threats. In today's reality, people use cloud computing technologies in large volumes, for example, at work, for personal purposes, etc., as they have great trust in these technologies. This is the reason why it is necessary to maintain a high level of security and constantly improve it. Cloud computing security threats are usually divided into confidentiality, integrity, and availability threats. To prevent the loss of confidential information, service providers must ensure its integrity. Users want to be sure that their data will not fall into the hands of an intruder or third-party services. Therefore, this article discusses the most common threats to data security and integrity in cloud computing and the existing methods that prevent these vulnerabilities and possible problems at different levels and with the help of different tools.
References
P. Mell and T. Grance. The NIST Definition of Cloud Computing // National Institute of Standards and Technology. 2009. Vol.53,no.6. Р. 50.
Reese G. (2009) Cloud Application Architectures: Building Applications and Infrastructure in the Cloud. Sebastopol. California : O'Reilly Media.
Buyya R., Yeo C.S., Venugopal S., Broberg J., and Brandic I. Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility // Future Generation Computer Systems. 2009. 25 (6). Р. 599 – 616.
Cloud computing security. Режим доступу: http://en.wikipedia.org/wiki/Cloud_ computing_security.
Top Threats to Cloud Computing v1.0 Cloud Security Alliance.
Що таке безпека в хмарі?, Microsoft. Режим доступу: https://www.microsoft.com/uk-ua/security/business/security-101/what-is-cloud-security.
Rukavitsyn Andrey, Borisenko Konstantin, Holod Ivan, Shorov Andrey. The method of ensuring confidentiality and integrity data in cloud computing // 2017 XX IEEE International Conference on Soft Computing and Measurements (SCM). 2009. Р. 272 – 274.
Yunchuan Sun, Junsheng Zhang, Yongping Xiong, and Guangyu Zhu – Data Security and Privacy in Cloud Computing.
M. S. Giri, B. Gaur, D. Tomar. A Survey on Data Integrity Techniques in Cloud Computing.
Yunchuan Sun, Junsheng Zhang zhangjs, Yongping Xiong, and Guangyu Zhu (2014. Data Security and Privacy in Cloud Computing.
Dissanayaka, Akalanka Mailewa, Susan Mengel, Lisa Gittner, and Hafiz Khan. Vulnerability prioritization, root cause analysis, and mitigation of secure data analytic framework implemented with mongodb on singularity linux containers // Proceedings of the 2020 the 4th International Conference on Compute and Data Analysis. 2020. Р. 58 – 66.
A. Jyoti, M. Shrimali, S. Tiwari, and H. P. Singh. Cloud computing using load balancing and service broker policy for IT service: a taxonomy and survey // Ambient Intell. Humaniz. Comput., vol. 11, no. 11, pp. 4785 – 4814, Nov. 2020, doi: 10.1007/s12652-020-01747-z.
Te-Shun Chou. Security threats on cloud computing vulnerabilities // International Journal of Computer Science & Information Technology (IJCSIT) Vol. 5, No 3, June 2013, pp. 84 – 85.
Ramandeep Kaur, Pushpendra Kumar Pateriya. A Study on Security Requirements in Different Cloud Frameworks // International Journal of Soft Computing and Engineering (IJSCE) ISSN: 2231-2307, Vol.3, Iss.1, March 2013, pp.134 – 135.
Y. Chen, L. Li, and Z. Chen. An Approach to Verifying Data Integrity for Cloud Storage // 2017 13th International Conference on Computational Intelligence and Security (CIS), Dec. 2017, pp. 582 – 585, doi: 10.1109/CIS.2017.00135.
H. Mohapatra. Handling of Man-In-The-Middle Attack in WSN Through Intrusion Detection System // Int. J. Emerg. Trends Eng. Res., vol. 8, no. 5, pp. 1503 – 1510, May 2020, doi: 10.30534/ijeter/2020/05852020.
What is a DDoS attack? Режим доступу – https://www.microsoft.com/en-us/security/business/security-101/what-is-a-ddos-attack.
Lai Cheng-I., Alberto Abad, Korin Richmond, Junichi Yamagishi, NajimDehak, and Simon King. Attentive filtering networks for audio replay attack detection // ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 6316 – 6320. IEEE, 2019.
Shetty, Roshan Ramprasad, Akalanka Mailewa Dissanayaka, Susan Mengel, Lisa Gittner, Ravi Vadapalli, and Hafiz Khan. Secure NoSQL based medical data processing and retrieval: the exposome project // Companion Proceedings of the10th International Conference on Utility and Cloud Computing, pp. 99 – 105. 2017.
Mailewa Dissanayaka, Akalanka, Roshan Ramprasad Shetty, Samip Kothari, Susan Mengel, Lisa Gittner, and Ravi Vadapalli. A review of MongoDB and singularity container security in regards to hipaa regulations // Companion Proceedings of the10th International Conference on Utility and Cloud Computing, pp. 91 – 97. 2017.
Survey on various data integrity attacks in cloud environment and the solutions // IEEE Conference Publication. Режим доступу – https://ieeexplore.ieee.org/abstract/document/6528889.
Thapa, Suman, and Akalanka Mailewa. The Role of Intrusion Detection/Prevention Systems in Modern Computer Networks: A Review // Conference: Midwest Instruction and Computing Symposium (MICS), vol. 53, pp. 1 – 14. 2020.
S. Sudalai and S. S., A Survey on Cloud Security Issues and Challenges with Possible MeasuresA Survey on Cloud Security Issues and Challenges with Possible Measures. 2016.
Y. Zhu, H. Hu, G. Ahn, and M. Yu. Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage // IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 12, pp. 2231 – 2244, Dec. 2012, doi: 10.1109/TPDS.2012.66.
J. Feng, Y. Chen, D. H. Summerville, and K. Hwang. Fair Non-repudiation Framework for Cloud Storage: Part II // Cloud Computing for Enterprise Architectures, Z. Mahmood and R. Hill, Eds. London: Springer, 2011, pp. 283 – 300.
J. Feng, Y. Chen, D. Summerville, W. Ku, and Z. Su. Enhancing cloud storage security against roll-back attacks with a new fair multi-party nonrepudiation protocol // 2011 IEEE Consumer Communications and Networking Conference (CCNC), Jan. 2011, pp. 521 – 522, doi: 10.1109/CCNC.2011.5766528.
H. Lin and W. Tzeng. A Secure Erasure Code-Based Cloud Storage System with Secure Data Forwarding // IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 6, pp. 995 – 1003, Jun. 2012, doi: 10.1109/TPDS.2011.252.
R. V. Rao and K. Selvamani. Data Security Challenges and Its Solutions in Cloud Computing // Procedia Comput. Sci., vol. 48, pp. 204 – 209, Jan.2015, doi: 10.1016/j.procs.2015.04.171.
K. N. Sevis and E. Seker. Survey on Data Integrity in Cloud // 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), Jun. 2016, pp. 167 – 171, doi: 10.1109/CSCloud.2016.35.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).