A Survey on Cloud Security Issues and Solution

2020 ◽  
Author(s):  
Sahar Alatawi ◽  
Areej Alhasani ◽  
Shahad Alfaidi ◽  
Moudi Albalawi ◽  
Saad M Almutairi
Keyword(s):  
Cloud Security ◽  
Security Issues

scholarly journals Cloud Security: Inter-Host Docker Container Communication using Vault Dynamic Secrets

2019 ◽  
Vol 9 (2S) ◽  
pp. 395-401
Keyword(s):  
Best Practices ◽  
Cloud Security ◽  
Simulation Environment ◽  
Monitoring Tool ◽  
Security Vulnerabilities ◽  
Security Issues ◽  
Industry Standard ◽  
Flooding Attacks ◽  
Arp Spoofing

In this paper we attempt to address Inter-Host Docker container communications security issues by incorporating a latest approach provided by Vault Hashicorp dynamic secret mechanism for managing SSH keys and server credentials. A simulation environment is prepared for Inter-Host container communication consisting of one host running locally and the peer host running as an AWS EC2 instance in cloud. Industry standard monitoring tool Grafana is used in the simulation environment to highlight the security impacts for any organization. We also draw special attention to some of the security vulnerabilities in docker container like ARP spoofing, Integrity of the docker host and containers and MAC flooding attacks. We try to list some best practices to be followed when using docker containers in any production deployments.

Review on Cloud Computing and Cloud Security Issues

2021 ◽  
Author(s):  
Ramla Humayun
Keyword(s):  
Cloud Computing ◽  
Cloud Security ◽  
Security And Privacy ◽  
Security Issues ◽  
Privacy Issues

Review on Cloud-Computing and the security and privacy issues related with it.

Cloud Computing and Cybersecurity Issues Facing Local Enterprises

2019 ◽  
pp. 1777-1799
Author(s):  
Emre Erturk
Keyword(s):  
Cloud Computing ◽  
Cyber Security ◽  
Cloud Security ◽  
Security Issues ◽  
Contemporary Research ◽  
Security Practices ◽  
It Resources ◽  
Security Incidents

This chapter sets out to explore new trends in cyber and cloud security, and their implications for businesses. First, the terminology and assumptions related to cloud computing are stated. Next, the chapter reports on contemporary research around the awareness of security issues, and the security processes within the cloud computing realm. Cyber security poses a different challenge to local small and medium sized organizations, which may seem to have less at stake financially. However, they are more vulnerable, due to fewer resources dedicated toward prevention. A series of serious security incidents may even keep them out of business. Furthermore, security needs to be understood and handled differently in a cloud based environment. Therefore, the chapter identifies unique security practices and recommendations for these businesses to run their IT resources safely in the cloud.

Cloud Security Engineering Concept and Vision

2018 ◽  
pp. 93-101 ◽  
Author(s):  
Shadi Aljawarneh
Keyword(s):  
Cloud Security ◽  
Research Community ◽  
Security Requirements ◽  
Software System ◽  
Security Engineering ◽  
Security Issues ◽  
Requirements Specifications ◽  
Evolutionary Changes ◽  
World Environment ◽  
Engineering Concept

The research community found that a software system should be evolved once every few months to ensure it is adapted to the real-world environment. The system evolution requires regularly amendments that append, delete, or alter features. It also migrates or converts the software system from one operating platform to another. These amendments may result in requirements/ specifications that were satisfied in a previous release of a software system not being satisfied in the subsequent versions. As a result, software evolutionary changes violate security requirements, and then a system may become vulnerable to different kinds of attacks. In this paper, concepts and visions are presented to avoid/minimize the Cloud security issues.

scholarly journals An Overview of Public Cloud Security Issues

2014 ◽  
Vol 3 (2) ◽  
pp. 440 ◽  
Author(s):  
Atefeh Heydari ◽  
Mohammad Ali Tavakoli ◽  
Mohammad Riazi
Keyword(s):  
Cloud Security ◽  
Public Cloud ◽  
Security Issues

scholarly journals An Analysis of Cloud Computing Security Issues

2016 ◽  
pp. 212-217
Author(s):  
Baldev Singh
Keyword(s):  
Cloud Computing ◽  
Cloud Security ◽  
Cloud Services ◽  
Security Requirements ◽  
Hybrid Technique ◽  
Independent Manner ◽  
Cloud Computing Security ◽  
Security Issues ◽  
Effective Implementation ◽  
The Past

Cloud computing is one of the emerged technologies in the past decade. Tremendous growth is noticed in the usage and implementation of Cloud computing. Although cloud spectrum is widely popular still there are lot of challenges and issues to be addressed for its optimal usage. Vulnerabilities and threats to the cloud services leads to attacks and exploitation of resources as well as data breaches and privacy violations that need to be addressed at the cloud customer satisfaction level. This paper highlights different cloud security issues and their security requirements. The review aspects and findings of the paper can be used as a reference for further appropriate and effective implementation from the suggested practically viable cloud security solution in an independent manner or using as a hybrid technique.

scholarly journals Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

2020 ◽  
Author(s):  
Kennedy Torkura
Keyword(s):  
Knowledge Base ◽  
Fault Injection ◽  
Software Tool ◽  
Cloud Security ◽  
Cyber Attacks ◽  
Cloud Infrastructure ◽  
Security Issues ◽  
Security Controls ◽  
Security Models ◽  
Consumption Rates

<div>Most cyber-attacks and data breaches in cloud</div><div>infrastructure are due to human errors and misconfiguration</div><div>vulnerabilities. Cloud customer-centric tools are lacking, and existing</div><div>security models do not efficiently tackle these security challenges.</div><div>Novel security mechanisms are imperative, therefore, we</div><div>propose Risk-driven Fault Injection (RDFI) techniques to tackle</div><div>these challenges. RDFI applies the principles of chaos engineering</div><div>to cloud security and leverages feedback loops to execute, monitor,</div><div>analyze and plan security fault injection campaigns, based on</div><div>a knowledge-base. The knowledge-base consists of fault models</div><div>designed from cloud security best practices and observations</div><div>derived during iterative fault injection campaigns. Furthermore,</div><div>the observations indicate security weaknesses and verify the</div><div>correctness of security attributes (integrity, confidentiality and</div><div>availability) and security controls. Ultimately this knowledge is</div><div>critical in guiding security hardening efforts and risk analysis.</div><div>We have designed and implemented the RDFI strategies including</div><div>various chaos algorithms as a software tool: CloudStrike. Furthermore,</div><div>CloudStrike has been evaluated against infrastructure</div><div>deployed on two major public cloud systems: Amazon Web Service</div><div>and Google Cloud Platform. The time performance linearly</div><div>increases, proportional to increasing attack rates. Similarly, CPU</div><div>and memory consumption rates are acceptable. Also, the analysis</div><div>of vulnerabilities detected via security fault injection has been</div><div>used to harden the security of cloud resources to demonstrate the</div><div>value of CloudStrike. Therefore, we opine that our approaches</div><div>are suitable for overcoming contemporary cloud security issues</div>

Sign in / Sign up

Export Citation Format

Share Document