A systematic review of security threats and countermeasures in SaaS

Miguel Ángel Díaz de León Guillén; Víctor Morales-Rocha; Luis Felipe Fernández Martínez

doi:10.3233/jcs-200002

A systematic review of security threats and countermeasures in SaaS

Journal of Computer Security ◽

10.3233/jcs-200002 ◽

2020 ◽

Vol 28 (6) ◽

pp. 635-653

Author(s):

Miguel Ángel Díaz de León Guillén ◽

Víctor Morales-Rocha ◽

Luis Felipe Fernández Martínez

Keyword(s):

Systematic Review ◽

Cloud Service ◽

Security Threats ◽

Negative Consequences ◽

Shared Resources ◽

Sensitive Data ◽

Cloud Service Provider ◽

Software Designers ◽

Attractive Option

Among the service models provided by the cloud, the software as a service (SaaS) model has had the greatest growth. This service model is an attractive option for organizations, as they can transfer part or all of their IT functions to a cloud service provider. However, there is still some uncertainty about deciding to carry out a migration of all data to the cloud, mainly due to security concerns. The SaaS model not only inherits the security problems of a traditional application, but there are unique attacks and vulnerabilities for a SaaS architecture. Additionally, some of the attacks in this environment are more devastating due to nature of shared resources in the SaaS model. Some of these attacks and vulnerabilities are not yet well known to software designers and developers. This lack of knowledge has negative consequences as it can expose sensitive data of users and organizations. This paper presents a rigorous systematic review using the SALSA framework to know the threats, attacks and countermeasures to mitigate the security problems that occur in a SaaS environment. As part of the results of this review, a classification of threats, attacks and countermeasures in the SaaS environment is presented.

Download Full-text

Kernel-Based Machine Learning Models to Predict Mitigation Time During Cloud Security Attacks

International Journal of e-Collaboration ◽

10.4018/ijec.2021100106 ◽

2021 ◽

Vol 17 (4) ◽

pp. 75-88

Author(s):

Padmaja Kadiri ◽

Seshadri Ravala

Keyword(s):

Machine Learning ◽

Service Provider ◽

Predictive Models ◽

Cloud Service ◽

Cloud Services ◽

Security Threats ◽

Learning Models ◽

Security Attacks ◽

Cloud Service Provider ◽

Machine Learning Models

Security threats are unforeseen attacks to the services provided by the cloud service provider. Depending on the type of attack, the cloud service and its associated features will be unavailable. The mitigation time is an integral part of attack recovery. This research paper explores the different parameters that will aid in predicting the mitigation time after an attack on cloud services. Further, the paper presents machine learning models that can predict the mitigation time. The paper presents the kernel-based machine learning models that can predict the average mitigation time during security attacks. The analysis of the results shows that the kernel-based models show 87% accuracy in predicting the mitigation time. Furthermore, the paper explores the performance of the kernel-based machine learning models based on the regression-based predictive models. The regression model is used as a benchmark model to analyze the performance of the machine learning-based predictive models in the prediction of mitigation time in the wake of an attack.

Download Full-text

Secure Cloud Storage using Secret Key Sharing and Proxy Re-Encryption Based Third Party Auditing Service

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f7925.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 1927-1931

Keyword(s):

Research Work ◽

Personal Data ◽

Cloud Service ◽

Third Party ◽

Secret Key ◽

Sensitive Data ◽

Cloud Service Provider ◽

Security Issues ◽

Secure Cloud Storage ◽

Third Party Auditing

Cloud Computing (CC) provides an easy way to access and store the information by vast remote servers, instead of using personal computer. There is no physical control over personal data by user, hence some security issues may arise for users and organization to secure the data in cloud. The sensitive data can be hacked by attackers, so the integrity of data stored in cloud is a major concern for users. In this research work, the data integrity can be ensured by using Third Party Storage Auditing Service (TPSAS), where it satisfies all the requirements of users in cloud. The ultimate aim of this research is to avoid the unauthorized access of user’s data stored in the cloud. In this paper, two major problems are considered for attaining the integrity of data in the cloud. The first one is, the unauthorized user tries to modify the data, which is solved by the proposed TPSAS. The second problem considered in this research is, since the Cloud Service Provider (CSP) is semi trustable it can be malfunctioned at any time, which can be solved based on the secure secret key sharing algorithm and proxy re-encryption methodology. The secure secret key sharing is implemented based on the Shamir key sharing algorithm and the proxy re-encryption process is implemented based on the bear and lion proxy re-encryption methodology.

Download Full-text

Security Flaws and Design Issues in Cloud Infrastructure

Detection and Mitigation of Insider Attacks in a Cloud Infrastructure - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-7924-3.ch004 ◽

2019 ◽

pp. 52-61

Keyword(s):

Cloud Computing ◽

Cloud Service ◽

Vital Role ◽

Sensitive Information ◽

Cloud Infrastructure ◽

Cloud Data Center ◽

Sensitive Data ◽

Cloud Service Provider ◽

Cloud Data ◽

Malicious Intent

Information security plays a vital role in cloud computing. Sensitive information should be kept in secure mode for providing integrity and confidentiality from insiders and outsiders. An insider is an employee who has legitimate access to cloud resources which are hosted at cloud data center. They can perform malicious activities on consumer sensitive data with or without malicious intent. This security beach is obvious and the provider needs to protect from such attacks. In this chapter, insider attacks are demonstrated with empirical approach to breach consumer-sensitive data. In this chapter, the authors present the threat models where an insider can manipulate user VMs in the node controller of cloud platform. Here, they assume that cloud service provider is malicious and cloud consumer does not have any security constraints to access their cloud assets. The model described two locations in the cloud infrastructure.

Download Full-text

Solutions for Securing End User Data over the Cloud Deployed Applications

Cybersecurity Breaches and Issues Surrounding Online Threat Protection - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-1941-6.ch009 ◽

2017 ◽

pp. 198-218

Author(s):

Akashdeep Bhardwaj

Keyword(s):

Cloud Service ◽

Public Key Cryptography ◽

End Users ◽

Public Key ◽

End User ◽

Sensitive Data ◽

Cloud Service Provider ◽

User Data ◽

The Times ◽

In Transit

With more and more organizations working on the cloud over unsecure internet, sharing files and emails and saving them on cloud storage imperative. Securing the end user sensitive data in transit has thus started to get maximum priority to protect it from Cloud company staff, hackers and data thieves. In this study, an attempt is made to review the research of end user data security. There is an urgent need for solutions for end users' data protection, privacy and during the times when migrating from one Cloud service provider to other. This chapter identifies end user data challenges and issues on cloud and presents use of Public Key Cryptography, Multi Factor Authentication and use of Cloud Aware applications as possible solutions.

Download Full-text

Solutions for Securing End User Data over the Cloud Deployed Applications

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch053 ◽

2019 ◽

pp. 1030-1046

Author(s):

Akashdeep Bhardwaj

Keyword(s):

Cloud Service ◽

Public Key Cryptography ◽

End Users ◽

Public Key ◽

End User ◽

Sensitive Data ◽

Cloud Service Provider ◽

User Data ◽

The Times ◽

In Transit

Download Full-text

A Study of the Cloud Computing Adoption Issues and Challenges

Recent Advances in Computer Science and Communications ◽

10.2174/2213275911666181114142428 ◽

2020 ◽

Vol 13 (3) ◽

pp. 313-318 ◽

Cited By ~ 3

Author(s):

Dhanapal Angamuthu ◽

Nithyanandam Pandian

Keyword(s):

Cloud Computing ◽

High Performance ◽

Cloud Service ◽

Ease Of Use ◽

Modern Trend ◽

Security Issues ◽

Research Areas ◽

Data Location ◽

Broad Classification

Background: The cloud computing is the modern trend in high-performance computing. Cloud computing becomes very popular due to its characteristic of available anywhere, elasticity, ease of use, cost-effectiveness, etc. Though the cloud grants various benefits, it has associated issues and challenges to prevent the organizations to adopt the cloud. Objective: The objective of this paper is to cover the several perspectives of Cloud Computing. This includes a basic definition of cloud, classification of the cloud based on Delivery and Deployment Model. The broad classification of the issues and challenges faced by the organization to adopt the cloud computing model are explored. Examples for the broad classification are Data Related issues in the cloud, Service availability related issues in cloud, etc. The detailed sub-classifications of each of the issues and challenges discussed. The example sub-classification of the Data Related issues in cloud shall be further classified into Data Security issues, Data Integrity issue, Data location issue, Multitenancy issues, etc. This paper also covers the typical problem of vendor lock-in issue. This article analyzed and described the various possible unique insider attacks in the cloud environment. Results: The guideline and recommendations for the different issues and challenges are discussed. The most importantly the potential research areas in the cloud domain are explored. Conclusion: This paper discussed the details on cloud computing, classifications and the several issues and challenges faced in adopting the cloud. The guideline and recommendations for issues and challenges are covered. The potential research areas in the cloud domain are captured. This helps the researchers, academicians and industries to focus and address the current challenges faced by the customers.

Download Full-text

Effective Parental intervention strategies to reduce screen time among preschool-aged children: A systematic review (Preprint)

10.2196/preprints.25774 ◽

2020 ◽

Author(s):

Diana Raj ◽

Halimatus Sakdiah Minhat ◽

Nor Afiah Mohd. Zulkefli ◽

Norliza Ahmad

Keyword(s):

Systematic Review ◽

Preschool Children ◽

Young Children ◽

Screen Time ◽

Mode Of Delivery ◽

Intervention Strategies ◽

Controlled Trials ◽

Cochrane Central Register ◽

Negative Consequences ◽

Parental Intervention

BACKGROUND The increasing screen time exposure among young children in general and the reported negative consequences associated with excessive ST, calls for focused strategies to reduce ST, especially among young children. OBJECTIVE This systematic review aimed to identify effective parental intervention strategies to reduce ST among preschool children. METHODS A total of five databases, namely Cochrane Central Register of Controlled Trials, CINAHL, Medline Complete, PubMed, and Scopus, were searched for randomised controlled trials that involved intervention strategies in ST reduction among preschool children. PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analysis) guidelines were used. RESULTS A total of nine studies were assessed. The results showed that besides providing knowledge and awareness regarding ST, having restrictive practices, offering alternative activities to parents, and removal of screen from child’s bedroom were the most common strategies used by studies that reported successful intervention. Intervention duration of between six to eight weeks was sufficient to produce ST reduction. Face-to-face method was the commonest mode of delivery. Theoretical constructs that aimed at increasing parental self-efficacy, listing outcome expectations, and offering reinforcement of strategies that targeted both the parents and home environment were beneficial in reducing ST. CONCLUSIONS By offering appropriate strategies to parents, a reduction in the amount of ST was observed among the children. Future intervention studies could benefit in exploring culturally adapted strategies, especially in developing countries. Trials of higher quality would also facilitate the drawing of conclusions in future research. CLINICALTRIAL PROSPERO No: CRD42020199398

Download Full-text

Classification of Cloud Systems Cyber-security Threats and Solutions Directives

Application and Theory of Computer Technology ◽

10.22496/atct20170227147 ◽

2017 ◽

Vol 2 (3) ◽

pp. 1

Author(s):

Hanane Bennasar ◽

Mohammad Essaaidi ◽

Ahmed Bendahmane ◽

Jalel Benothmane

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Data Security ◽

Denial Of Service ◽

Security Threats ◽

Huge Number ◽

Open Problems ◽

Long Period ◽

Near Future

Cloud computing cyber security is a subject that has been in top flight for a long period and even in near future. However, cloud computing permit to stock up a huge number of data in the cloud stockage, and allow the user to pay per utilization from anywhere via any terminal equipment. Among the major issues related to Cloud Computing security, we can mention data security, denial of service attacks, confidentiality, availability, and data integrity. This paper is dedicated to a taxonomic classification study of cloud computing cyber-security. With the main objective to identify the main challenges and issues in this field, the different approaches and solutions proposed to address them and the open problems that need to be addressed.

Download Full-text

A Generic Model for Identifying QoS Parameters Interrelations in Cloud Services Selection Ontology during Runtime

Symmetry ◽

10.3390/sym13040563 ◽

2021 ◽

Vol 13 (4) ◽

pp. 563

Author(s):

Babu Rajendiran ◽

Jayashree Kanniappan

Keyword(s):

Service Providers ◽

Cloud Service ◽

Cloud Services ◽

Operating Costs ◽

Generic Model ◽

Business Organizations ◽

Cloud Environment ◽

Cloud Service Provider ◽

Qos Parameters ◽

Computer Based

Nowadays, many business organizations are operating on the cloud environment in order to diminish their operating costs and to select the best service from many cloud providers. The increasing number of Cloud Services available on the market encourages the cloud consumer to be conscious in selecting the most apt Cloud Service Provider that satisfies functionality, as well as QoS parameters. Many disciplines of computer-based applications use standardized ontology to represent information in their fields that indicate the necessity of an ontology-based representation. The proposed generic model can help service consumers to identify QoS parameters interrelations in the cloud services selection ontology during run-time, and for service providers to enhance their business by interpreting the various relations. The ontology has been developed using the intended attributes of QoS from various service providers. A generic model has been developed and it is tested with the developed ontology.

Download Full-text

Barriers to Incident Reporting among Nurses: A Qualitative Systematic Review

Western Journal of Nursing Research ◽

10.1177/0193945921999449 ◽

2021 ◽

pp. 019394592199944

Author(s):

Moataz Mohamed Maamoun Hamed ◽

Stathis Konstantinidis

Keyword(s):

Systematic Review ◽

Methodological Quality ◽

Incident Reporting ◽

Negative Consequences ◽

Incident Reporting Systems ◽

Qualitative Systematic Review ◽

Blame Culture ◽

Critical Appraisal Skills ◽

Definition Of

Incident reporting in health care prevents error recurrence, ultimately improving patient safety. A qualitative systematic review was conducted, aiming to identify barriers to incident reporting among nurses. Joanna Briggs Institute methodology for qualitative systematic reviews was followed, with data extracted using JBI QARI tools, and selected studies assessed for methodological quality using Critical Appraisal Skills Program (CASP). A meta-aggregation synthesis was carried out, and confidence in findings was assessed using GRADE ConQual. A total of 921 records were identified, but only five studies were included. The overall methodological quality of these studies was good and GRADE ConQual assessment score was “moderate.” Fear of negative consequences was the most cited barrier to nursing incident reporting. Barriers also included inadequate incident reporting systems and lack of interdisciplinary and interdepartmental cooperation. Lack of nurses’ necessary training made it more difficult to understand the importance of incident reporting and the definition of error. Lack of effective feedback and motivation and a pervasive blame culture were also identified.

Download Full-text