Content uploaded by Kamal Upreti
Author content
All content in this area was uploaded by Kamal Upreti on Dec 01, 2021
Content may be subject to copyright.
An investigation of security risk & taxonomy
of Cloud Computing environment
Abhishek Sharma1
1Institute of Computer Science
Vikram University
Ujjain, India
abhiujn9@gmail.com
Kamal Upreti3
3Department of Information Technology
Dr. Akhilesh Das Gupta Institute of Technology &
Management, Delhi, India
kamal.upreti@adgitmdelhi.ac.in
Umesh Kumar Singh2
2Institute of Computer Science
Vikram University
Ujjain, India
umeshsingh@rediffmail.com
Dharmendra Singh Yadav 4
4National Informatics Center
District Unit
Ujjain, India
yadav.ds@nic.in
Abstract-Since the inception of this new technology,
inclusion of cloud computing in IT sectors has grown
in popularity. This is a new movement in industrial
technology that will continue to expand and develop
their competency in the coming years. Because of
numerous advantages of cloud computing over
traditional computing, most businesses are fast
switching to it. As per one of the report published by
IBM in 2020 the average cost for a data breach place
3.8 million dollar. 1001 data breaches are came in to
the figure in United States alone in 2020. More and
more security issues and challenges are swelling with
the growth in the complexity of this technology. So, to
enable the proper security wheels with the services
hosted by the CSPs is the leading concern. The motive
here is to investigate security vulnerabilities &
challenges of the cloud-computing environment which
further provide an ease to applications deployment. It
also present a taxonomy of various building blocks of
Cloud Computing platform.
Keywords: Cloud Computing Platform, Security
Vulnerability, Taxonomy, Data breaches, Security
Threats.
I. INTRODUCTION
High flexibility and scalability in organizational
resources for meeting exceptional reliability, peak
time demand, and asset availability may be used at
any time, from anywhere, with zero cost for
managing and installing the h/w & s/w infrastructure
are the key benefits of cloud computing. The
availability of infrastructure 24hours a day, seven-
days a week is a basic requirement for commercial
and government organizations to meet and execute
e-Government with minimal downtime. Cloud
computing should be the suitable answer for e-
Government applications because they may expect
an uninterrupted supply of internet bandwidth,
storage, and CPU during various services and
operations. Cloud computing refers to the delivery
of applications, platforms, and infrastructure as
services on the Internet, hardware, and software at
datacenters that are accountable for these services
[1].
As per one of the report by Source: 451,
published in 2019 more than 90% of companies are
working over the cloud. Handling security of
establishment’s private cloud & controlling the
actions of Cloud Service Provider can sound become
an important task? That’s why, Security is a leading
concern if an enterprise share their critical
information to geologically discrete cloud
platforms.
A Cloud Services Providers (CSP) are supposed
to control over computing system infrastructure,
when the enterprise migrates to consuming public
cloud-services. Hence, such establishments may
lose command over how they protect their
computing and they may be worried with the
respective confidentiality and safety as the novel
technology is a main source of novel vulnerabilities.
II. RELATED WORK
A cloud model, according to NIST [2], consists
of three service models, four implementation
models, and five basic features, or a 3-4-5 reference
model. Each service model caters to a different set
of business requirements. SaaS is the first of three
major service models, followed by PaaS and IaaS.
Software as a service (SaaS) offers software that
may be accessed via the internet. PaaS (platform as
a service) provides users with a cloud-based
foundation for structuring and delivering
applications. Infrastructure as a service (IaaS)
delivers infrastructure say for example memory
devices, networking, servers & additional services
on demand and via the internet [3].
There are four basic deployment modes, as per
the NIST's widely accepted designation of cloud
computing: public, private, hybrid, and community
deployments. Broad-network-access is the first key
attributes of cloud computing, which signifies that
capabilities are offered across a network and
retrieved using standard processes that allow
heterogeneous thin and thick client systems for
usage.
The second feature is On Demand Self-service,
means instead of going via an IT department, the
customer does all of the necessary steps to receive
the service.
Using a multi-tenant approach, the CSP's
computing assets are collective to serve several
clients, with unique assets constantly allocated and
redistributed based on customer demand. As a result,
the third attribute is resource pooling.
The fourth feature is rapid elasticity, which
mentions the capability to be elastically supplied and
free to scale outside and inner with veneration on
demand, sometimes automatically.
The fifth is measuring services, which implies
Cloud structures use a metering skill at a level of
abstraction fitting for the sorts of services to
dynamically manage and limit resource use, such as
memory devices, processing, bandwidth, & active
customer account, among other things. Apart from
the models, the computing cloud is dominated by
four cloud actors: cloud provider, consumer, carrier,
and auditor [4].
Personal information (social security numbers,
personal messages, credit card information, and
addresses) as well as commercial information could
be taken. In the existing scenario, the cloud
consumer, which could be a service or data owner,
must totally rely on the service provider for
information security and privacy [11].
In [13], author discuss about the security issues
threats and taxonomy related to cloud computing.
The classification of security issues related with SPI
Model is also required especially for the deployment
of e-educational cloud in university Domain. Users
lose control of their data when it is kept on a cloud
server, which leads to problems like data breaches
[14].
Identity management of cloud users is one of
numerous challenges with cloud computing,
including cloud user administration, multi-tendency
support, and application security [15]. During the
literature review various taxonomies and
categorization of security issues and challenges was
presented. Most of them are based on either
traditional network or cloud infrastructure [16-20].
But still there is a scope to revise the taxonomy
which should be based on the integrated approach
and include both the SPI model of cloud computing
as well as the traditional network security issues.
The authors of [21] look at the three-level cross-
space design and offer a method for de duplicating
large amounts of data in data systems that is both
effective and secure.
The author utilizes an N-stage Arnold
Transformation to safely validate the claim of the
so-called genuine user in [22], which differs from
traditional techniques by using a fingerprinting as
the biometric feature. The experiments were
compared to current benchmark methodologies,
with improved results in terms of identifications,
false detection accuracy & other metrics.
In [23], the author discusses a methodology
aimed at determining the best policy for
withdrawing a VRS Scheme, taking into
interpretation the probability of a retirement query
being accepted, the cost of declaring a VRS scheme,
and the charge to the establishment of one-time
particular payouts to those who retire during
timeframe.
With the aid of 5 classification algorithms and 9
datasets, the author analyzed and assessed for
accuracy, attack resistance, scalability, and
efficiency in [24].
The author of [25] proposed a framework called
the MC-SVM that is put out in the study to design
workflow development in the cloud model. The
cloud task arrangement provides an arrangement for
establishing work flows using named entity
recognition utilizing the MC-SVM.
The authors [26] also offer an overview to
review recent research contributions on cloud
computing and the Internet of Things (IoT) and their
uses in our surroundings, & future research areas
with actual worries about cloud computing's
incorporation to IoT. It discusses IoT and cloud
computing, cloud-compatible issues and computing
approaches which may help IoT applications make a
smooth transfer to cloud.
In [27], the author focuses on and investigates
the security problems that cloud businesses, such as
cloud providers, data owners, and cloud users,
confront. It aimed to demonstrate the numerous
security issues, vulnerabilities, assaults, and dangers
that stymie cloud services acceptance.
In [28, the author does an analytical research to
look into the obstacles and solutions used by Cloud
Computing to help IoT applications migrate to the
cloud safely.
The author of [29] describes the intelligent
collecting process of the IoT, which is the technical
basis of the given method, and introduces the
primary data encryption technique. The network
security transmission technology is used to evaluate
and create diverse integrated system strategic
planning methods, as well as to gather and retrieve
every assets in heterogeneous integrated networks.
The Cloud computing model is as follows
(Source: NIST):
Fig. 1: Cloud Computing Reference Model
III. PROPOSED METHODOLOGY FOR
INVESTIGATION OF CLOUD
COMPUTING SECURITY ISSUES &
CHALLENGES
A. Cloud Computing experimental Setup
The experiment was prepared using open source
or cloud service provider. The steps required to
setup a cloud platform and deploy an application
like LMS for university academics activities is as
follows [4-8]:
Step 1: In first step the experimental setup for cloud
computing environment (virtualized data center) is
established for SPI models. Multiple servers with
VTX enabled technology is used to setup hypervisor
type 1& 2.
Step 2: After virtual machines installation, cloud
computing experimental setup will be establish
using OSS like Openstack, Oracle VM virtualbox or
Owncloud.
Step 3: Using cloud hosting server, open source
LMS like moodle are configure.
Step 4: Scanners like Nessus, Nmap, IBM QRadar
or InsiteVM (Nexpose) and Acunetix can be used
for getting vulnerability of the system and kali Linux
can be used for Penetration testing of cloud
platform. Here Nessus (Tenable) is used &
configured for getting the vulnerabilities.
Step 5: Investigate the results after getting the
vulnerabilities using multiple parameters like CVSS
Score, no. of open ports,
Step 6: Perform Ranking of Vulnerability on the
basis of Severity / CVSS Score.
The multilayered architecture of cloud
computing platform is represented in figure 2:
Fig. 2: Experimental Setup for Investigation of Cloud
Computing environment
Open stack platform is one of them which have
to be evaluated through the study [7-9]. Cloud
computing layered model is very significant with the
intentions to offer assistances for smaller direct
investing in assets during deployment, greater scale-
up, lesser functional expenses, easiness of access
over the Web, decreased commercial risks and
maintenance expenditures. Infrastructure layer
consists of compute processor, block storage,
network whereas platform layer includes runtime,
OS, queue, database, object storage, identity
Management Services and the application layer
incorporates various apps like LMS, monitoring,
CMS, communication, finance applications,
collaboration, CRM and many more.
Various cloud actors like cloud provider, cloud
user, cloud auditor & cloud carrier participate in two
way communication with the help of various devices
like external server, desktop, laptop, phones, tablet
device, IoT device and software APIs.
In order to investigate the security issues
following open source platforms are used for
building a cloud based experimental setup, the list of
OSS are as follows. It is required to setup some
application over the cloud experimental setup like
LMS, CRM, CMS [4] etc.
On the basis of the experimental setup & the
deployed application it will be useful to record the
various parameters related to the performance &
security. The architecture of E-educational Cloud of
Institute of Computer Science is used with
vulnerability scanner & penetration testing server
(cloud user-2) as follows:
Fig. 3: E-educational Cloud datacenter of Institute of
Computer Science
B. Results Analysis & Discussion
Before deploying cloud computing-based
applications, a security risk assessment in terms of
vulnerabilities must be completed. IT experts use the
SPI model to implement specific business processes
in order to meet business requirements. As per
proposed methodology the real-time experiment was
performed for getting the vulnerabilities of ICS E-
Educational cloud. The investigation of the security
risk in terms of vulnerabilities are:
Fig. 4a: Cloud Virtual Server & network Vulnerabilities of ICS
E-Educational Cloud
As per the results 71 Vulnerabilities found
related to the three major resources involved in
cloud computing. It was observed that 9 are critical,
28 are high, 53 are medium, 2 low and 157 are info.
Fig. 4b: Cloud Virtual Server & network Vulnerabilities of ICS
E-Educational Cloud
The major identified vulnerabilities are
classified as per three severity level critical, high &
medium on the basis of cvssv2.0 base score. Out of
93 vulnerabilities, 8 in 2021, 13 in 2020, 21 in 2019
and 45 from 2016 to 2018 are published publicly.
The results are as shown in table 1:
TABLE I: VULNERABILITIES & THEIR RESPECTIVE
SEVERITY
Vulnerability
CVSS Score
Priority
Vulnerability
CVSS Score
Priority
CVE-2019-9517
7.8
1
CVE-2020-8616
5.0
10
CVE-2016-6515
7.8
1
CVE-2021-25215
5.0
10
CVE-2017-3167
7.5
2
CVE-2021-31618
5.0
10
CVE-2017-3169
7.5
2
CVE-2016-0736
5.0
10
CVE-2017-7668
7.5
2
CVE-2016-2161
5.0
10
CVE-2017-7679
7.5
2
CVE-2016-8740
5.0
10
CVE-2021-
26691
7.5
2
CVE-2016-8743
5.0
10
CVE-1999-0511
7.5
2
CVE-2019-0196
5.0
10
CVE-2015-8325
7.2
3
CVE-2019-0220
5.0
10
CVE-2017-3141
7.2
3
CVE-2015-2808
5.0
10
CVE-2019-0211
7.2
3
CVE-2017-15906
5.0
10
CVE-2020-
35452
6.8
4
CVE-2020-1934
5.0
10
CVE-2020-8625
6.8
4
CVE-2021-20254
4.9
11
CVE-2017-9788
6.4
5
CVE-2019-0197
4.9
11
CVE-2019-
10082
6.4
5
CVE-2019-10092
4.3
12
CVE-2019-
14870
6.4
5
CVE-2018-5743
4.3
12
8
0
6
2
12
20
0
1
74
77
0 20 40 60 80 100
Cloud Vulnerabilities
Cloud Network Vulnerabilities
Vulnerability Percentage
Cloud Servers & Cloud network Vulnerabilities
(%)
Info Low Medium High Critical
CVE-2019-
10097
6.0
6
CVE-2020-8623
4.3
12
CVE-2018-
16860
6.0
6
CVE-2016-6329
4.3
12
CVE-2019-0215
6.0
6
CVE-2016-9778
4.3
12
CVE-2019-0217
6.0
6
CVE-2017-3136
4.3
12
CVE-2019-
10098
5.8
7
CVE-2016-4975
4.3
12
CVE-2020-1927
5.8
7
CVE-2020-11985
4.3
12
CVE-2019-
14902
5.5
8
CVE-2016-6210
4.3
12
CVE-2016-5387
5.1
9
CVE-2017-3140
4.3
12
CVE-2017-9789
5.0
10
CVE-2011-3389
4.3
12
CVE-2019-
10081
5.0
10
CVE-2013-2566
4.3
12
CVE-2017-7659
5.0
10
CVE-2016-1546
4.3
12
CVE-2019-
17567
5.0
10
CVE-2016-2775
4.3
12
CVE-2020-
13950
5.0
10
CVE-2017-3135
4.3
12
CVE-2021-
26690
5.0
10
CVE-2017-3142
4.3
12
CVE-2021-
30641
5.0
10
CVE-2017-3143
4.3
12
CVE-2006-0987
5.0
10
CVE-2018-11763
4.3
12
CVE-2016-2183
5.0
10
CVE-2019-6465
4.3
12
CVE-2017-3145
5.0
10
CVE-2018-5741
4.0
13
CVE-2016-4979
5.0
10
CVE-2019-14847
4.0
13
CVE-2016-9131
5.0
10
CVE-2020-14318
4.0
13
CVE-2016-9147
5.0
10
CVE-2020-14383
4.0
13
CVE-2016-9444
5.0
10
CVE-2020-8622
4.0
13
CVE-2017-3137
5.0
10
CVE-2021-25214
4.0
13
CVE-2017-3145
5.0
10
CVE-2021-25214
4.0
13
CVE-2017-9798
5.0
10
CVE-2019-19344
4.0
13
CVE-2018-1333
5.0
10
CVE-2017-3138
3.5
14
CVE-2018-
17189
5.0
10
CVE-2019-14861
3.5
14
CVE-2018-
17199
5.0
10
CVE-2019-14907
2.6
15
CVE-2018-5740
5.0
10
CVE-2020-13938
2.1
16
CVE-2018-8011
5.0
10
CVE-2020-14323
2.1
16
CVE-2019-0190
5.0
10
As a results of the investigation, the type of
vulnerabilities are exposed & their distribution is
represented as below:
Fig. 5: Vulnerability Distribution & its Types
During the investigation of findings in terms of
vulnerabilities, the ranking is performed through the
assignment of pool vice priority to all of them. The
priority of each pool is assign on the basis of their
respective CVSS Scores. The security parameters
involve for prioritization or ranking of
vulnerabilities are as listed:
a) Attack vector
b) Complexity of Attack
c) Required Privileges
d) User Interaction
e) Scope
f) Confidentiality Impact
g) Integrity impact
h) Availability Impact
Future Work: On the basis of the above results,
it can be concluded that the number of
vulnerabilities found and investigated are required
to assign priority on the basis of the identified
parameters and as per the recommendation of the
cloud consumer. All the investigated vulnerabilities
are almost impossible to mitigate before the
deployment of an application over the cloud for any
customer for cloud service providers. Hence,
vulnerability assessment and analysis are also
mandatory to perform. So as a future work, an
adaptive, responsive and continuous risk assessment
& analysis Framework or methodology should be
proposed which helps the cloud customer and cloud
provider for or mitigation of vulnerabilities and
enhancing the security level.
C. Cloud Computing (CC) specific vulnerabilities
& threats
Vulnerability refers to the possibility that a
resource will be unable to withstand a threat
agency's movements. Vulnerability emerges as a
result of the disparity between the threat agent's
power and the entity's ability to withstand that
strength. Like all other technology cloud is also
having vulnerabilities and the major cause of risk.
The following are the vulnerabilities specific to
Cloud Computing (CC):
(i) Core Cloud Technology Vulnerabilities.
(ii) Cloud Storage misconfiguration.
(iii) Insecure Application Programming Interfaces.
(iv) Intellectual property (IP) Loss or Theft.
(v) Compliance Violations & Regulatory Actions.
(vi) Loss of Control over End User Activities.
(vii) Deficient Management of user Access.
16
4
1
3
2
1
1
4
61
020 40 60 80
Denial Of Service
Bypass a restriction or similar
Cross Site Scripting
Obtain Information
Execute Code
Gain privileges
Http response splitting
Overflow
Others
No. of Vulnerabilities
Types
Vulnerability Distribution & its Types
(viii) Breaches with Clients or business Associates
beyond SLA.
(ix) Defects in Known Security Controls.
(x) Essential Cloud Characteristic Vulnerabilities.
(xi) Multi-tenancy Failures.
(xii) Cloud migration vulnerabilities.
(xiii) Compromised CSP supply chain.
The cloud infrastructure, which is made up of a
large number of hardware and software components,
is exposed to a variety of attacks, both old and new.
Threats to system security are defined as capabilities
that cause significant harm to the system. Attacks
against the computing environment, networking,
and other communication infrastructures are
possible outcomes of this threat. Viruses, Trojan
horses, back doors, and direct hacker attacks are
examples of malware. Because each type of public,
private, or hybrid cloud offers a configurable
architecture for streamlined management and cost
efficiency, data privacy and software security are
becoming increasingly important issues. Cloud
specific top threats are (Source: CSA):
Fig. 6: Top Cloud Computing Threats
IV. PROPOSED TAXONOMY OF CLOUD
COMPUTING SECURITY ISSUES
Before hosting the E-governance application or
requirement specific applications over the cloud, it
is required to perform investigation of security
issues and challenges of the experimental setup.
Here the investigation is performed on the basis of
SPI model. During the investigation of various
issues and security challenges are observed and it
helps in the formulation of different types of
taxonomies related with security issues which
further help in analysis of vulnerabilities, threat and
attacks. The cloud computing security issues are
classified into six categories. The cloud security
issues, challenges & taxonomy is represented in
figure 7:
Fig. 7: The cloud security issues, challenges & proposed
taxonomy
The first three category is based on the SPI
model of cloud computing which specify IaaS, Paas
& SaaS specific security issues. IaaS specific
security issues includes challenges related to
hypervisor, virtual machine and physical hardware
security. Whereas in the PaaS specific security
issues the challenges related with the operating
system and multi Tenancy at the level of desktop,
server, network & mobile OS are included. The
application level challenges like web server, license
management, secure programming using SDLC,
apps elasticity, security configuration of web
applications and web application vulnerabilities are
included in in SaaS specific security issues.
The forth categories is related with network and
access management issues Which include the
challenges related with IAM, multi cloud
interaction, service hijacking, security
misconfiguration, IP vulnerabilities, RPC, VPN &
FTP issues, QOS, firewall configuration &
malicious insiders.
The fifth category represent the security issues
and challenges related with the cloud data storage.
Compliance, standard and regulatory associated
security issues are represented in sixth category. The
classification of security issues and taxonomy plays
very important role especially for the CSPs and
brokers to create transparency during the security
policy implementation under the umbrella of shared
responsibility model of cloud computing. It also
create transparency among the various cloud actors.
Cloud is a superset of technologies, procedures,
manpower, and business builds.
V. RESEARCH CHALLNGES AND
LIMITATIONS
Despite the fact that cloud computing is a
relatively new concept. Cloud computing research is
still in its primary phases. Many concerns remain
unresolved, and new difficulties emerge on a daily
basis in every business.
The major Cloud Computing research challenges
are Cloud data processing and security, data
encryption, migration of VM, IAM, multi-tenancy,
and service level agreements (SLAs), uninterrupted
availability of service & dependability etc. Apart
from this to offer the better security level for zero
day protection and mitigation together with
continuously assess the vulnerabilities known and
unknown is the biggest challenge for cloud
environment.
To identify and mitigate the real time attacks or
intrusions are the most important challenges for
CSPs. As per the recent analysis reports of cyber-
crimes, it was found that the data breaches occurs
due to the misconfiguration of cloud services, so to
provide proper product knowledge and training to
their customer regarding service usage is again the
big challenge.
When companies transfer their IT infrastructure
to the cloud, they face a variety of challenges. In
comparison to the cost of operating a separate IT
infrastructure, SMEs may forgo some of the pains of
these hurdles by embracing cloud. A perfect trade-
off between costs and advantages can assist SMEs
in making an informed decision about cloud
computing adoption. Cloud adaptation due to
privacy & security causes are the primary concern &
limitation.
VI. CONCLUSION
The cloud computing paradigm is one of the
most promising models for computational services
for cloud actors such as CSPs and cloud customers.
Based on the findings, it is apparent that
investigating security vulnerabilities is the most
critical duty and should be given top attention.
However, in order to get the most out of the model,
existing security flaws must be addressed. The
technologies being deployed, like as virtualization
and SOA, are causing some of the security
vulnerabilities. Security management is required to
govern and manage such a huge number of needs
and regulations.
The analysis of important security risks and
challenges associated with cloud computing
environments is presented in this research. The
sources of cloud-specific vulnerabilities are also
addressed, which aids in the discovery and analysis
of security risks. A taxonomy of security risks and
obstacles is also presented, which would be very
beneficial for various cloud players involved in the
shared responsibility model before deploying any
cloud-based application using the SPI paradigm. In
the future, risk assessment and analysis can be done
utilizing vulnerabilities to secure the cloud from
invaders. REFERENCES
[1] Ministry of Electronics & Information Technology,
Government of India, “Digital India Programme,” 2014
http://www.digitalindia.gov.in (accessed February 24, 2017)
[2] NIST U.S. Department of Commerce, “NIST Cloud
Computing Program – NCCP,” 2010, https://
www.nist.gov/programs-projects /nist-cloud-computing-
program-nccp (accessed March 10, 2018)
[3] Y. Amanatullah, C. Lim, H. P. Ipung and A. Juliandri,
"Toward cloud computing reference architecture: Cloud service
management perspective," International Conference on ICT for
Smart Society, Jakarta, 2013, pp. 1-4,
https://doi.org/10.1109/ICTSS.2013.6588059.
[4] Abhishek Sharma & Dr. Umesh Kumar Singh, “Deployment
model of e-educational cloud for departmental academics
automation using open source,” HTL Journal, 2021, Volume 27,
issue 5, 36, ISSN 1006-6748.
https://doi.org/10.37896/HTL27.5/3535
[5] R.Lakshminarayanan, B.Kumar and M.Raju,Cloud,
“Computing Benefits for Educational Institutions,” Information
Security and ComputerFraud,2014, vol.2,no.1, pp.5-9.
[6] Sefraoui, Omar & Aissaoui, Mohammed & Eleuldj, Mohsine,
“OpenStack: Toward an Open-Source Solution for Cloud
Computing,” International Journal of Computer Applications,
2012, 55. 38-42, https:// doi.org /10.5120 /8738-2991.
[7] Ananthi Claral Mary.T, Dr.Arul Leena Rose.P.J.,
“Implications, Risks And Challenges Of Cloud Computing In
Academic Field – A State-Of-Art,” International Journal of
Scientific & Technology Research, 2019, Volume 8, Issue 12,
ISSN 2277-8616
[8] Yadav, Sonali, “Comparative Study on Open Source Software
for Cloud Computing Platform: Eucalyptus, OpenStack and
OpenNebula,” Research Inventy: International Journal of
Engineering Science, 2013, 3. 51.
[9] CloudStack, Accessed on: Dec. 13, 2020. [Online]. Available:
https://cloudstack.apache.org/
[10] Open Nebula, Accessed on: Dec. 15, 2020. [Online].
Available: URL: http://opennebula.org/
[11] S. Basu et al., “Cloud computing security challenges &
solutions-a survey,” IEEE 8th Annual Computing and
Communication Workshop and Conference (CCWC), 2018, pp.
347–356.
[12] Shiraz, Muhammad & Abolfazli, Saeid & Sanaei, Zohreh &
Gani, Abdullah, “A study on virtual machine deployment for
application outsourcing in mobile cloud computing,” The Journal
of Supercomputing, 2013, 63. https://doi.org/10.1007/s11227-
012-0846-y.
[13] Singh, Saurabh & Jeong, Young-Sik & park, Jong. (2016).
A Survey on Cloud Computing Security: Issues, Threats, and
Solutions. Journal of Network and Computer Applications. 75.
https://doi.org/10.1016/j.jnca.2016.09.002.
[14] T. Mather, S. Kumaraswamy, and S. Latif, “Cloud security
and privacy: an enterprise perspective on risks and compliance,”
O‘Reilly Media, Inc., 2009.
[15] K. Karthiban and S. Smys, “Privacy preserving approaches
in cloud computing,” 2nd International Conference on Inventive
Systems and Control (ICISC), 2018, pp. 462–467
[16] Mohd Talmizie Amron, Roslina Ibrahim, Suriayati Chuprat,
“A Review on Cloud Computing Acceptance Factors,” Procedia
Computer Science, Volume 124, 2017, Pages 639-646, ISSN
1877-0509, https://doi.org/10. 1016/j.procs.2017.12.200.
[17] Jose Moura, David Hutchison, “Review and Analysis of
Networking Challenges in Cloud Computing, Journal of Network
and Computer Applications,” vol. 60, pp. 113-129, 2016,
https://doi.org/10.1016/j.jnca.2015 .11.015
[18] Ahmed Aliyu, Abdul Hanan Abdullah, Omprakash
Kaiwartya, Yue Cao, Mohammed Joda Usman, Sushil Kumar, D.
K. Lobiyal & Ram Shringar Raw, “Cloud Computing in
VANETs: Architecture, Taxonomy, and Challenges,” IETE
Technical Review, 2018, 35:5, 523-547.
https://doi.org/10.1080/02564602.2017.1342572
[19] R. Barona and E. A. M. Anita, "A survey on data breach
challenges in cloud computing security: Issues and threats," 2017
International Conference on Circuit, Power and Computing
Technologies (ICCPCT), 2017, pp. 1-8,
https://doi.org/10.1109/ICCPCT.2017.8074287.
[20] Khalil, Issa & Khreishah, Abdallah & Azeem, Muhammad,
“Cloud Computing Security: A Survey,” Computers, 2014, 3. 1-
35. https://doi.org/10.3390/computers3010001
[21] Adithya, M., P. G. Scholar, and B. Shanthini. “Security
Analysis and Preserving Block-Level Data DE-duplication in
Cloud Storage Services.” Journal of trends in Computer Science
and Smart technology (TCSST) 2, no. 02 (2020): 120-126.
[22] Manoharan, J. Samuel. “A Novel User Layer Cloud Security
Model based on Chaotic Arnold Transformation using
Fingerprint Biometric Traits.” Journal of Innovative Image
Processing (JIIP) 3, no. 01 (2021): 36-51.
[23] Thilaka, B., Janaki Sivasankaran, and S. Udayabaskaran.
“Optimal Time for Withdrawal of Voluntary Retirement Scheme
with a Probability of Acceptance of Retirement Request” Journal
of Information Technology 2, no. 04 (2020): 201-206.
[24] Haoxiang, Wang, and S. Smys. “Big Data Analysis and
Perturbation using Data Mining Algorithm” Journal of Soft
Computing Paradigm (JSCP) 3, no. 01 (2021): 19-28.
[25]Haoxiang, Wang, and S. Smys. “MC-SVM Based Work Flow
Preparation in Cloud with Named Entity Identification.” Journal
of Soft Computing Paradigm (JSCP) 2, no. 02 (2020)
[26] Abdulkareem, Nasiba & Zeebaree, Subhi & M.Sadeeq,
Mohammed & Ahmed, Dindar & Sami, Ahmed & Zebari, Rizgar.
(2021). IoT and Cloud Computing Issues, Challenges and
Opportunities: A Review. 1. 1-7. 10.48161/qaj.v1n2a36.
[27] Tabrizchi, H., Kuchaki Rafsanjani, M. A survey on security
challenges in cloud computing: issues, threats, and solutions. J
Supercomput 76, 9493–9532 (2020).
https://doi.org/10.1007/s11227-020-03213-1
[28] I. Mohiuddin and A. Almogren, "Security Challenges and
Strategies for the IoT in Cloud Computing," 2020 11th
International Conference on Information and Communication
Systems (ICICS), 2020, pp. 367-372, doi: 10.1109/ICICS49469
.2020. 239563.
[29] L. Ding, Z. Wang, X. Wang, and D. Wu, "Security
information transmission algorithms for IoT based on cloud
computing," Computer Communications, vol. 155, pp. 32-39,
2020.