Abstract
Cloud computing systems are the de-facto deployments for any user data and processing requirements. Due to a wide variety of cloud systems available today, increase in the number of services provided by these systems. These services range from software-based systems to high-end hardware-based infrastructures. The wide variety attracts a lot of attention by unwanted hackers, due to which the cloud deployments are one of the most cyber attacked entities here, we review the attacks and issues of cloud computing entities namely Software as a Service (SaaS). These attacks are quantified at both micro-level and macro-level. This paper also discusses the different solutions for these attacks, identified the gaps of each solutions and recommends methods which can be adopted to further improve the discussed solutions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Liu Y, Sun YL, Ryoo J, Rizvi S, Vasilakos AV (2015) A survey of security and privacy challenges in cloud computing: solutions and future directions. In: Proceeding of 2015. The Korean institute of information scientists and engineers. ISSN: 1976–4677 eISSN: 2093–8020
Chandni M, Sowmiya NP, Mohana S, Sandhya MK (2017) Establishing trust despite attacks in cloud computing: a survey. In: Proceeding of IEEE Wisp NET 978–1–5090–4442–9
Dhondse A, Singh S (2019) Redefining cyber security with AI and machine learning. Asian J Converg Technol 5(2)
Madhusudhan R (2018) Mitigation of cross-site scripting attacks in mobile cloud environments. In: Thampi S, Madria S, Wang G, Rawat D, Alcaraz Calero J (eds) Security in computing and communications.
Jiang S, Jiang T, Wang L (2017) Secure and efficient cloud data deduplication with ownership management. IEEE Trans Serv Comput doi: https://doi.org/10.1109/TSC.2017.2771280
Munivel E, Kannammal A (2019) New authentication scheme to secure against the phishing attack in the mobile cloud computing. In: Proceeding of Hindawi security and communication networks. p 11
Malina L, Hajny J, Dzurenda P, Zeman V (2015) Privacy-preserving security solution for cloud services. Proc J Appl Res Technol 13(1):20–31
Medeiros I, Beatriz M, Neves N, Correia M (2019) SEPTIC: detecting injection attacks and vulnerabilities inside the DBMS. IEEE Trans Reliab 68(3):1168–1188. https://doi.org/10.1109/TR.2019.2900007
Gu H et al (2020) DIAVA: a traffic-based framework for detection of sql injection attacks and vulnerability analysis of leaked data. IEEE Trans Reliab 69(1):188–202. https://doi.org/10.1109/TR.2019.2925415
Sengupta N, Chinnasamy R (2015) Contriving hybrid DESCAST algorithm for cloud security. Elsevier, pp 47–56
Periasamy JK, Latha B (2020) An enhanced secure content de-duplication identification and prevention (ESCDIP) algorithm in cloud environment. Neural Comput Appl 32:485–494 https://doi.org/10.1007/s00521-019-04060-9
Ilambarasan E, Nickolas S, Mary Saira Bhanu S (2020) Attribute-based convergent encryption key management for secure deduplication in cloud. In: Pati B, Panigrahi C, Buyya R, Li KC (eds) Advanced computing and intelligent engineering, vol 1082. Springer, Singapore
Soriano-Salvador E, Guardiola-Muzquiz G SealFS: a stackable file system for tamper-evident logging
Shar LK, Briand LC, Tan HBK (2015) Web application vulnerability prediction using hybrid program analysis and machine learning. IEEE Trans Depend Sec Comput 12(6):688–707 doi: https://doi.org/10.1109/TDSC.2014.2373377
El-Booz SA, Attiya G, El-Fishawy N (2015) A secure cloud storage system combining time-based one time password and automatic blocker protocol. In: 2015 11th international computer engineering conference (ICENCO). Cairo, 188–194. https://doi.org/10.1109/ICENCO.2015.7416346
El-Booz SA, Attiya G, El-Fishawy N (2015) A secure cloud storage system combining time-based one time password and automatic blocker protocol. In: 2015 11th international computer engineering conference (ICENCO), Cairo, pp 188-194. doi: https://doi.org/10.1109/ICENCO.2015.7416346
Chen P, Qi Y, Hou D (2019) CauseInfer: automated end-to-end performance diagnosis with hierarchical causality graph in cloud environment. IEEE Trans Serv Comput 12(2):214–230. doi: https://doi.org/10.1109/TSC.2016.2607739
Yuan H, Chen X, Li J, Jiang T, Wang J, Deng R (2019) Secure cloud data deduplication with efficient re-encryption. IEEE Trans Serv Comput doi: https://doi.org/10.1109/TSC.2019.2948007
Shen J, Deng X, Xu Z (2019) Multi-security-level cloud storage system-based on improved proxy re-encryption. J Wireless Commun Netw 2019:277. https://doi.org/10.1186/s13638-019-1614-y
Cheng Y, Du Y, Peng J, Fu J, Liu B (2019) Trusted secure accessing protection framework-based on cloud-channel-device cooperation. In: Yun X, et al (eds) Cyber Security. CNCERT 2018. Communications in computer and information science, vol 970. Springer, Singapore
Fremantle P, Aziz B (2018) Cloud-based federated identity for the Internet of Things. Ann Telecommun 73:415–427. https://doi.org/10.1007/s12243-018-0641-8
Rawal BS, Vijayakumar V, Manogaran G et al (2018) Secure disintegration protocol for privacy preserving cloud storage. Wireless Pers Commun 103:1161–1177. https://doi.org/10.1007/s11277-018-5284-6
Ajay DM (2019) Umamaheswari E packet encryption for securing real-time mobile cloud applications. Mobile NetwAppl 24:1249–1254. https://doi.org/10.1007/s11036-019-01263-1
Zhang S, Meng X, Wang L, Xu L, Han X (2018) Secure virtualization environment-based on advanced memory introspection. In: Proceeding of Hindawi security and communication networks, vol 2018, p 16 https://doi.org/10.1155/2018/9410278
Li G, Wu J, Li J, Wang K, Ye T (2018) Service popularity-based smart resources partitioning for fog computing-enabled industrial internet of things. IEEE Trans Indus Inform 14(10):4702–4711. https://doi.org/10.1109/TII.2018.2845844
Hu Z, Chen H, Shen W (2019) An efficient and provably secure anonymous user authentication and key agreement for mobile cloud computing. In Proceeding of Hindawi wireless communications and mobile computing, vol 2019, p 12. https://doi.org/10.1155/2019/4520685
Taek-Young Y, Nam-Su J, Rhee KH, Sang US (2019) Authorized client-side deduplication using CP-ABE in cloud storage. In: Proceeding Hindawi wireless communications and mobile computing vol 2019, p 11. https://doi.org/10.1155/2019/7840917
Hsu K, Chiang Y, Hsiao H (2019) SafeChain: securing trigger-action programming from attack chains. IEEE Trans Inform Forensics Secur 14(10):2607–2622. https://doi.org/10.1109/TIFS.2019.2899758
Xiao Y, Zhang X, Zhang Y, Teodorescu R (2016) One bit flips, one cloud flops: cross-VM row hammer attacks and privilege escalation. In: Proceeding of the 25th USENIX security symposium. Austin, TX, ISBN 978–1–931971–32–4
MartÃnez S, Cosentino V, Cabot J, Cuppens F (2013) Reverse engineering of database security policies. In: H. Decker, Lhotská L, Link S, Basl J, Tjoa AM (eds) Database and expert systems applications. DEXA 2013. Lecture Notes in Computer Science, vol 8056. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40173-2_37
Talha AM, Kamel I, Al Aghbari Z (2019) Facilitating secure and efficient spatial query processing on the cloud. IEEE Trans Cloud Comput 7(4):988–1001. doi: https://doi.org/10.1109/TCC.2017.2724509.
Mall S, Saroj SK (2018) A new security framework for cloud data. In: Proceeding of 8th international conference on advances computing and communication (ICACC-2018)
Hyseni D, Luma A, Selimi B, Cico B (2018) The proposed model to increase security of sensitive data in cloud computing. In Proceeding of the (IJACSA) international journal of advanced computer science and applications, vol. 9
Silva LV, Barbosa P, Marinho R et al (2018) Security and privacy aware data aggregation on cloud computing. J Internet Serv Appl 9:6. https://doi.org/10.1186/s13174-018-0078-3
Pu Y, Luo J, Hu C, Yu J, Zhao R, Huang H, Xiang T (2019) Two secure privacy-preserving data aggregation schemes for IoT. In: Proceding of Hindawi wireless communications and mobile computing, vol 2019, p 3985232 https://doi.org/10.1155/2019/3985232
Soriano Salvador E, Guardiola-Muzquiz G (2021) SealFS: A Stackable File System for Tamper-evident Logging. ETSIT, Rey Juan Carlos University, Madrid, Spain
Rejin PR, Paul RD (2019) Verification of data integrity and cooperative loss recovery for secure data storage in cloud computing. Cogent Eng 6(1):1654694
Kirdat N, Mokal N, Mokal J, Parkar A, Shahabade RV et al (2018) Data leakage detection and file monitoring in cloud computing. Int J Adv Res Ideas Innov Technol 4(2018):859–866
Huang X, Lu Y, Li D, Ma M (2018) A novel mechanism for fast detection of transformed data leakage. IEEE Access 6:35926–35936. https://doi.org/10.1109/ACCESS.2018.2851228
Xu S, Yang G, Mu Y, Deng RH (2018) Secure fine-grained access control and data sharing for dynamic groups in the cloud. IEEE Trans Inform Forensics Secur 13(8):2101–2113. https://doi.org/10.1109/TIFS.2018.2810065
Roy S, Das AK, Chatterjee S, Kumar N, Chattopadhyay S, Rodrigues JJPC (2019) Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing-based healthcare applications. IEEE Trans Indus Inform 15(1):457–468. https://doi.org/10.1109/TII.2018.2824815
Punto Gutierrez J, Lee K (2018) SDN-based DoS attack detection and mitigation system for cloud environment. In: Proceeding of international journal of computer systems (ISSN: 2394–1065), vol 05. http://www.ijcsonline.com/
Shyamala R, Prabakaran D (2018) A survey on security issues and solutions in virtual private network. Int J Pure Appl Math 119(15):3115–3122
Ravi Kumar P, Herbert Raj P, Jelciana P (2017) Exploring security issues and solutions in cloud computing services—a survey. In: Cybernetics and information technologies, vol. 4, Sofia, Print ISSN: 1311–9702; Online ISSN: 1314–4081. doi: https://doi.org/10.1515/cait-2017-0039
Dong Z, Luo F, Gaoqi L (2018). Blockchain: a secure, decentralized, trusted cyber infrastructureSolution for future energy systems. J Mod Power Syst Clean Energy 6(5):958 967. https://doi.org/10.1007/s40565-018-0418-0
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Shaikh, A.H., Meshram, B.B. (2022). Cloud Attacks and Defence Mechanism for SaaS: A Survey. In: Balas, V.E., Semwal, V.B., Khandare, A. (eds) Intelligent Computing and Networking. Lecture Notes in Networks and Systems, vol 301. Springer, Singapore. https://doi.org/10.1007/978-981-16-4863-2_4
Download citation
DOI: https://doi.org/10.1007/978-981-16-4863-2_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-4862-5
Online ISBN: 978-981-16-4863-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)