Skip to main content
SpringerLink
Log in

Cloud Attacks and Defence Mechanism for SaaS: A Survey

  • Conference paper
  • First Online:
Intelligent Computing and Networking

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 301))

Abstract

Cloud computing systems are the de-facto deployments for any user data and processing requirements. Due to a wide variety of cloud systems available today, increase in the number of services provided by these systems. These services range from software-based systems to high-end hardware-based infrastructures. The wide variety attracts a lot of attention by unwanted hackers, due to which the cloud deployments are one of the most cyber attacked entities here, we review the attacks and issues of cloud computing entities namely Software as a Service (SaaS). These attacks are quantified at both micro-level and macro-level. This paper also discusses the different solutions for these attacks, identified the gaps of each solutions and recommends methods which can be adopted to further improve the discussed solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Liu Y, Sun YL, Ryoo J, Rizvi S, Vasilakos AV (2015) A survey of security and privacy challenges in cloud computing: solutions and future directions. In: Proceeding of 2015. The Korean institute of information scientists and engineers. ISSN: 1976–4677 eISSN: 2093–8020

    Google Scholar 

  2. Chandni M, Sowmiya NP, Mohana S, Sandhya MK (2017) Establishing trust despite attacks in cloud computing: a survey. In: Proceeding of IEEE Wisp NET 978–1–5090–4442–9

    Google Scholar 

  3. Dhondse A, Singh S (2019) Redefining cyber security with AI and machine learning. Asian J Converg Technol 5(2)

    Google Scholar 

  4. Madhusudhan R (2018) Mitigation of cross-site scripting attacks in mobile cloud environments. In: Thampi S, Madria S, Wang G, Rawat D, Alcaraz Calero J (eds) Security in computing and communications.

    Google Scholar 

  5. Jiang S, Jiang T, Wang L (2017) Secure and efficient cloud data deduplication with ownership management. IEEE Trans Serv Comput doi: https://doi.org/10.1109/TSC.2017.2771280

  6. Munivel E, Kannammal A (2019) New authentication scheme to secure against the phishing attack in the mobile cloud computing. In: Proceeding of Hindawi security and communication networks. p 11

    Google Scholar 

  7. Malina L, Hajny J, Dzurenda P, Zeman V (2015) Privacy-preserving security solution for cloud services. Proc J Appl Res Technol 13(1):20–31

    Google Scholar 

  8. Medeiros I, Beatriz M, Neves N, Correia M (2019) SEPTIC: detecting injection attacks and vulnerabilities inside the DBMS. IEEE Trans Reliab 68(3):1168–1188. https://doi.org/10.1109/TR.2019.2900007

    Article  Google Scholar 

  9. Gu H et al (2020) DIAVA: a traffic-based framework for detection of sql injection attacks and vulnerability analysis of leaked data. IEEE Trans Reliab 69(1):188–202. https://doi.org/10.1109/TR.2019.2925415

    Article  Google Scholar 

  10. Sengupta N, Chinnasamy R (2015) Contriving hybrid DESCAST algorithm for cloud security. Elsevier, pp 47–56

    Google Scholar 

  11. Periasamy JK, Latha B (2020) An enhanced secure content de-duplication identification and prevention (ESCDIP) algorithm in cloud environment. Neural Comput Appl 32:485–494 https://doi.org/10.1007/s00521-019-04060-9

  12. Ilambarasan E, Nickolas S, Mary Saira Bhanu S (2020) Attribute-based convergent encryption key management for secure deduplication in cloud. In: Pati B, Panigrahi C, Buyya R, Li KC (eds) Advanced computing and intelligent engineering, vol 1082. Springer, Singapore

    Google Scholar 

  13. Soriano-Salvador E, Guardiola-Muzquiz G SealFS: a stackable file system for tamper-evident logging

    Google Scholar 

  14. Shar LK, Briand LC, Tan HBK (2015) Web application vulnerability prediction using hybrid program analysis and machine learning. IEEE Trans Depend Sec Comput 12(6):688–707 doi: https://doi.org/10.1109/TDSC.2014.2373377

  15. El-Booz SA, Attiya G, El-Fishawy N (2015) A secure cloud storage system combining time-based one time password and automatic blocker protocol. In: 2015 11th international computer engineering conference (ICENCO). Cairo, 188–194. https://doi.org/10.1109/ICENCO.2015.7416346

  16. El-Booz SA, Attiya G, El-Fishawy N (2015) A secure cloud storage system combining time-based one time password and automatic blocker protocol. In: 2015 11th international computer engineering conference (ICENCO), Cairo, pp 188-194. doi: https://doi.org/10.1109/ICENCO.2015.7416346

  17. Chen P, Qi Y, Hou D (2019) CauseInfer: automated end-to-end performance diagnosis with hierarchical causality graph in cloud environment. IEEE Trans Serv Comput 12(2):214–230. doi: https://doi.org/10.1109/TSC.2016.2607739

  18. Yuan H, Chen X, Li J, Jiang T, Wang J, Deng R (2019) Secure cloud data deduplication with efficient re-encryption. IEEE Trans Serv Comput doi: https://doi.org/10.1109/TSC.2019.2948007

  19. Shen J, Deng X, Xu Z (2019) Multi-security-level cloud storage system-based on improved proxy re-encryption. J Wireless Commun Netw 2019:277. https://doi.org/10.1186/s13638-019-1614-y

    Article  Google Scholar 

  20. Cheng Y, Du Y, Peng J, Fu J, Liu B (2019) Trusted secure accessing protection framework-based on cloud-channel-device cooperation. In: Yun X, et al (eds) Cyber Security. CNCERT 2018. Communications in computer and information science, vol 970. Springer, Singapore

    Google Scholar 

  21. Fremantle P, Aziz B (2018) Cloud-based federated identity for the Internet of Things. Ann Telecommun 73:415–427. https://doi.org/10.1007/s12243-018-0641-8

    Article  Google Scholar 

  22. Rawal BS, Vijayakumar V, Manogaran G et al (2018) Secure disintegration protocol for privacy preserving cloud storage. Wireless Pers Commun 103:1161–1177. https://doi.org/10.1007/s11277-018-5284-6

    Article  Google Scholar 

  23. Ajay DM (2019) Umamaheswari E packet encryption for securing real-time mobile cloud applications. Mobile NetwAppl 24:1249–1254. https://doi.org/10.1007/s11036-019-01263-1

    Article  Google Scholar 

  24. Zhang S, Meng X, Wang L, Xu L, Han X (2018) Secure virtualization environment-based on advanced memory introspection. In: Proceeding of Hindawi security and communication networks, vol 2018, p 16 https://doi.org/10.1155/2018/9410278

  25. Li G, Wu J, Li J, Wang K, Ye T (2018) Service popularity-based smart resources partitioning for fog computing-enabled industrial internet of things. IEEE Trans Indus Inform 14(10):4702–4711. https://doi.org/10.1109/TII.2018.2845844

    Article  Google Scholar 

  26. Hu Z, Chen H, Shen W (2019) An efficient and provably secure anonymous user authentication and key agreement for mobile cloud computing. In Proceeding of Hindawi wireless communications and mobile computing, vol 2019, p 12. https://doi.org/10.1155/2019/4520685

  27. Taek-Young Y, Nam-Su J, Rhee KH, Sang US (2019) Authorized client-side deduplication using CP-ABE in cloud storage. In: Proceeding Hindawi wireless communications and mobile computing vol 2019, p 11. https://doi.org/10.1155/2019/7840917

  28. Hsu K, Chiang Y, Hsiao H (2019) SafeChain: securing trigger-action programming from attack chains. IEEE Trans Inform Forensics Secur 14(10):2607–2622. https://doi.org/10.1109/TIFS.2019.2899758

    Article  Google Scholar 

  29. Xiao Y, Zhang X, Zhang Y, Teodorescu R (2016) One bit flips, one cloud flops: cross-VM row hammer attacks and privilege escalation. In: Proceeding of the 25th USENIX security symposium. Austin, TX, ISBN 978–1–931971–32–4

    Google Scholar 

  30. Martínez S, Cosentino V, Cabot J, Cuppens F (2013) Reverse engineering of database security policies. In: H. Decker, Lhotská L, Link S, Basl J, Tjoa AM (eds) Database and expert systems applications. DEXA 2013. Lecture Notes in Computer Science, vol 8056. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40173-2_37

  31. Talha AM, Kamel I, Al Aghbari Z (2019) Facilitating secure and efficient spatial query processing on the cloud. IEEE Trans Cloud Comput 7(4):988–1001. doi: https://doi.org/10.1109/TCC.2017.2724509.

  32. Mall S, Saroj SK (2018) A new security framework for cloud data. In: Proceeding of 8th international conference on advances computing and communication (ICACC-2018)

    Google Scholar 

  33. Hyseni D, Luma A, Selimi B, Cico B (2018) The proposed model to increase security of sensitive data in cloud computing. In Proceeding of the (IJACSA) international journal of advanced computer science and applications, vol. 9

    Google Scholar 

  34. Silva LV, Barbosa P, Marinho R et al (2018) Security and privacy aware data aggregation on cloud computing. J Internet Serv Appl 9:6. https://doi.org/10.1186/s13174-018-0078-3

    Article  Google Scholar 

  35. Pu Y, Luo J, Hu C, Yu J, Zhao R, Huang H, Xiang T (2019) Two secure privacy-preserving data aggregation schemes for IoT. In: Proceding of Hindawi wireless communications and mobile computing, vol 2019, p 3985232 https://doi.org/10.1155/2019/3985232

  36. Soriano Salvador E, Guardiola-Muzquiz G (2021) SealFS: A Stackable File System for Tamper-evident Logging. ETSIT, Rey Juan Carlos University, Madrid, Spain

    Google Scholar 

  37. Rejin PR, Paul RD (2019) Verification of data integrity and cooperative loss recovery for secure data storage in cloud computing. Cogent Eng 6(1):1654694

    Google Scholar 

  38. Kirdat N, Mokal N, Mokal J, Parkar A, Shahabade RV et al (2018) Data leakage detection and file monitoring in cloud computing. Int J Adv Res Ideas Innov Technol 4(2018):859–866

    Google Scholar 

  39. Huang X, Lu Y, Li D, Ma M (2018) A novel mechanism for fast detection of transformed data leakage. IEEE Access 6:35926–35936. https://doi.org/10.1109/ACCESS.2018.2851228

    Article  Google Scholar 

  40. Xu S, Yang G, Mu Y, Deng RH (2018) Secure fine-grained access control and data sharing for dynamic groups in the cloud. IEEE Trans Inform Forensics Secur 13(8):2101–2113. https://doi.org/10.1109/TIFS.2018.2810065

    Article  Google Scholar 

  41. Roy S, Das AK, Chatterjee S, Kumar N, Chattopadhyay S, Rodrigues JJPC (2019) Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing-based healthcare applications. IEEE Trans Indus Inform 15(1):457–468. https://doi.org/10.1109/TII.2018.2824815

    Article  Google Scholar 

  42. Punto Gutierrez J, Lee K (2018) SDN-based DoS attack detection and mitigation system for cloud environment. In: Proceeding of international journal of computer systems (ISSN: 2394–1065), vol 05. http://www.ijcsonline.com/

  43. Shyamala R, Prabakaran D (2018) A survey on security issues and solutions in virtual private network. Int J Pure Appl Math 119(15):3115–3122

    Google Scholar 

  44. Ravi Kumar P, Herbert Raj P, Jelciana P (2017) Exploring security issues and solutions in cloud computing services—a survey. In: Cybernetics and information technologies, vol. 4, Sofia, Print ISSN: 1311–9702; Online ISSN: 1314–4081. doi: https://doi.org/10.1515/cait-2017-0039

  45. Dong Z, Luo F, Gaoqi L (2018). Blockchain: a secure, decentralized, trusted cyber infrastructureSolution for future energy systems. J Mod Power Syst Clean Energy 6(5):958 967. https://doi.org/10.1007/s40565-018-0418-0

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Veermata Jijabai Technological Institute (VJTI), Mumbai, India

    Akram Harun Shaikh & B. B. Meshram

Authors
  1. Akram Harun Shaikh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. B. Meshram
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Akram Harun Shaikh .

Editor information

Editors and Affiliations

  1. Department of Automatics and Applied Software, Aurel Vlaicu University of Arad, Arad, Arad, Romania

    Valentina Emilia Balas

  2. Department of Computer Engineering, Thakur College of engineering and technology, kandivali, India

    Vijay Bhaskar Semwal

  3. Thakur College of Engineering and Technology, Mumbai, India

    Anand Khandare

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shaikh, A.H., Meshram, B.B. (2022). Cloud Attacks and Defence Mechanism for SaaS: A Survey. In: Balas, V.E., Semwal, V.B., Khandare, A. (eds) Intelligent Computing and Networking. Lecture Notes in Networks and Systems, vol 301. Springer, Singapore. https://doi.org/10.1007/978-981-16-4863-2_4

Download citation

Publish with us

Policies and ethics

Search

Navigation