Matthias Aifuobhokhan Okonoboh; Sudhakar Tekkali MCS-2011-201, pp. 64. COM/School of Computing, 2011.
Context: Cloud computing is rapidly emerging in the area of distributed computing. In the meantime, many organizations also attributed the technology to be associated with several business risks which are yet to be resolved. These challenges include lack of adequate security, privacy and legal issues, resource allocation, control over data, system integrity, risk assessment, software vulnerabilities and so on which all have compromising effect in cloud environment. Organizations based their worried on how to develop adequate mitigation strategies for effective control measures and to balancing common expectation between cloud providers and cloud users. However, many researches tend to focus on cloud computing adoption and implementation and with less attention to vulnerabilities and attacks in cloud computing. This paper gives an overview of common challenges and mitigation techniques or practices, describes general security issues and identifies future requirements for security research in cloud computing, given the current trend and industrial practices.
Objectives: We identified common challenges and linked them with some compromising attributes in cloud as well as mitigation techniques and their impacts in cloud practices applicable in cloud computing. We also identified frameworks we consider relevant for identifying threats due to vulnerabilities based on information from the reviewed literatures and findings.
Methods: We conducted a systematic literature review (SLR) specifically to identify empirical studies focus on challenges and mitigation techniques and to identify mitigation practices in addressing software vulnerabilities and attacks in cloud computing. Studies were selected based on the inclusion/exclusion criteria we defined in the SLR process. We search through four databases which include IEEE Xplore, ACM Digital Library, SpringerLinks and SciencDirect. We limited our search to papers published from 2001 to 2010. In additional, we then used the collected data and knowledge from finding after the SLR, to design a questionnaire which was used to conduct industrial survey which also identifies cloud computing challenges and mitigation practices persistent in industry settings.
Results: Based on the SLR a total of 27 challenges and 20 mitigation techniques were identified. We further identified 7 frameworks we considered relevant for mitigating the prevalence real-time software vulnerabilities and attacks in the cloud. The identified challenges and mitigation practices were linked to compromised cloud attributes and the way mitigations practices affects cloud computing, respectively. Furthermore, 5 and 3 additional challenges and suggested mitigation practices were identified in the survey.
Conclusion: This study has identified common challenges and mitigation techniques, as well as frameworks practices relevant for mitigating real-time software vulnerabilities and attacks in cloud computing. We cannot make claim on exhaustive identification of challenges and mitigation practices associated with cloud computing. We acknowledge the fact that our findings might not be sufficient to generalize the effect of the different service models which include SaaS, IaaS and PaaS, and also true for the different deployment models such as private, public, community and hybrid. However, this study we assist both cloud provider and cloud customers on the security, privacy, integrity and other related issues and useful in the part of identifying further research area that can help in enhancing security, privacy, resource allocation and maintain integrity in the cloud environment.
SE-371 44 Karlskrona