Bulut Bilişim Güvenliğindeki Zorluklar ve Güncel Çalışmalar Üzerine Bir İnceleme

Bulut bilişim sistemleri, kişi ve organizasyonlar tarafından ihtiyaç duyulan farklı seviye ve nitelikteki bilgi sistemleri kaynaklarının, talebe bağlı olarak istenilen zaman ve miktarda ihtiyaç sahibine sunulabildiği, çoğunlukla internet üzerinden erişilebilir kılınan, özellikle değişken iş yüklerine sahip organizasyonların ihtiyaçlarına en iyi şekilde cevap verebilen sistemlerdir. Bulut bilişim sistemlerinin kullanımının artmasına paralel olarak hem bulut bilişim platformlarına hem de bu platformlardan servis alan organizasyonlara yönelik saldırılar artış göstermiştir. Çalışmada, öncelikle, farklı kuruluşlar tarafından hazırlanan bulut bilişim güvenlik raporları incelenerek, bulut bilişim kapsamında karşılaşılan temel tehditler ortaya konmuştur. Daha sonra Web of Science veri tabanı temel alınarak bulut bilişim güvenliği kapsamında yapılan güncel çalışmalar incelenmiştir. Güncel çalışmalar Uygulama Güvenliği, Denetim Güvenliği ve Veri Bütünlüğü, Kimlik Yönetimi ve Doğrulama, Erişim Kontrolü ve Yetkilendirme, Veri Paylaşımı, Dağıtık Hizmet Dışı Bırakma (DDoS), Sızma Tespiti ve Ağ Güvenliği, Çoklu Bulut Güvenliği, Gizlilik, Kaynak ve Altyapı Güvenliği, Depolama Alanı Güvenliği, Sanal Makine Güvenliği başlıkları altında sınıflandırılarak sunulmuştur. Gerçek dünya sorunları ile yapılan akademik çalışmalar birlikte değerlendirilmiş ve hangi güvenlik alanlarında çalışmalara ihtiyaç duyulduğu belirlenmiştir.

Anahtar Kelimeler:

Bulut Bilişim, Güvenlik, Çoklu Bulut, Gizlilik

A Review on Challenges in Cloud Computing Security and Recent Researchs

Cloud computing systems are systems in which information systems resources of different levels and qualities needed by individuals and organizations are offered to the needy at the desired time and amount depending on the demand. Cloud computing systems are mostly made available over the internet and they can meet the needs of organizations with variable workloads in the best way. In parallel with the increase in the use of cloud computing systems, attacks against both cloud computing platforms and organizations receiving services from these platforms have increased. In this paper, first of all, cloud computing security reports prepared by different organizations were examined and the main threats encountered in cloud computing were revealed. Then, based on the web of science database, recent studies within the scope of cloud computing security were examined. Recent studies are grouped and examined under the following categories: Application Security, Audit Security and Data Integrity, Identity Management and Authentication, Access Control and Authorization, Data Sharing, Distributed Denial of Service (DDoS), Intrusion Detection and Network Security, Multicloud Security, Privacy, Resource and Infrastructure Security, Storage Security and Virtual Machine Security. Finally, academic studies and real-world problems were evaluated together and security areas on which academic researhes should focus on were determined.

Keywords:

cloud computing, security, multicloud, privacy,

PDF

___

V. V. Arutyunov, “Cloud Computing: Its History of Development, Modern State, and Future Considerations”, Sci. Tech. Inf. Process., 39(3), 173–178, 2012.
M. Alenezi, “Safeguarding Cloud Computing Infrastructure: A Security Analysis”, Computer Systems Science and Engineering, 37(2), 159-167, 2021.
G. Ouffoué, F. Zaïdi, A. R. Cavalli, H. N. Nguyen, “A Framework for the Attack Tolerance of Cloud Applications Based on Web Services”, Electron., 10(1), 1–29, 2021.
A. Sen, S. Madria, “Application Design Phase Risk Assessment Framework Using Cloud Security Domains”, J. Inf. Secur. Appl., 55(102617), 2020.
H. Li, F. Guo, L. Wang, J. Wang, B. Wang, C. Wu, “A Blockchain-Based Public Auditing Protocol with Self-Certified Public Keys for Cloud Data”, Secur. Commun. Networks, 2021(6623639), 2021.
J. Tian, X. Jing, “A Lightweight Secure Auditing Scheme for Shared Data in Cloud Storage,” IEEE Access, 7, 68071–68082, 2019.
H. Yang, Z. Yi, X. A. Wang, Y. Su, Z. Tu, X. Yang, “Improved Lightweight Cloud Storage Auditing Protocol for Shared Medical Data,” Wirel. Commun. Mob. Comput., 2021(8886763), 2021.
B. Shao, Y. Ji, “Efficient TPA-based Auditing Scheme for Secure Cloud Storage”, Cluster Computing, 2021.
H. Yan, W. Gui, “Efficient Identity-based Public Integrity Auditing of Shared Data in Cloud Storage with User Privacy Preserving”, IEEE Access, 9, 45822-45831, 2021.
S. I. Shyla, S. S. Sujatha, “Efficient Secure Data Retrieval on Cloud Using Multi-stage Authentication and Optimized Blowfish Algorithm”, J Ambient Intell Human Comput, 2021.
D. Rangwani, H. Oin, “A Secure User Authentication Protocol Based on ECC for Cloud Computing Environment”, Arab. J. Sci. Eng., 46(4), 3865–3888, 2021.
X. Qin, Y. Huang, Z. Yang, X. Li, “A Blockchain-based Access Control Scheme with Multiple Attribute Authorities for Secure Cloud Data Sharing”, J. Syst. Archit., 112(101854), 2021.
J. Gu, J. Shen, B. Wang, “A Robust and Secure Multi-authority Access Control System for Cloud Storage”, Peer-to-Peer Netw. Appl., 14, 1488-1499, 2021.
H. Ji, H. Zhang, L. Shao, D. He, M. Luo, “An Efficient Attribute-based Encryption Scheme Based on SM9 Encryption Algorithm for Dispatching and Control Cloud”, Conn. Sci., 2021.
D. Ramesh, R. Mishra, M. C. Trivedi, “PCS-ABE (t, n): A Secure Threshold Multi Authority CP-ABE Scheme Based Efficient Access Control Systems for Cloud Environment”, J Ambient Intell Human Comput, 2021.
K. Sethi, A. Pradhan, P. Bera, “PMTER-ABE: A Practical Multi-authority CP-ABE with Traceability, Revocation and Outsourcing Decryption for Secure Access Control in Cloud Systems”, Cluster Comput, 2, 2021.
L. Guo, X. Yang, W. C. Yau, “TABE-DAC: Efficient Traceable Attribute-Based Encryption Scheme with Dynamic Access Control Based on Blockchain”, IEEE Access, 9, 8479–8490, 2021.
X. J. Lin, Q. Wang, L. Sun, H. Qu, “Identity-based Encryption with Equality Test and Datestamp-based Authorization Mechanism”, Theor. Comput. Sci., 861, 117–132, 2021.
N. Saravanan, A. Umamakeswari, “Lattice Based Access Control for Protecting User Data in Cloud Environments with Hybrid Security”, Comput. Secur., 100(102074), 2021.
S. Yao, R. V. J. Dayot, H. J. Kim, I. H. Ra, “A Novel Revocable and Identity-Based Conditional Proxy Re-encryption Scheme with Ciphertext Evolution for Secure Cloud Data Sharing”, IEEE Access, 9, 42801–42816, 2021.
Y. Zuo, Z. Kang, J. Xu, Z. Chen, “BCAS: A Blockchain-based Ciphertext-policy Attribute-based Encryption Scheme for Cloud Data Security Sharing”, Int. J. Distrib. Sens. Networks, 17(3), 2021.
J. R. Gudeme, S. K. Pasupuleti, R. Kandukuri, “Certificateless Multi-replica Public Integrity Auditing Scheme for Dynamic Shared Data in Cloud Storage”, Comput. Secur., 103(102176), 2021.
A. A. A. Punitha, G. Indumathi, “Centralized Cloud Information Accountability Integrity with Firefly Key Generation Algorithm (CCIAI-FKGA) for Cloud Environment”, Concurr Comput, 33(3), 2021.
L. Ogiela, V. Snášel, “Intelligent and Semantic Threshold Schemes for Security in Cloud Computing”, Concurr Comput, 33(2), 2021.
N. Agrawal, S. Tapaswi, “An SDN-Assisted Defense Mechanism for the Shrew DDoS Attack in a Cloud Computing Environment”, J Netw Syst Manag, 29(2), 1–28, 2021.
A. Mishra, N. Gupta, B. B. Gupta, “Defense Mechanisms Against DDoS Attack Based on Entropy in SDN-cloud Using POX Controller”, Telecommun Syst, 77, 47-62, 2021.
A. Agarwal, M. Khari, R. Singh, “Detection of DDOS Attack using Deep Learning Model in Cloud Storage Application”, Wirel Pers Commun, 2021.
Y. Kırsal, E. Caglar, “Bulut Bilişimde Yük Dengeleme Mekanizmasının Analitik Modellemesi ve Performans Değerlendirmesi”, Bilişim Teknolojileri Dergisi, 14(3), 279-286, 2021.
S. Krishnaveni, S. Sivamohan, S. S. Sridhar, S. Prabakaran, “Efficient Feature Selection and Classification Through Ensemble Method for Network Intrusion Detection on Cloud Computing”, Cluster Comput., 2021.
Q. He, H. He, “A Novel Method to Enhance Sustainable Systems Security in Cloud Computing based on the Combination of Encryption and Data Mining”, Sustain, 13(1), 1–17, 2021.
H. Alavizadeh, J. B. Hong, D. S. Kim, J. Jang-Jaccard, “Evaluating the Effectiveness of Shuffle and Redundancy MTD Techniques in the Cloud”, Comput. Secur., 102(102091), 2021.
S. Rajagopal, P. P. Kundapur, K. S. Hareesha, “Towards Effective Network Intrusion Detection: From Concept to Creation on Azure Cloud”, IEEE Access, 9, 19723–19742, 2021.
Z. Ouyang, X. Zhai, J. Wu, J. Yang, D. Yue, C. Dou, T. Zhang, “A Cloud Endpoint Coordinating CAPTCHA based on Multi-view Stacking Ensemble”, Comput Secur, 103(102178), 2021.
M. H. Mohammed, “Bio-inspired Approach and Integrity Check Mechanism for Secure Data Storage in Multi-cloud Environment”, J Ambient Intell Human Comput, 2021.
F. Lahmar, H. Mezni, “Security-aware Multi-cloud Service Composition by Exploiting Rough Sets and Fuzzy FCA”, Soft Comput, 25(7), 5173–5197, 2021.
K. A. Torkura, M. I. H. Sukmana, F. Cheng, C. Meinel, “Continuous Auditing and Threat Detection in Multi-cloud Infrastructure”, Comput Secur, 102(102124), 2021.
Q.-H. Zhu, H. Tang, J.-J. Huang, Y. Hou, “Task Scheduling for Multi-Cloud Computing Subject to Security and Reliability Constraints”, IEEE/CAA J Autom. Sin, 8(4), 848–865, 2021.
M. Liu, L. Wang, Q. Wu, J. Song, “Distributed Functional Signature with Function Privacy and Its Application”, Secur Commun Networks, 2021, 1–14, 2021.
Z. Wang, J. Qin, X. Xiang, Y. Tan, “A Privacy-preserving and Traitor Tracking Content-based Image Retrieval Scheme in Cloud Computing”, Multimed Syst, 27, 403-415, 2021.
M. Taheri, S. Mozaffari, P. Keshavarzi, “Privacy-preserving Biometric Verification with Outsourced Correlation Filter Computation”, Multimed Tools Appl, 80, 21425-21448, 2021.
W. Wu, M. Xian, U. Parampalli, B. Lu, “Efficient Privacy-preserving Frequent Itemset Query over Semantically Secure Encrypted Cloud Database”, World Wide Web, 24, 607–629, 2021.
A. Agarwal, A. Prasad, R. Rustogi, S. Mishra, “Detection and Mitigation of Fraudulent Resource Consumption Attacks in Cloud using Deep Learning Approach”, J Inf Secur Appl, 56(102672), 2021.
A. S. Rahumath, M. Natarajan, A. R. Malangai, “Resource Scalability and Security Using Entropy Based Adaptive Krill Herd Optimization for Auto Scaling in Cloud”, Wirel Pers Commun, 119, 791-813, 2021.
X. Gao, B. Steenkamer, Z. Gu, M. Kayaalp, D. Pendarakis, H. Wang, “A Study on the Security Implications of Information Leakages in Container Clouds”, IEEE Trans. Dependable Secur Comput, 18(1), 174–191, 2021.
O. Demigha and R. Larguet, “Hardware-based Solutions for Trusted Cloud Computing”, Comput Secur, 103(102117), 2021.
A. Majumdar, A. Biswas, A. Majumder, S. K. Sood, K. L. Baishnab, “A novel DNA-inspired Encryption Strategy for Concealing Cloud Storage”, Front Comput Sci, 15(3), 2021.
J. Zhao, Y. Ma, J. Cui, Y. Peng, K. Li, T. Wang, “SecSky: A Secure Dynamic Skyline Query Scheme with Data Privacy”, IEEE Access, 9, 5690–5703, 2021.
Y. Zhou, Y. Xu, Z. Qiao, B. Yang, M. Zhang, “Continuous Leakage-resilient Certificate-based Signcryption Scheme and Application in Cloud Computing”, Theor Comput Sci, 860, 1–22, 2021.
B. R. Begum, P. Chitra, “SEEDDUP: A Three-Tier SEcurE Data DedUPlication Architecture-Based Storage and Retrieval for Cross-Domains Over Cloud”, IETE J Res, 2021.
U. S. Varri, S. K. Pasupuleti, K. V. Kadambari, “CP-ABSEL: Ciphertext-policy Attribute-based Searchable Encryption from Lattice in Cloud Storage”, Peer-to-Peer Netw Appl, 14, 1290-1302, 2021.
Y. Ming, B. He, C. Wang, “Efficient Revocable Multi-Authority Attribute-Based Encryption for Cloud Storage”, IEEE Access, 9, 42593–42603, 2021.
B. Seth, S. Dalal, D.C. Le, V. Jaglan, N. Dahiya, A. Agrawal, M.M. Sharma, D. Prakash, K.D. Verma, “Secure Cloud Data Storage System using Hybrid Paillier Blowfish Algorithm”, Comput Mater Contin, 67(1), 779–798, 2021.
A. Rafique, D. Van Landuyt, E. Heydari Beni, B. Lagaisse, W. Joosen, “CryptDICE: Distributed Data Protection System for Secure Cloud Data Storage and Computation”, Inf Syst, 96, 2021.
X. Tang, L. Zhou, B. Hu, H. Wu, “Aggregation-Based Tag Deduplication for Cloud Storage with Resistance against Side Channel Attack”, Secur Commun Networks, 2021.
Z. Chen, A. Wu, Y. Li, Q. Xing, S. Geng, “Blockchain-Enabled Public Key Encryption with Multi-Keyword Search in Cloud Computing”, Secur Commun Networks, 2021.
M. Aslam, S. Bouget, S. Raza, “Security and Trust Preserving Inter- and Intra-cloud VM Migrations”, Int. J Netw Manag, 31(2), 1–19, 2021.
M. T. Dlamini, J. H. P. Eloff, H. S. Venter, M. M. Eloff, “CBAC4C: Conflict-based VM Isolation Control for Cloud Computing”, Int Trans Oper Res, 25(4), 2021.
Z. Zhang, Z. Yang, X. Du, W. Li, X. Chen, L. Sun, “Tenant-Led Ciphertext Information Flow Control for Cloud Virtual Machines”, IEEE Access, 9, 15156–15169, 2021.