Scribd
Upload
20 views11 pages

Paper Review - Presentation

The document reviews cloud computing security, highlighting key threats such as data tampering, unauthorized access, and insecure communication, along with their impacts on confidentiality, integrity, and availability. It discusses various cloud service models (SaaS, PaaS, IaaS, CaaS) and outlines mitigation strategies including advanced encryption, robust authentication, and secure communication channels. The conclusions emphasize ongoing security challenges and suggest future work in real-time analytics and blockchain scaling to enhance cloud security.

Uploaded by

Ral Ralte
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
20 views11 pages

Paper Review - Presentation

The document reviews cloud computing security, highlighting key threats such as data tampering, unauthorized access, and insecure communication, along with their impacts on confidentiality, integrity, and availability. It discusses various cloud service models (SaaS, PaaS, IaaS, CaaS) and outlines mitigation strategies including advanced encryption, robust authentication, and secure communication channels. The conclusions emphasize ongoing security challenges and suggest future work in real-time analytics and blockchain scaling to enhance cloud security.

Uploaded by

Ral Ralte
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Paper Review:

A Systematic Literature Review on


Cloud Computing Security: Threats
and Mitigation Strategies, B.
Alouffi et al.

Ralthantluanga
24MCMT08
Introduction to Cloud Computing

● Definition: On-demand computing services (servers, storage, software) over the internet.

● Benefits: Scalability, flexibility, cost savings, accessibility.

● Importance of Security: Critical for adoption due to sensitive data.

• 2019 Capital One breach, where a misconfigured AWS S3 bucket exposed 100 million customer
records, resulting in an $80 million fine and significant reputational damageexemplifies these risks.
Overview of Cloud Models

● SaaS (Software as a Service):


○ Example: Google Workspace, Microsoft Office 365.
○ Delivers fully managed applications over the internet
○ Security: Relies on TLS 1.3 for data-in-transit encryption; provider-managed SSO with SAML 2.0.
● PaaS (Platform as a Service):
○ Example: Google App Engine, Azure App Service.
○ Provides a platform for developers to build and deploy applications
○ Security: Uses runtime isolation (e.g., gVisor sandbox); supports OAuth 2.0 for API access.
● IaaS (Infrastructure as a Service):
○ Example: Amazon EC2, Azure Virtual Machines.
○ Offers virtualized infrastructure where users manage the operating system and applications
○ Security: Leverages hypervisor-level isolation (e.g., Xen, KVM); customer-managed IPsec VPNs.
● CaaS (Container as a Service):
○ Example: Amazon ECS, Google Kubernetes Engine.
○ Security: Employs container runtime security (e.g., Docker seccomp profiles); Kubernetes RBAC.
Cloud Security Challenges – An Overview

● Key Threats:
○ Data tampering: 42% of studies in the review flagged this (34/80 papers).
○ Often resulting from inadequate integrity checks in shared storage systems like AWS S3
○ Unauthorized access: 35% of breaches in 2020 involved weak credentials (Verizon DBIR).
○ Weak channels: 25% packet loss in unencrypted TCP flows doubles exploit risk.
○ Double the risk of man-in-the-middle (MITM) attacks

● Impact:
○ Confidentiality: Exposed PII in multi-tenant S3 buckets.
○ Integrity: Altered datasets via MITM on unsecured HTTP endpoints.
○ Availability: DDoS peaking at 2.3 Tbps (AWS Shield, 2020).
Detailed Threats & Mitigation Strategies

● Threats:
○ Data Tampering/Leakage: SQL injection on RDS instances; 15% success rate without input
validation.
○ Unauthorized Access: 80% of exploits target weak IAM policies (e.g., overly permissive
roles).
○ Communication Issues: TLS downgrade attacks exposing weaker encryption eg.1024-bit
RSA keys.-->require TLS 1.3 and IPsec VPNs
● Mitigations:
○ Encryption: Homomorphic encryption (e.g., SEAL library, 10x CPU overhead); AES-256 key-
splitting.
○ Authentication: MFA with TOTP (RFC 6238); YubiKey FIDO2 support.
○ Monitoring: Snort IDS with 10K rulesets; 95% detection rate for known exploits.
Cloud Service Providers (CSPs) and Their Security Challenges

● Major CSPs:
○ AWS: IAM(Identity and Access Management) roles with 12K+ policies; KMS for HSM-backed
keys.
○ Azure: Security Center with 150+ threat detections/hour.
● Challenges:
○ Shared Responsibility: AWS S3 ACL consumer misconfigs led to 100M+ exposed records
(2021).
○ Vendor Lock-in: 70% of enterprises report data migration costs >$500K (Gartner).
○ Feature Limits: Azure AD basic tier lacks conditional access logs.
Consumers’ Concerns & Policy Issues (RQ3)

● Consumer Concerns: Data unavailability, vendor lock-in, insufficient security, poor interoperability.

● Policy and Regulatory Aspects: Conflicts between national regs and CSP policies, need for
standardized SLAs.
Role of Blockchain in Cloud Security

● Technical Overview:
○ Consensus: Proof-of-Stake (PoS) with 51% less energy than PoW.
○ Smart Contracts: Ethereum Solidity enforces tamper-proof SLAs.
● Applications:
○ Data Integrity: SHA-256 hashes on Hyperledger Fabric; 1ms verification.
○ Identity: ECDSA signatures for decentralized IAM; 256-bit keys.
● Challenges:

● Limiting throughput, e.g. 100 tx/sec throughput vs. Visa’s 24K;

● 20% latency increase in cloud stacks


Summary of Key Security Threats and Mitigations

Threat Description Mitigation Strategy

Data Tampering and Unauthorized modification or Advanced encryption (key-splitting,


Leakage exposure of data homomorphic)

Unauthorized Access Exploits weak authentication or Robust authentication (MFA, RBAC)


permissions

Insecure Data interception due to weak Secure channel communications,


Communication channels IDS
Conclusions & Future Work

● Conclusions: Security challenges persist—$1.4B Equifax loss; mitigations cut risks 90%
(encryption).
● Future Directions: Real-time analytics, blockchain scaling.
● Implications: CSPs/consumers save millions with robust tools.
Reference

B. Alouffi, M. Hasnain, A. Alharbi, W. Alosaimi, H. Alyami and M. Ayaz, "A


Systematic Literature Review on Cloud Computing Security: Threats and
Mitigation Strategies," in IEEE Access, vol. 9, pp. 57792-57807, 2021, doi:
10.1109/ACCESS.2021.3073203.

You might also like