SaaS Cloud Security : Attacks and Proposedsolutions
Keywords:Cloud Computing, SaaS, Internet attacks, Data security, Vulnerability, Authentication.
Nowadays the Cloud has started to gain ground even in SMEs, in spite of that the Cloud is still unknown for several ... for others few reliable.
SaaS represents a promising technology, which grows each year rapidly. Only at the security level, there are many obstacles, and becomes a major problem against its adoption. For example the public cloud represents a huge risk since the data of several companies are stored at the same place, close to each other.
For this reason the security of transiting or stored data in the SaaS remains a challenge for providers in order to gain the confidence of the customers.
SaaS remains the target of several attacks, such as network attacks, etc., which aim to disrupt its operation. Therefore, it is essential to deal with these attacks, and tried to minimize vulnerability and adopt new security concepts.
Through this document, we are going to study the security of SaaS, We will try to find the burly and feeble points of the most famous clouds such as Google Amazon, Microsoft, and come out with Countermeasures and proposals solution.
(1) Emile Yaogo« Le cloudcomputing : L’informatique comme l’électricité ou l’eau que nous consommons ».http://www.faso-tic.net/spip.php?article415&rubrique1 29décembre 2016.
(2) Salman Iqbal, Miss Laiha Mat Kiah, BabakDhaghighi, MuzammilHussain, Suleman khan, Muhammad Khurram Khan, Kim-Kwang Raymond Choo. On Cloud Security Attacks: A taxonomy and Intrusion Detection and Prevention as a Service. 2016
(3) I. Mettildha Mary, P.V.Kavitha, Priyadharshini M, Vigneshwer S Ramana. Secure Cloud ComputingEnvironmentagainst DDOS and EDOS Attacks. 2014
(4) Ajey Singh, Dr. ManeeshShrivastava. Overview of Attacks on Cloud Computing. 2014
(5) Margaret Rouse. http://searchmidmarketsecurity.techtarget.com/definition/keylogger
(6) Bhadauria, R., Al., A survey on security issues in cloud computing. 2011
(7) Rodero-Merino, L. et Am., Building safe Pass clouds: A survey on security in the multitenant software platforms. Computer & security, 2012.31(1): p 96-108
(8) Qiasi Luo1 and Yunsi Fei2. Algorithmic Collision Analysis for Evaluating Cryptographic System and Side-Channel Attacks”, International Symposium on H/w – Oriented Security and Trust, 2011
(9) Matthieu Lamelot, Stockage en ligne : lequel choisir ? , http://www.tomshardware.fr/articles/comparatif-stockage-cloud,2-2332.html 7 Novembre 2016
(10) VALENTIN BLANCHOT Une IA de Google a créé son propre cryptage de données. https://siecledigital.fr/2016/11/03/intelligence-artificielle-google-cryptage-donnees/ 3 Novembre 2016.
(11) S. Subashini, V. Kavitha, A Survey on Security Issues in service delivery models of cloud computing. 2011
(12) Sandeep K. Sood, A combined approach to ensure data security in cloud computing.
(13) Al Haddad Zayed, Hanoune Mostafa, MamouniAbdelazize, « Cloud Computing et sécurité : Approches et solutions. Décembre 2015.
(14) Balakrishnan.S, Saranya.G, Shobana.S, and Karthikeyan.S, « Introducing Effecyive Third Party Auditing(TPA) for Data Storage Security in cloud » Int. J.Comput.SciEnceTechnol, vol. 2 Jun 2011.
(15) F. Aloul, S. Zahidi, and W. El-Hajj, « Two factor authentification using mobile phones, » in Computer Systems and Applications, 2009 AICCSA 2009. IEEE/ACS InternationalConference on, 2009, pp. 641-644.
(16) E. M. Mohamed, H.S Abdelkader, and El-Etriby, « Enhaced data security model for cloud computing, » in Informatics and Systems (INFOS), 2012 8th International Conference on, 2012, pp. CC-12.
(17) Insitute of Electrical abdEkectronics Engineers, Ed., « Enhancing Data Security during Transit in Public Cloud , » Int.J. Eng. Innov. Technol. IJEIT, vol.3 ,Jul. 2013.
(18) « la protection des données personnelles dans l’open data : une exigence et une opportunité. » [online]. Available :http://www.senat.fr/rap/r13-469/r13-4697.html. [Accessed : 08-jul-2015].
(19) SagarTirdkar, YazadBaldawala, SagarUlane, Ashok Jori. Improved 3-Dimensional Security in Cloud Computing. International Journal of Computer Trends and Technology (IJCTT°- volume 9 number 5. 2014.
(20) AmanSagar, Bineet Kumar Joshi and NishantMathur. A study of distributed denial of service attack in cloud computing (DDOS). 2013.
(21) Belenky A, Ansari N. Tracing multiple attackers with deterministic packet marking (DPM). In : Proceedings of IEEE Pacific Rim conference on communications, computers and signal processing, vol , 2003 p.49-52.
(22) Ashley Chonka, Yang Xiang, Wanlei Zhou, AlessioBonti. Cloud Security defence to protect cloud computing against HTTP-DOS and XML-DOS attacks. 2010
(23) Omar Achbarou, My Ahmed El kiram, Salim El Bouanani, Securing Cloud Computing from different Attaks Using Intrusion Detection Systems.
(24) Ashley Chonka, Yang Xiang, Wanlei Zhou, AlessioBonti. Cloud Security defence to protect cloud computing against HTTP-DOS and XML-DOS attacks. 2010