sensors-logo

Journal Browser

Journal Browser

Security and Privacy in Cloud Computing Environment

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Internet of Things".

Deadline for manuscript submissions: closed (31 August 2023) | Viewed by 36346

Special Issue Editors


E-Mail Website
Guest Editor
School of Computing and Information Science, Anglia Ruskin University, Cambridge CB1 1PT, UK
Interests: cyber security risk management; threat intelligence; vulnerability assessment; AI enabled cyber security; incident response and business continuity; information security audit and assurance; cyber insurance
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor
School of Computer Science and Electronic Engineering, University of Essex, Colchester CO4 3SQ, UK
Interests: security and privacy requirements engineering; IoT, 5G, cyber-physical, and cloud computing security; model-based security/privacy engineering; security engineering decision support; security attack and threat discovery; security and privacy patterns; automated analysis tools
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The cloud-based system consists of a combination of hardware and software hosted by a third party. It provides significant benefits and has been widely adopted in various industries. Despite the benefits, the system has various security and privacy concerns. In particular, the volume of attacks on the cloud-based system is constantly increasing, with the number more than doubling in 2019 according to the 2020 Trustwave Global Security Report. Additionally, as a result of the system complexity and its dependencies on the cloud-assisted system, cyber-attacks are likely to increase. There is a pressing need to develop techniques and methods to deal with the new generation of cloud-specific cyber attacks, which pose various potential risks for the cloud-based system.

The purpose of this Special Issue is to enhance knowledge of secure and privacy-aware cloud computing in both the industry and research communities. Authors are encouraged to submit both theoretical and applied articles addressing new approaches, research results, case studies, and best practices.

Potential topics include, but are not limited to:

  • Security and privacy modeling in the cloud-based system;
  • Requirements engineering;
  • Security/privacy/trust issues in cloud models;
  • Vulnerabilities in cloud infrastructure;
  • Cyber threat intelligence models for the cloud-based system;
  • Identity and access management;
  • Secure data sharing and management in the cloud;
  • Privacy-enhanced technology in cloud computing;
  • Secure cloud storage;
  • Concepts, theory, standardization and modeling, and methodologies for sensor-cloud systems;
  • Attack prediction and prevention using machine learning;
  • Multitenancy related security/privacy issues.

Dr. Shareeful Islam
Prof. Dr. Haris Mouratidis
Dr. Zia Ush Shamszaman
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cloud computing
  • threat modeling in the cloud
  • secure data management
  • modeling
  • prediction

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (8 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

18 pages, 5072 KiB  
Article
Multi-Objective Seagull Optimization Algorithm with Deep Learning-Enabled Vulnerability Detection for Secure Cloud Environments
by Mohammed Aljebreen, Manal Abdullah Alohali, Hany Mahgoub, Sumayh S. Aljameel, Albandari Alsumayt and Ahmed Sayed
Sensors 2023, 23(23), 9383; https://doi.org/10.3390/s23239383 - 24 Nov 2023
Cited by 2 | Viewed by 1312
Abstract
Cloud computing (CC) is an internet-enabled environment that provides computing services such as networking, databases, and servers to clients and organizations in a cost-effective manner. Despite the benefits rendered by CC, its security remains a prominent concern to overcome. An intrusion detection system [...] Read more.
Cloud computing (CC) is an internet-enabled environment that provides computing services such as networking, databases, and servers to clients and organizations in a cost-effective manner. Despite the benefits rendered by CC, its security remains a prominent concern to overcome. An intrusion detection system (IDS) is generally used to detect both normal and anomalous behavior in networks. The design of IDS using a machine learning (ML) technique comprises a series of methods that can learn patterns from data and forecast the outcomes consequently. In this background, the current study designs a novel multi-objective seagull optimization algorithm with a deep learning-enabled vulnerability detection (MOSOA-DLVD) technique to secure the cloud platform. The MOSOA-DLVD technique uses the feature selection (FS) method and hyperparameter tuning strategy to identify the presence of vulnerabilities or attacks in the cloud infrastructure. Primarily, the FS method is implemented using the MOSOA technique. Furthermore, the MOSOA-DLVD technique uses a deep belief network (DBN) method for intrusion detection and its classification. In order to improve the detection outcomes of the DBN algorithm, the sooty tern optimization algorithm (STOA) is applied for the hyperparameter tuning process. The performance of the proposed MOSOA-DLVD system was validated with extensive simulations upon a benchmark IDS dataset. The improved intrusion detection results of the MOSOA-DLVD approach with a maximum accuracy of 99.34% establish the proficiency of the model compared with recent methods. Full article
(This article belongs to the Special Issue Security and Privacy in Cloud Computing Environment)
Show Figures

Figure 1

27 pages, 3161 KiB  
Article
A Hybrid Approach for Alluring Ads Phishing Attack Detection Using Machine Learning
by Muhammad Waqas Shaukat, Rashid Amin, Muhana Magboul Ali Muslam, Asma Hassan Alshehri and Jiang Xie
Sensors 2023, 23(19), 8070; https://doi.org/10.3390/s23198070 - 25 Sep 2023
Cited by 16 | Viewed by 3943
Abstract
Phishing attacks are evolving with more sophisticated techniques, posing significant threats. Considering the potential of machine-learning-based approaches, our research presents a similar modern approach for web phishing detection by applying powerful machine learning algorithms. An efficient layered classification model is proposed to detect [...] Read more.
Phishing attacks are evolving with more sophisticated techniques, posing significant threats. Considering the potential of machine-learning-based approaches, our research presents a similar modern approach for web phishing detection by applying powerful machine learning algorithms. An efficient layered classification model is proposed to detect websites based on their URL structure, text, and image features. Previously, similar studies have used machine learning techniques for URL features with a limited dataset. In our research, we have used a large dataset of 20,000 website URLs, and 22 salient features from each URL are extracted to prepare a comprehensive dataset. Along with this, another dataset containing website text is also prepared for NLP-based text evaluation. It is seen that many phishing websites contain text as images, and to handle this, the text from images is extracted to classify it as spam or legitimate. The experimental evaluation demonstrated efficient and accurate phishing detection. Our layered classification model uses support vector machine (SVM), XGBoost, random forest, multilayer perceptron, linear regression, decision tree, naïve Bayes, and SVC algorithms. The performance evaluation revealed that the XGBoost algorithm outperformed other applied models with maximum accuracy and precision of 94% in the training phase and 91% in the testing phase. Multilayer perceptron also worked well with an accuracy of 91% in the testing phase. The accuracy results for random forest and decision tree were 91% and 90%, respectively. Logistic regression and SVM algorithms were used in the text-based classification, and the accuracy was found to be 87% and 88%, respectively. With these precision values, the models classified phishing and legitimate websites very well, based on URL, text, and image features. This research contributes to early detection of sophisticated phishing attacks, enhancing internet user security. Full article
(This article belongs to the Special Issue Security and Privacy in Cloud Computing Environment)
Show Figures

Figure 1

37 pages, 954 KiB  
Article
PALANTIR: An NFV-Based Security-as-a-Service Approach for Automating Threat Mitigation
by Maxime Compastié, Antonio López Martínez, Carolina Fernández, Manuel Gil Pérez, Stylianos Tsarsitalidis, George Xylouris, Izidor Mlakar, Michail Alexandros Kourtis and Valentino Šafran
Sensors 2023, 23(3), 1658; https://doi.org/10.3390/s23031658 - 2 Feb 2023
Cited by 6 | Viewed by 4243
Abstract
Small and medium enterprises are significantly hampered by cyber-threats as they have inherently limited skills and financial capacities to anticipate, prevent, and handle security incidents. The EU-funded PALANTIR project aims at facilitating the outsourcing of the security supervision to external providers to relieve [...] Read more.
Small and medium enterprises are significantly hampered by cyber-threats as they have inherently limited skills and financial capacities to anticipate, prevent, and handle security incidents. The EU-funded PALANTIR project aims at facilitating the outsourcing of the security supervision to external providers to relieve SMEs/MEs from this burden. However, good practices for the operation of SME/ME assets involve avoiding their exposure to external parties, which requires a tightly defined and timely enforced security policy when resources span across the cloud continuum and need interactions. This paper proposes an innovative architecture extending Network Function Virtualisation to externalise and automate threat mitigation and remediation in cloud, edge, and on-premises environments. Our contributions include an ontology for the decision-making process, a Fault-and-Breach-Management-based remediation policy model, a framework conducting remediation actions, and a set of deployment models adapted to the constraints of cloud, edge, and on-premises environment(s). Finally, we also detail an implementation prototype of the framework serving as evaluation material. Full article
(This article belongs to the Special Issue Security and Privacy in Cloud Computing Environment)
Show Figures

Figure 1

24 pages, 8604 KiB  
Article
Data-Driven Threat Analysis for Ensuring Security in Cloud Enabled Systems
by Mohammed K. S. Alwaheidi and Shareeful Islam
Sensors 2022, 22(15), 5726; https://doi.org/10.3390/s22155726 - 30 Jul 2022
Cited by 9 | Viewed by 3720
Abstract
Cloud computing offers many benefits including business flexibility, scalability and cost savings but despite these benefits, there exist threats that require adequate attention for secure service delivery. Threats in a cloud-based system need to be considered from a holistic perspective that accounts for [...] Read more.
Cloud computing offers many benefits including business flexibility, scalability and cost savings but despite these benefits, there exist threats that require adequate attention for secure service delivery. Threats in a cloud-based system need to be considered from a holistic perspective that accounts for data, application, infrastructure and service, which can pose potential risks. Data certainly plays a critical role within the whole ecosystem and organisations should take account of and protect data from any potential threats. Due to the variation of data types, status, and location, understanding the potential security concerns in cloud-based infrastructures is more complex than in a traditional system. The existing threat modeling approaches lack the ability to analyse and prioritise data-related threats. The main contribution of the paper is a novel data-driven threat analysis (d-TM) approach for the cloud-based systems. The main motivation of d-TM is the integration of data from three levels of abstractions, i.e., management, control, and business and three phases, i.e., storage, process and transmittance, within each level. The d-TM provides a systematic flow of attack surface analysis from the user agent to the cloud service provider based on the threat layers in cloud computing. Finally, a cloud-based use case scenario was used to demonstrate the applicability of the proposed approach. The result shows that d-TM revealed four critical threats out of the seven threats based on the identified assets. The threats targeted management and business data in general, while targeting data in process and transit more specifically. Full article
(This article belongs to the Special Issue Security and Privacy in Cloud Computing Environment)
Show Figures

Figure 1

39 pages, 10006 KiB  
Article
SRE_BBC: A Self-Adaptive Security Enabled Requirements Engineering Approach for SLA Smart Contracts in Blockchain-Based Cloud Systems
by Irish Singh and Seok-Won Lee
Sensors 2022, 22(10), 3903; https://doi.org/10.3390/s22103903 - 21 May 2022
Cited by 3 | Viewed by 2779
Abstract
Current blockchain-based cloud (BBC) systems have several security vulnerabilities regarding smart contracts (SC), and several attacks have been reported recently. The SC development lacks standard design processes that follow software lifecycle principles to model secure SC. Secondly, the security mechanisms in the SC [...] Read more.
Current blockchain-based cloud (BBC) systems have several security vulnerabilities regarding smart contracts (SC), and several attacks have been reported recently. The SC development lacks standard design processes that follow software lifecycle principles to model secure SC. Secondly, the security mechanisms in the SC are not constantly evolved to resist evolving adversary attacks. BBC systems lack self-adaptive security capability to make spontaneous decisions when adversarial attacks are encountered. To build a self-adaptive secure BBC system that follows standard software development lifecycle principles to model secure SC, we propose the so-called self-adaptive security RE_BBC framework. The framework would utilize the MAPE-BBC adaptation loop to make decisions internally based on the threat models, goal models, and service level agreement (SLA) SC security specifications. The framework identifies vulnerabilities and threats and takes precautionary measures using self-adaptive SC agents. We validated the proposed methodology theoretically and empirically, and statistically proved the research questions and hypothesis using the t-test and Mann–Whitney U test. Subsequently, we compare our proposed approach with the Security Quality Requirements Engineering approach (SQUARE). The feasibility results and the replicated study results indicate that the proposed approach outperformed the SQUARE approach in terms of artifacts quality, self-adaptive security evaluation quality, efficiency in response time, complexity, and usefulness of the proposed approach for the Healthcare Data Management (HDM) system. SC security developers can immensely benefit from our proposed methodology. They need not reengineer SC from scratch; depending on their security needs and plan, the contract can be adapted to execute a new plan. Full article
(This article belongs to the Special Issue Security and Privacy in Cloud Computing Environment)
Show Figures

Figure 1

23 pages, 13116 KiB  
Article
A Dynamic Four-Step Data Security Model for Data in Cloud Computing Based on Cryptography and Steganography
by Rose Adee and Haralambos Mouratidis
Sensors 2022, 22(3), 1109; https://doi.org/10.3390/s22031109 - 1 Feb 2022
Cited by 51 | Viewed by 11546
Abstract
Cloud computing is a rapidly expanding field. It allows users to access computer system resources as needed, particularly data storage and computational power, without managing them directly. This paper aims to create a data security model based on cryptography and steganography for data [...] Read more.
Cloud computing is a rapidly expanding field. It allows users to access computer system resources as needed, particularly data storage and computational power, without managing them directly. This paper aims to create a data security model based on cryptography and steganography for data in cloud computing that seeks to reduce existing security and privacy concerns, such as data loss, data manipulation, and data theft. To identify the problem and determine its core cause, we studied various literature on existing cloud computing security models. This study utilizes design science research methodology. The design science research approach includes problem identification, requirements elicitation, artifact design and development, demonstration, and assessment. Design thinking and the Python programming language are used to build the artifact, and discussion about its working is represented using histograms, tables, and algorithms. This paper’s output is a four-step data security model based on Rivest–Shamir–Adleman, Advanced Encryption Standard, and identity-based encryption algorithms alongside Least Significant Bit steganography. The four steps are data protection and security through encryption algorithms, steganography, data backup and recovery, and data sharing. This proposed approach ensures more cloud data redundancy, flexibility, efficiency, and security by protecting data confidentiality, privacy, and integrity from attackers. Full article
(This article belongs to the Special Issue Security and Privacy in Cloud Computing Environment)
Show Figures

Figure 1

18 pages, 490 KiB  
Article
Towards a Modular On-Premise Approach for Data Sharing
by João S. Resende, Luís Magalhães, André Brandão, Rolando Martins and Luís Antunes
Sensors 2021, 21(17), 5805; https://doi.org/10.3390/s21175805 - 28 Aug 2021
Cited by 4 | Viewed by 3141
Abstract
The growing demand for everyday data insights drives the pursuit of more sophisticated infrastructures and artificial intelligence algorithms. When combined with the growing number of interconnected devices, this originates concerns about scalability and privacy. The main problem is that devices can detect the [...] Read more.
The growing demand for everyday data insights drives the pursuit of more sophisticated infrastructures and artificial intelligence algorithms. When combined with the growing number of interconnected devices, this originates concerns about scalability and privacy. The main problem is that devices can detect the environment and generate large volumes of possibly identifiable data. Public cloud-based technologies have been proposed as a solution, due to their high availability and low entry costs. However, there are growing concerns regarding data privacy, especially with the introduction of the new General Data Protection Regulation, due to the inherent lack of control caused by using off-premise computational resources on which public cloud belongs. Users have no control over the data uploaded to such services as the cloud, which increases the uncontrolled distribution of information to third parties. This work aims to provide a modular approach that uses cloud-of-clouds to store persistent data and reduce upfront costs while allowing information to remain private and under users’ control. In addition to storage, this work also extends focus on usability modules that enable data sharing. Any user can securely share and analyze/compute the uploaded data using private computing without revealing private data. This private computation can be training machine learning (ML) models. To achieve this, we use a combination of state-of-the-art technologies, such as MultiParty Computation (MPC) and K-anonymization to produce a complete system with intrinsic privacy properties. Full article
(This article belongs to the Special Issue Security and Privacy in Cloud Computing Environment)
Show Figures

Figure 1

17 pages, 3760 KiB  
Article
An Improved Vulnerability Exploitation Prediction Model with Novel Cost Function and Custom Trained Word Vector Embedding
by Mohammad Shamsul Hoque, Norziana Jamil, Nowshad Amin and Kwok-Yan Lam
Sensors 2021, 21(12), 4220; https://doi.org/10.3390/s21124220 - 20 Jun 2021
Cited by 8 | Viewed by 3239
Abstract
Successful cyber-attacks are caused by the exploitation of some vulnerabilities in the software and/or hardware that exist in systems deployed in premises or the cloud. Although hundreds of vulnerabilities are discovered every year, only a small fraction of them actually become exploited, thereby [...] Read more.
Successful cyber-attacks are caused by the exploitation of some vulnerabilities in the software and/or hardware that exist in systems deployed in premises or the cloud. Although hundreds of vulnerabilities are discovered every year, only a small fraction of them actually become exploited, thereby there exists a severe class imbalance between the number of exploited and non-exploited vulnerabilities. The open source national vulnerability database, the largest repository to index and maintain all known vulnerabilities, assigns a unique identifier to each vulnerability. Each registered vulnerability also gets a severity score based on the impact it might inflict upon if compromised. Recent research works showed that the cvss score is not the only factor to select a vulnerability for exploitation, and other attributes in the national vulnerability database can be effectively utilized as predictive feature to predict the most exploitable vulnerabilities. Since cybersecurity management is highly resource savvy, organizations such as cloud systems will benefit when the most likely exploitable vulnerabilities that exist in their system software or hardware can be predicted with as much accuracy and reliability as possible, to best utilize the available resources to fix those first. Various existing research works have developed vulnerability exploitation prediction models by addressing the existing class imbalance based on algorithmic and artificial data resampling techniques but still suffer greatly from the overfitting problem to the major class rendering them practically unreliable. In this research, we have designed a novel cost function feature to address the existing class imbalance. We also have utilized the available large text corpus in the extracted dataset to develop a custom-trained word vector that can better capture the context of the local text data for utilization as an embedded layer in neural networks. Our developed vulnerability exploitation prediction models powered by a novel cost function and custom-trained word vector have achieved very high overall performance metrics for accuracy, precision, recall, F1-Score and AUC score with values of 0.92, 0.89, 0.98, 0.94 and 0.97, respectively, thereby outperforming any existing models while successfully overcoming the existing overfitting problem for class imbalance. Full article
(This article belongs to the Special Issue Security and Privacy in Cloud Computing Environment)
Show Figures

Figure 1

Back to TopTop