A systematic review of security threats and countermeasures in SaaS-Reference-Cited by-同舟云学术

A systematic review of security threats and countermeasures in SaaS

Published:2020-11-27 Issue:6 Volume:28 Page:635-653
ISSN:1875-8924
Container-title:Journal of Computer Security
language:
Short-container-title:JCS

Author:

Díaz de León Guillén Miguel Ángel¹,Morales-Rocha Víctor¹,Fernández Martínez Luis Felipe¹

Affiliation:

1. National Laboratory of Information Technologies, Autonomous University of Ciudad Juárez, México

Abstract

Among the service models provided by the cloud, the software as a service (SaaS) model has had the greatest growth. This service model is an attractive option for organizations, as they can transfer part or all of their IT functions to a cloud service provider. However, there is still some uncertainty about deciding to carry out a migration of all data to the cloud, mainly due to security concerns. The SaaS model not only inherits the security problems of a traditional application, but there are unique attacks and vulnerabilities for a SaaS architecture. Additionally, some of the attacks in this environment are more devastating due to nature of shared resources in the SaaS model. Some of these attacks and vulnerabilities are not yet well known to software designers and developers. This lack of knowledge has negative consequences as it can expose sensitive data of users and organizations. This paper presents a rigorous systematic review using the SALSA framework to know the threats, attacks and countermeasures to mitigate the security problems that occur in a SaaS environment. As part of the results of this review, a classification of threats, attacks and countermeasures in the SaaS environment is presented.

Publisher

IOS Press

Subject

Computer Networks and Communications,Hardware and Architecture,Safety, Risk, Reliability and Quality,Software

Reference47 articles.

1. Review on security aspects for cloud architecture;Alam;International Journal of Electrical and Computer Engineering,2018

2. A study on state of the art in security and privacy issues on cloud computing;Aldaej;Journal of Engineering and Applied Sciences,2017

3. Security in cloud computing: Opportunities and challenges;Ali;Information Sciences,2015

4. A conceptual security framework for cloud computing issues;Aljawarneh;International Journal of Intelligent Information Technologies,2016

5. Adaptable, model-driven security engineering for SaaS cloud-based applications;Almorsy;Automated Software Engineering,2014

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. An Exploratory Analysis of Cloud Security Models in Social Networks;2023 3rd International Conference on Pervasive Computing and Social Networking (ICPCSN);2023-06

2. A Structural Framework for Assessing the Digital Resilience of Enterprises in the Context of the Technological Revolution 4.0;Electronics;2022-08-05

3. Use of Security Logs for Data Leak Detection: A Systematic Literature Review;Security and Communication Networks;2021-03-11