Results in Control and Optimization 12 (2023) 100268

Contents lists available at ScienceDirect

Results in Control and Optimization

journal homepage: www.elsevier.com/locate/rico

Cyber resilience and cyber security issues of intelligent cloud

computing systems
Fargana Abdullayeva
Institute of Information Technology, B. Vahabzade str., 9A, AZ1141, Baku, Republic of Azerbaijan

ARTICLE INFO ABSTRACT

Keywords: It is necessary to provide the cyber security of cloud computing according to the components
Cloud computing that constitute its structure. The first step in advancing the cyber security of this technology
SaaS is to accurately identify its threats. In this paper, a new cyber security reference model of the
PaaS
cloud system, which consists of components making up separate layers of cloud computing
IaaS
is proposed. Available reference models of cloud computing security do not describe the
Cyber security
Cyber resilience
virtualization and service layers and the important components for providing the cyber security
Cyber attack model of cloud computing in detail, do not consider the social media IoT sensor layer, which collects
the text data typed by attackers to carry out cyber attacks on the cloud infrastructure, and the
cyber resilience issues of the cloud computing at all In addition, this paper studies the cyber
security issues of cloud computing service models, and constructs an attack model to provide
security of cloud systems. It gives an interpretation of standards and legislative acts on the cyber
security of cloud computing. According to security aspects, clarification of the cyber security
and cyber resilience concepts of cloud systems is provided. The cyber resilience architecture of
intelligent cloud systems is developed. The advantage of developed cyber resilience model over
available one is that, it determines the information security and cyber security aspects of cloud
computing and combines them to form the cyber resilience aspects of cloud systems.

1. Introduction

The term cloud computing was first proposed in late 2006 by Google company’s executive officer Eric Schmidt. Currently, cloud
computing is included in the list of the main components of the fourth industrial revolution and is considered the most innovative
technology in leading countries [1].
Cyber security issues of cloud computing include cyber security issues of separate components of its complex architecture [2].
The content of cloud computing includes special information processing technologies, where the resources of the computing system
are presented in the form of an Internet service depending on the users’ needs. The feature of cloud computing is that the resources
of the cloud are dynamic, and its internal structure is kept hidden from users. The main elements of the cloud system are the physical
environment for data storage, the virtual environment created by the hypervisor, and the services provided to users. All of these listed
elements of cloud computing can be affected by cyber security threats [3]. The diversity of elements such as network, architecture,
application software interface, and hardware making up the cloud paradigm increases the complexity of security issues. This leads the
cloud provider and its customer to encounter security vulnerabilities created by various combinations of cloud elements [4]. Initial
necessary step in providing the cyber security of cloud computing with a complex structure is the development of its conceptual
model [5].
In this regard, a new cyber security reference model of the intelligent cloud system is proposed, which constitutes components
of separate layers of cloud computing. The cyber security issues of service models of cloud systems are explored, and an attack

E-mail address: [email protected].

https://doi.org/10.1016/j.rico.2023.100268
Received 11 May 2023; Received in revised form 25 June 2023; Accepted 11 July 2023
Available online 17 July 2023
2666-7207/© 2023 The Author(s). Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license
(http://creativecommons.org/licenses/by-nc-nd/4.0/).
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

model for the security of cloud systems is built. An interpretation of standards and legislative acts on the cyber security of cloud
computing is given. The concepts of cyber security and cyber resilience of cloud systems are clarified according to security aspects.
The cyber resilience architecture of intelligent cloud systems is developed.
The structure of the paper is organized as follows: Section 2 presents an architecture of the proposed cyber security reference
model for the intelligent cloud computing system. Section 3 discusses the cyber security issues of the cloud computing service
delivery models, and describes the developed cyber attack model for cloud system. Section 4 introduces the security standards
and legislation acts of cloud computing. Section 5 provides the discussion of the cyber threats, information security risks and
vulnerabilities of the cloud computing systems. Section 6 explains the security and cyber resilience aspects of cloud computing.
Section 7 gives common cyber security and cyber resilience architecture of intelligent cloud computing systems. Section 8
summarizes contribution and results of the study.

2. Cyber security reference model of intelligent cloud computing

In order to ensure the cyber security of cloud computing, first, it is required to describe the structure of the cloud system
itself. Giant organizations such as NIST, IBM, and Microsoft propose reference models for cloud computing in this regard. The
NIST organization describes the standard model of information systems of cloud computing mainly consisting of five participants:
cloud client, cloud provider, cloud communication operator (Cloud carriers), cloud auditor, and cloud broker [6]. The reference
model proposed by NIST consists of layers called Orchestration, Service, Resource abstraction and management, Physical resources,
cloud service management, and security. Here, the following issues are considered for the security provision of the cloud computing
system:

- Authentication and authorization of cloud customers;

- Allocation and assignment of resources for recovery, update, and connection of new nodes;
- Monitoring of virtual resources;
- Monitoring the cloud activity and reporting on performance;
- Determining the parameters of the service level agreement (SLA);
- Monitoring the implementation of SLA according to the defined security policy.

Another reference model for cloud computing is proposed by IBM [7]. According to the reference model of IBM, the model of the
cloud computing system is defined by three roles: customer, operator, and cloud service creator. These roles can be performed by
individual entities, groups of entities, or organizations. This architecture considers security, resilience to failures and performance
as common aspects and covers the cloud management platform, hardware infrastructure, and cloud services.
Available reference models of cloud computing security do not describe the virtualization and service layers and the important
components for providing the cyber security of cloud computing detail, do not consider the social media IoT (Internet of Things)
sensor layer, which collects the text data typed by attackers to carry out cyber attacks on the cloud infrastructure, and the cyber
resilience issues of the cloud computing at all. In this regard, presented work proposes a new cyber security reference model of
cloud computing systems consisting of components that constitute all layers of cloud computing. The new model can be represented
as follows (Fig. 1).
The proposed model of cloud computing system consists of two main subjects: Cloud customer and cloud operator. This model
consists of the following layers: application layer, service layer, virtualization layer, data transmission layer, physical resources
layer, IoT social media sensor layer, cyber security, and cyber resilience layer.
Within the security of the proposed cloud computing system model, the following issues are considered:

- Fault detection;
- Sensitive data privacy;
- Clustering of cyber attacks;
- Identity management;
- Trust management;
- Anomaly detection;
- Task scheduling;
- Risk assessment;
- Cloud security monitoring;
- Identification of CTI data (Cyber Threat Intelligence) from social media texts and identification of cyber threats.

3. Cyber security issues of service delivery models of cloud computing systems

Cloud computing uses three service models to provide various services to users. The SaaS (Software as a Service), PaaS (Platform
as a Service), and IaaS (Infrastructure as a Service) service models of cloud computing provide customers with infrastructure
resources, application platforms, and software resources as a service. Each service model imposes different security requirements
on the cloud environment.
The IaaS model is the lowest core layer of the stack of service models of cloud computing. The PaaS model is at the top layer of
the IaaS model, and the SaaS model is at the top layer of the PaaS model [8] (Fig. 2).

2
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

Fig. 1. The proposed cyber security reference model for the cloud computing system.

Fig. 2. Layered architecture of the cloud system.

Fig. 2 illustrates four layers of the cloud computing architecture: hardware layer; infrastructure layer; platform layer; application
layer. These layers are located on top of one another. Each layer is built on the loosely connected principle with the layer above
and below it. This feature enables each layer to function separately.
Hardware layer. This layer manages the physical resources of the cloud. These resources include physical servers, routers,
switches, power, and cooling systems.

3
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

Infrastructure layer. This layer is also called the virtualization layer. The task of this layer is to create a pool of storage and
computing resources using virtualization technologies.
Platform layer. This layer is located on top of the infrastructure layer. This layer includes operating systems.
Applications layer. The application layer of the cloud differs from traditional applications. Cloud applications include
auto-scalability to increase performance and availability with low costs.
The cloud providers are responsible for some of the security issues of the service models, while the cloud customers are
responsible for others.
Security issues of the SaaS model
In the SaaS model, customer’s data is stored alongside to the other customers’ data in the SaaS provider’s data center. In addition,
the cloud provider replicates data to different locations across countries to provide availability. In traditional information systems,
enterprises are aware of data storage rules. However, the fact that customers are not aware of the rules for storing and protecting their
data in the SaaS model creates great security concerns. Here, the emergence of problems such as data leakage, software application
vulnerabilities, and accessibility lead to both economic and legal damage.
In the SaaS model, the provider is entirely responsible for cloud security management. The resources provided by SaaS are
applications. In order to build a perfect SaaS model, mainly the following security issues should be thoroughly explored: Data
security, network security, data colocation, data integrity, data segregation, data access control, authentication and authorization,
data confidentiality, web application security, data leakage, and virtualization vulnerabilities.
Security issues of the PaaS layer
In the PaaS layer, the provider assigns to the users some management rights. However, the provider is responsible for any
protection positioned below the application layer, such as countermeasures against host or network intrusions. In this case, the
provider must strictly guarantee that the data will not be accessible between applications. PaaS aims to enable developers to build
their own applications on top of the platform.
Security issues of the IaaS layer
The IaaS layer provides users with the rights over security management. Depending on the service model, the security
responsibilities of the provider and customer vary significantly. Amazon’s EC2 (Elastic Compute Cloud) infrastructure service
empowers the provider with the security right up to the hypervisor. Specifically, here, providers can only manage physical security,
environmental security, and virtualization security. The customer, in turn, has the authority to manage security issues related to
the IT system, operating system, applications, and data.
The first step in improving the security of cloud computing is to accurately identify its threats. Fig. 3 depicts the attack model for
the security of cloud computing systems. The model is based on service models of cloud computing and common technologies for
the cloud. The components of the attack model are the infrastructure layer, the platform layer, the application layer, the network
layer, the virtualization layer, and the physical layer.
Fig. 3 separately describes the threats faced by each component. This model represents the impact of security attacks on the
cloud system. These impacts are the main targets of the attacks. As in Fig. 3 illustrates, securing cloud systems requires a multiline
defense to prevent attacks from both physical and cyber spaces.
Attacks targeting cloud systems refer to:
Zombie attack. An attacker tries to flood the target object by sending requests from harmless hosts on the network over the
Internet. These hosts are called zombies. VMs (Virtual Machines) in the cloud can be accessed by any user on request over the
Internet. An attacker can send multiple requests through zombies. This type of attack disrupts the cloud performance by affecting
the availability of cloud services. Here, the cloud is overloaded to serve a number of requests, thereby exhausting its resources, and
resulting in DoS or DDoS (Distributed Denial of Service) attacks against the servers.
Service injection attack. The attacker tries to inject a malicious service or a new virtual machine into the cloud system and
initiates providing malicious services to users. Malware affects the cloud services by altering or blocking cloud functions. Here, an
attacker creates a malicious service, such as a SaaS, PaaS, or IaaS, and adds it to the cloud system. In this case, genuine user requests
are automatically redirected to malicious services, and as a result, malicious services begin to be provided to the user.
Virtual machine bypassing. With this attack, the attacker’s program running in the VM disrupts the isolation layer and gets
the privileges of the hypervisor along with the VM privileges. This enables an attacker to communicate directly with the hypervisor.
VM bypass from isolation occurs at the virtual layer. Through VM Escape, an attacker gains access to the host operating system and
other VMs running on the physical machine.
Rootkit in the hypervisor. VM-based rootkits force the hypervisor to infect the current host OS. The hypervisor also creates a
hidden channel to run unauthorized code on the system. This enables an attacker to control any VM running on the host machine
and manipulate operations on the system.
Man in the middle attack. If the SSL (Secure Socket Layer) is not configured correctly, every attacker can gain access to the
data sharing between the two parties. In the cloud, an attacker can gain access to communications between data centers.
Metadata spoofing. In this type of attack, the attacker modifies the file containing information about the service sample.
Phishing attack. This attack aims to manipulate a web connection to get sensitive data and redirect the user to the wrong
connection. An attacker hijacks other users’ accounts or services in the cloud by hosting a phishing attack site on a cloud service.
Backdoor channel attack. This attack enables remote access to the infected system. By using backdoor channels, hackers can
control the target’s resources and turn them into a zombie to launch a DDoS attack.

4
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

Fig. 3. Cyber attack model for cloud system.

Deception Attacks. Since cloud computing is efficient in terms of storage and computing resources, industrial organizations are
migrating their management systems to cloud. [9] develops a neural network-based approach to detect Deception Attacks targeting
actuator signals of cloud-based industrial control systems. Deception Attacks attempt to compromise the integrity of the control
signal by maliciously altering the transmitted information [10].
Denial of Service Attacks. This is a type of attack that attempts to flood a network, system, or application with huge traffic,
connections, or requests it cannot handle. [11] presents an approach to estimate the state of nonlinear systems affected by a DoS
attack and uncertain input data.

4. Security standards and legislation acts of cloud computing

The widespread application of cloud computing has necessitated the development of numerous cloud standards in this field.
The availability of appropriate governance in the providers is determined through the ISO 2700x series of standards, SSAE 16,
and ISAE 3402 guidelines. The ISO 2700x standard allows for determining the following:

- guarantee of the client’s applications and data to be isolated in a shared, multi-tenant environment;
- protection of the client assets from unauthorized access by the provider staff;
- protection of the client assets from intentional or accidental access by employees or partners of the client.

The ISO 2700x [12], SSAE 16 [13], and ISAE 3402 [14] guidelines covering information technology governance are not
specifically designed for cloud computing services. These documents are generally accepted by standardization organizations and
can be used to guarantee the security of the services provided by cloud providers.
In Europe, providers have to be certified according to the information security management standard ISO 27001-2013. The
ISO 27001 standard for information security adopted in our country was developed on the basis of the international ISO standard.
Numerous certificates based on the ISO 27001 standard are issued annually in the EU countries. Despite the availability of the ISO
standard in Azerbaijan, it is not widespread in the country. Dozens of organizations receive this standard every year. The reason
for its lack of widespread use is that the standard has a general approach to IT (Information Technology) management and the
certification is expensive.

5
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

Other standards from the ISO 27000 series are 27002 and 27005. These standards are guideline and is not envisaged to receive
certificates related to them. However, the provider may order an assessment to determine the extent to which the recommendations
of this standard are followed.
Note that since standards 27001, 27002, and 27005 do not include an article about cloud services they are not applicable to cloud
providers. ISO developed the ISO/IEC 27017 standard on the ISO/IEC 27002 standard, which is specific to cloud computing [15].
The ISO/IEC 27017 standard defines information security management tools for cloud solutions. ISO 27017 adds articles related
to cloud security that are not adopted in ISO27002. This standard is officially called ‘‘Code of practice for information security
controls based on ISO/IEC 27002 for cloud services’’. The ISO 27002 standard consists of 11 sections, 39 management objects and
133 recommended security measures. Recommendations specific to cloud services in ISO 27017 are provided in 37 security measures
from 133 of ISO 27002. These recommendations are aimed at cloud service providers as well as customers. This means that they
have a mutual responsibility for the security of services. Since the ISO 27017 standard is an addition to the ISO 27002 standard,
this new standard does not take into account the certification process. However, due to the popularity of the ISO 27017 standard,
many certification organization are planning to implement this certification. The ISO 27017 standard was adopted on November
30, 2015.
Amazon Web Services was the first organization to get this certification, October, 2015. In addition, this organization developed
the ISO/IEC 27018 standard on the ISO/IEC 27001 standard, which reflects the rules for the security of cloud services and the
protection of personal data in the public cloud [16]. ISO/IEC 27036-4 provides guidance on specific information security risks
related to the implementation of cloud services and their effective management [17]. The standard of this organization called
‘‘ISO/IEC 19086 Cloud computing - Service level agreement (SLA) framework’’ defines the rules of data privacy and security [18].
ISO/IEC 19086 (Part 4) covers issues related to the security and privacy components of cloud service-level agreements [19]. ISO/IEC
27034 provides an overview of the security of software applications. Basic definitions, concepts, principles, and processes related
to the security of software applications are described. This standard can be used in software applications designed for any type of
infrastructure [20]. The ITU (International Telecommunication Union) pays great attention to the protection of personal data in the
cloud. In this regard, the organization published a technical document entitled ‘‘Privacy in Cloud Computing’’ [21]. The document
analyzes the problems of standards to be developed by various standardization organizations to eliminate the risks of data privacy
violations in the cloud. The NIST organization in its document entitled ‘‘NIST Special Publication 800-53’’ defines the rules for
providing the security of federal information systems and the privacy of personal data [22]. SP 800-210 is a standard containing
general guidelines for access control for IaaS, SaaS, and PaaS cloud models [23]. Different service models have different access
control rules. Since cloud service models have a hierarchical structure, access control rules designed for the functional components
of a lower-level service model can be applied to the same functional components of a service model located at a higher level. For
example, the access control rules for the network and storage layers of the IaaS model can also be applied to the network and
storage layers of the PaaS and SaaS models, and the access control rules for the network and storage layers of the IaaS and PaaS
models can also be applied to the network and storage layers of the SaaS model. Here, the access control rules are defined without
considering the deployment models of the cloud. Because consideration of the deployment models also requires the construction of
an additional access control layer.
OWASP Secure Coding Practices document of the organization OWASP (Open Web Application Security Project) includes
guidelines to train developers in creating cloud-based applications [24]. The risk and authorization management program FedRAMP
(The Federal Risk and Authorization Management Program) is a program that federal government agencies are required to
follow when using cloud services [25]. This document provides a standardized and centralized approach for security assessment,
authorization, and continuous monitoring of cloud-based services and federal security requirements (such as FISMA - Federal
Information Security Management Act). There is also a free registry called CSA-STAR, which contains documents that allow
users to rate the security level of a cloud provider. This registry was created by the organization CSA (Cloud Security Alliance).
Here, security assurance is provided in 3 types: (1) STAR Entry-Self Assessment – covers the organization’s internal assessment
issues, the assessment is based on the CSA Consensus Assessment Initiative (CAI) or Cloud Control Matrix (CCM). (2) STAR
Certification/Attestation - Requires completion of ISO ISO27001 or AICPA SOC2 certification programs. (3) STAR Continuous:
requires continuous testing and evaluation of the physical security of the cloud system. Other ISO documents defining the security
requirements that cloud providers must comply with may include the following:
ISO/IEC 27032:2012 standard is an extension of the ISO 27001 standard, covering the protection of confidentiality, integrity, and
availability aspects of cyber property security. Cyber assets include hardware, software, data, services, and virtual assets.
ISO/IEC 20000-1:2011 is a standard related to service management systems. The standard defines requirements for the service
provider related to scheduling, creation, implementation, management, monitoring, and maintenance of the service management
system.
ISO 22301:2012 defines the requirements for the establishment of a business continuity management system and its administration.
The main purpose of this standard is to guarantee the system not to be affected by the events, as a flood or a cyber-attack.
ISO29100:2011. The guideline that determines the protection rules for any personal information related to a person.
ISO 31000:2009. Standard of guidelines enables organizations to analyze risks and assess internal risks.
Cloud services have the codes of conduct regarding the personal data processing, for example, the EU Cloud Code of Conduct
[26]. However, it should be noted that there are still no legislation acts related to the cyber security of cloud computing.

6
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

5. Analysis and systematization of cyber threats to cloud systems

5.1. Information security risks in cloud computing

Risk—expresses the probability that the threat will use the vulnerability in the object and, thereby cause damage to the
organization [27]. The organization determines the risk as the ratio of the probability of accident occurrence to the damage caused
by it.
Various standardization organizations assess risk based on two higher-level risk factors [27,28]: the probability of occurrence of
a harmful accident (frequency of damage) and its consequence (magnitude of probable damage).
The scale of the probable loss affects the costs of the harmful event. A loss event occurs when a threat agent successfully exploits
a vulnerability. The occurrence of this event depends on two factors: (1) The frequency with which the threat agent attempts to
exploit the vulnerability. This frequency is the number of contacts of agents to attack the target. (2) the difference between the
ability of the threat agent to attack and the ability of the system to resist an attack.
Information security risks in cloud computing are as follows:

- Lack of management. By transferring personal data to a cloud managed by the provider, customers are deprived of the right to
control this data and cannot take any technical and organizational measures necessary to ensure availability, completeness,
confidentiality, transparency, isolation, compliance, and protection from intrusion.
- Lack of transparency. Insufficient transparency of cloud service operations poses a threat to controllers during information
processing. This situation also poses a major threat to data entities. Because they are not aware of potential threats and risks,
they cannot see the necessary requirements.
- The processing of personal data in separate geographical regions poses potential threats to the controller.

5.2. Threats to cloud systems

A threat is a situation or an event that can impair an organization’s activities, assets, individuals, or nation through information
systems by making unauthorized access [35]. Cloud computing exposes cloud service providers and users to a number of security
threats. The number of types of these security threats is increasing rapidly [29]. The CSA organization publishes a list of threats
to cloud security since 2010. According to the list published by the CSA in 2016, organizations may face the following 12 threats
when implementing cloud computing [30]:
Data leakage. This threat creates an opportunity to obtain confidential information by unauthorized persons.
Weak identification, credentials, and access management. An attacker impersonates a genuine user and gains unauthorized access
to data.
Insecure API (Application Programming Interface). Cloud clients are provided with application programming interfaces to manage
allocated resources. These interfaces expose the cloud environment to the exploitation of attackers. These APIs are designed based
on web services. Web services have their own vulnerabilities.
System and application vulnerabilities. This threat appears due to errors occurred in the system. Vulnerabilities in operating system
libraries, kernel programs, and application tools put all services and data under the influence of a security risk.
Account hijacking. This is a traditional type of threat that is relevant also to any computer system and cloud computing. This threat
allows gaining access to the system by capturing the credentials and password of the genuine user. In the cloud, when attackers take
over a user’s account, they can redirect users to illegitimate sites, manipulate data, provide false information, and track transactions.
Malicious insiders. A current or former employee or any business partner with authorized access to an information system is
considered a malicious insider if he intentionally abuses that access to violate the security and privacy aspects of the information
system.
APT (Advanced Persistent Threats). APTs are a sophisticated type of attack that has a special goal and is directed at a specific
target. Since these attacks are adaptive to the implemented security mechanisms, it is extremely difficult to detect them.
Loss of data. This threat includes cases of data loss not only due to attacks but also due to accidental deletion, unexpected damage,
and physical disaster (e.g., fire, earthquake, flood).
Insufficient due diligence. It involves the evaluation of potential customers of cloud computing to determine whether cloud service
providers meet the requirements of various guidelines. Insufficient implementation of this operation causes the emergence of security
risks.
Nefarious and malicious use of cloud services. This threat occurs due to unregistered, mismanaged, fake, free user accounts and
poor cloud protection. The presence of these situations enables attackers to access computer resources and misuse these resources
against target objects. Examples of abuse of cloud services include launching DDoS attacks from the cloud, email spam and phishing,
digital currency acquisition, large-scale click fraud, brute force attacks against stolen identity databases, and hosting malicious and
pirated content.
Denial of service. Prevents genuine users from accessing their data due to cloud resource unavailability. The attacker forces the
target cloud service to use more of the allocated resources, causing the system to slow down, which in turn prevents genuine users
from accessing the system.
Shared technology. Shared technology is one of the key characteristics of cloud computing relevant to all three service models.
The components that enable the shared use of technologies are not considered to provide isolation in a multi-user environment

7
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

where several users’ applications are placed in the same location. Lack of isolation creates vulnerability in shared technologies. For
example, the hypervisor vulnerability.
In addition, service outsourcing, regulatory compliance, data location, shared environment, business continuity, disaster recovery,
hard environment for investigating illegal activity, and long-term viability risks have also been identified for cloud computing [31].
Threats listed above occur due to the resource sharing and multi-tenancy features of the cloud, and these features are the main
threats that cause data confidentiality violations [31,32]. Misconfigurations, targeted attacks, etc. are threats and problems targeting
services [33]. These threats can be realized in all three layers of cloud computing. Among the threats, only common technology
threats can be realized in the IaaS layer, and the nefarious use of cloud computing can be realized in the PaaS and IaaS layers.

5.3. Vulnerabilities in cloud systems

Vulnerability is a weakness in the information system, security procedures, and internal control mechanisms that can be used by
a threat source [34]. Vulnerability is the probability that the object will not be able to resist the actions of the threat agent. When
there is a difference between the strength of the threat agent and the resistance of the object to this strength, it can be assumed
that a vulnerability already exists. For this reason, a vulnerability must be defined as being resilient against some type of attack.
There is also the concept of computer vulnerability. These are mistakes related to security. A vulnerability called buffer overflow
weakens the resilience of the system against code execution. The way an attacker can exploit this vulnerability depends on his
capabilities.
In essence, cloud computing is a combination of known technologies. If a vulnerability exists in the underlying technologies that
constitute the cloud technologies and affects the key characteristics of the cloud computing defined by NIST, then this vulnerability
is suggested to be cloud-based.
[35] noted that weaknesses in the technologies that constitute cloud computing create vulnerabilities in its components. In this
work, the vulnerabilities of cloud computing are investigated in terms of its architectural components. These vulnerabilities are:

- Application and interface vulnerabilities;

- Platform vulnerabilities;
- Infrastructure weaknesses;
- Vulnerabilities in Internet protocols;
- Unauthorized access to the management interface;
- Injection vulnerabilities;
- Vulnerability in the web browser and application programming interface.

Application and interface vulnerabilities

Implementation of cloud computing is provided over the Internet. Here, the web is considered the only means of providing cloud
services. Providing network access and remote software management from a single point are the main characteristics offered by cloud
computing. These features allow customers to access cloud services over the web. User authentication also takes place at this layer.
For this reason, security holes in web browsers and protocols create vulnerabilities for cloud applications and services. A 2022 report
by the Verizon Business Analytics organization states that 70% of attackers target application programs [36]. Such vulnerabilities
allow the creation of new types of attacks that can bypass the defense mechanism of the network layer. Protection from these attacks
requires the development of application layer defense systems [37,38]. 5 years after its last publication, the OWASP organization has
identified a list of top 10 vulnerabilities for business organizations covering the years 2021-2022 [39]. Using these vulnerabilities,
cybercriminals carry out various distributed denial-of-service attacks and data theft against the application layer. The identified
vulnerabilities are:

1. Broken access control;

2. Cryptographic failure, sensitive data exposure;
3. Injection, Cross-Site scripting;
4. Insecure design;
5. Security misconfiguration, XML external entities (XXE);
6. Vulnerable and outdated components, using components with known vulnerabilities;
7. Identification and authentication failure;
8. Software and data integrity failure, insecure deserialization;
9. Security logging and monitoring failure, insufficient logging and monitoring;
10. Server-side request forgery.

Web client data manipulation

Allows modification of data related to the permission of the client to web browser components. This modification occurs in the
hidden area of the HTTP protocol where the registration data of the web user is stored. This field usually stores the login data of
the web user.

8
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

Vulnerabilities in user identity and access

The function of identity management is to identify subjects and control access to resources. Using weak passwords, duplicate
identities, and one-factor authentication creates vulnerabilities in the authentication.
Vulnerabilities in platform layer
The platform layer provides the user with tools, middleware, and operating systems to create applications. Software quality
mostly depends on the software development model used by the developer. Vulnerabilities in this category include vulnerabilities
in the application of best practices in software creation, vulnerabilities in the software code, and traditional vulnerabilities in the
operating system.
Vulnerabilities in the infrastructure layer
The main technologies of the infrastructure layer are virtualization and hypervisor. The cloud-based characteristics of virtual-
ization, such as VM images, VM migration, VM recall, and multitenancy, along with the traditional vulnerabilities of virtualization
have brought additional vulnerabilities to the cloud system. Another vulnerability existing in this layer is hypervisor vulnerabilities.
A hypervisor is a software that manages VMs and enables multiple operating systems to run on the same hardware. Exposure of
a hypervisor to the attack influence can bring all related with it VMs into an idle state. Vulnerabilities in the cloud network and
storage also belong to this layer. Network protocol vulnerabilities, shared network component vulnerabilities, and virtual network
vulnerabilities are infrastructure layer vulnerabilities. Data encryption, data access vulnerabilities, data storage location, backup,
recovery, and data cleaning are storage component vulnerabilities. Since the cloud has its own characteristics, the elimination of
these vulnerabilities by traditional methods is considered impossible and it requires the development of new methods to combat
them.

6. Security and cyber resilience aspects of cloud computing

6.1. Security aspects

The organization NIST as is the case for any information system named confidentiality, completeness, availability, authentication,
authorization, accountability, and privacy as the main security aspects of cloud computing [40]. Confidentiality guarantees that the
cloud client’s sensitive data will not be disclosed to unauthorized persons, entities, and processes. Integrity guarantees that a cloud
user’s sensitive data will not be modified or deleted without authorization. Availability ensures that cloud user data will be available
to authorized entities in case of need. Authentication is the verification of the identity of a cloud user. Authorization ensures that the
authenticated cloud user will be granted the correct level of access to cloud services. Accountability the cloud provider must be able
to determine that each transaction performed or executed in the cloud environment is a unique object for the cloud user. Privacy
user data in the cloud should not be used for purposes other than intended.

6.2. Cyber resilience aspects

Recently, it is impossible to build systems that are not affected by cyber attacks. There are always attempts to attack information
systems. However, existing methods are unable to prevent these attacks. The most promising solution to overcome the arising
problem is cyber resilience.
Cyber resilience of computer systems can express distinctive meanings to different organizations. For some of them it is keeping
the system as a ‘‘never-down system’’, for others, it is the ability to recover from incidents and failures as quickly as possible.
According to the organization ENISA, cyber resilience is the ability of a system (network, service, infrastructure) to provide and
maintain an acceptable level of service even in the event of various failures and problems in the normal business process. Security—
protection of information and information systems from unauthorized access, use, distortion, modification, or destruction, as well
as the ability to respond and recover in the event of a failure or incident. The organization NIST considers that cyber resilience as
the ability to anticipate, resist, recover and adapt to undesirable conditions, consequences, attacks or virus infections of systems
using cyber resources [41]. Cloud resilience is the ability of a system to provide and maintain service at an acceptable level in the
face of failures and problems that occur during normal operation.
The ENISA D2R2+DR strategy assumes that unexpected events will always occur in the system. Here, once the general protections
are in place, these events should be detected, and remedied (for example, traffic redirection), and the protections strengthened to
more adequately respond to similar problems. After the damage is repaired, the recovery process is start. In this case, the system
returns to its normal state. The Information Security Forum has clarified the concepts of cyber security and cyber resilience in terms
of security aspects [35,42]. Information security, known as the CIA triad (Confidentiality, Integrity, and Availability) – defines how
to deal with impacts on confidentiality, integrity, and availability. Cybersecurity – defines how to deal with threats to other aspects
above the CIA. Cyber resilience deals with managing unknown, unpredictable, uncertain threats that aim to disrupt aspects of both
layers.
Resilience metrics are available to measure cyber resilience [43]. Resilience metrics are used to measure how well a system can
maintain a service level in the face of various problems. The ENISA organization groups these metrics as: problem tolerance metrics
and trustworthiness metrics.
Nowadays, organizations are turning to the cloud to ensure the cyber resilience of their infrastructure [44]. In [45], Microsoft
argues that cloud computing can provide cyber resilience to government and public sector infrastructures. Cloud computing is
mentioned to have a great role in ensuring cyber resilience.

9
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

Clouds provide resilience through data backup, resource allocation, task scheduling, authentication, encryption, and DDoS
protection mechanisms. With geographical replication of data, fast scalability, security features, and cost savings, the cloud enables
users to increase the efficiency of their operations and the agility to respond to threats. Cloud computing is a tool that can provide
cyber resilience to government and public sector infrastructure.
The use of the same parameter for data encryption, lack of randomness, insecure interfaces and application programming
interfaces are the main sources of threats to cloud systems and are considered serious security issues for clouds.
Recently, to ensure the cyber resilience of cloud systems, intelligent cloud systems based on deep and machine learning methods
(supervised, unsupervised, and reinforcement learning) have been actively developed [46]. IBM SmartCloud Enterprise+ (SCE+) is
an intelligent cloud solution provided by IBM to enterprise customers [44]. The SCE+ cloud has a resilient architecture, high system
availability, and no single point of failure. SCE+ consists of an integrated cluster of enterprise-class servers, network elements,
and storage components with RAS (Reliability, Availability, and Serviceability) characteristics and has a high mean time between
failures. All elements of the server, network, and storage are duplicated here. SCE+ uses multiple techniques to keep virtual servers
running even in the event of a failure. Here, when a client’s virtual machine stops working, it is automatically restarted. When the
physical server hosting a virtual machine fails, those virtual machines are restarted on alternate servers. The SCE+ system ensures
cyber resilience of data by regularly replicating them to separate storage systems. Because each server has redundant network and
storage adapters, no single failure causes any disruption. [47] proposes an approach called Autonomic Resilient Cloud Management
(ARCM). Software behavior obfuscation (SBO), replication, diversity, and autonomous management (AM) methods are developed
within the proposed approach. In the SBO approach developed here, the software uses spatiotemporal behavior hiding or encryption
to randomly change the version of its active components to avoid exploitation and penetration. In another approach developed in
this thesis, a diversification method was developed to randomly change its version during software execution. This method serves to
randomly mix versions of software that are equivalent in functionality but differ in behavior. Here, implementing runtime encryption
makes it difficult for an attacker to disrupt the normal operation of cloud applications or services. [46] analyzes the methods related
to fault tolerance of cloud computing. Here, fault tolerance methods are divided into three classes: reactive methods (RAM), proactive
methods (PRM) and resilience methods (RSM). In reactive methods, the system is put into a state of failure and then attempts to
restore the system. They are based on classical methods developed for handling failures in distributed systems: e.g., replication,
reloading, detection, and recovery. In proactive methods, the system is not put into a state of denial. Here, mechanisms are developed
to avoid errors before they affect the system. Monitoring and forecasting methods are used here. In proactive methods, the normal
operation of the system is continuously monitored, and if the possibility of system failure is predicted, measures are taken to avoid
them. In proactive methods, failure prediction is performed offline using statistical modeling. Resilience methods try to minimize
the time spent on restoring the system from a failed state. Machine learning and artificial intelligence methods play an active role
in resilience methods. In these methods, the recovery time is projected onto the function to be optimized. Here, the recovery time
is converted to milliseconds. RSM includes methods for responding to customers despite failure, monitoring the state of the system,
and learning and adapting to mistakes and predictions. System learning and adaptation in RSM are implemented based on machine
learning and artificial intelligence. The fact that the RSM guarantees to respond to the customer is directly related to reliability.
And this constitutes a part of the QoS.
To evaluate the resilience of cloud services, [48] defined metrics such as service availability, the average time between failures,
the average time spent on maintenance, the average time spent on recovery, and scalability. SECCRIT (SEcure Cloud computing
for CRitical infrastructure IT) project, winner of the FP7 program of the European Union, proposes a new resilience management
approach to ensure overall resilience against problems arising in the cloud environment. The approach is based on the idea of
data density-based online anomaly detection. The method is applied in the infrastructure layer of the cloud [49]. [50] considers the
presence of duplicate IT resources within the same cloud (but in different physical locations) or across multiple clouds as a resilience
characteristic for cloud computing. [51] studies the impact of failures on the resilience of scalability of cloud-based software services.
An application-level fault injection approach is proposed here to investigate how application-level failures affect the behavior and
scalability of cloud software services. The scalability assessment using the fault injection method allows evaluation of the impact
of failure on aspects of cloud software services (e.g., performance, scalability, security). Fault injection is a method used to test
the effectiveness of software systems [52]. Application-level fault injection (ALFI) method is used to evaluate the fault tolerance of
applications. The resilience of cloud software services is evaluated using scaling efficiency metrics and an approach is proposed to
measure scaling efficiency.
A document published by ENISA in 2012 noted that cloud capabilities such as resource allocation, authentication, encryption,
and DDoS protection mechanisms have great importance for resilience. In addition, the Microsoft white paper ‘‘Enhancing Cyber
Resilience with Cloud Computing’’ published in 2017 makes similar arguments: ‘‘The cloud can be a practical and valuable tool for
cyber resilience and digital resilience’’. ‘‘With geographic data replication, rapid scalability, security features, and cost savings, the
cloud allows users to increase operational efficiency and the flexibility to respond to threats’’.
[53] develops approaches for resource allocation in cloud systems and power grids that take into account failures caused by
attacks and highly variable demands. [35] proposes a resilience approach against cloud cyber security risks. It identifies cloud
vulnerabilities, evaluates threats, and detects high-risk components in Dropbox. To predict high business impacts and mitigate them
appropriate countermeasures are proposed. Dropbox is used here as an example of a resilience cloud. The Cloud Security Alliance’s
‘‘Cloud Security Matrix, CSACCM’’ is used for risk assessment.
On April 5, 2022, the World Bank Group Korea Office and the World Bank Digital Development Global Practice organization
held a joint webinar titled ‘‘Cybersecurity and Resilience: Strengthening Critical Infrastructure’’ to assist countries to accelerate their
digital transformation. Here, the issues of cyber risk management to ensure the resilience of critical infrastructures such as the cloud
were one of the main topics of the webinar.

10
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

ITU helps Member States develop cyber security preparedness, protection, and incident response capabilities by holding an
event called CyberDrill among Member States [54]. To date, ITU has organized over 30 online CyberDrill events. CyberDrill is
held annually, during this event, cyber attacks and incidents are simulated to test the cyber capabilities of the organization. The
ITU cyberDrills event is designed with a dual purpose: a platform for collaboration, information sharing and discussion of current
cyber security issues, and secondly to conduct practical exercises for national Computer Incident Response Teams (CIRTs)/Computer
Security Incident Response Teams (CSIRTs). [55] analyzes of existing works on the resiliency of cloud services. It examines the cyber
resilience issues of the physical and the data center layers, virtual resource abstractions (storage), virtual machine monitors, virtual
networks, and cloud management mechanisms.

7. Cyber resilience architecture of intelligent cloud systems

Providing the cyber resilience of the system should be implemented in each of its components. In order to provide the cyber
resilience of cloud storage, the fault tolerance of hardware, servers, controllers, Internet channels, gateways, proxy servers, remote
access, and storage systems should be evaluated separately. In this case, the cyber resilience of the Internet channel refers connecting
to two stable Internet channels belonging to two different providers. Fault tolerance of hardware is implemented through a single
cluster of virtual machines with the ability to perform live migration. Server fault tolerance refers to the uninterrupted operation of
several types of servers. These servers may include terminal servers, application servers, file, mail, document servers, and web
servers. This issue is resolved through reservation and duplication. Thus, when any problem occurs with the main resources,
the entire system switches to the reserve resources instantly without the user noticing. Current approaches to cyber resilience
management in the cloud are focused on increasing the reliability of cloud services.
Most of the works developed in the field of cyber resilience of the cloud focus on the optimization of memory consumption
and virtual machine migration [56–59]. Few studies are devoted to the problems related to learning from mistakes and adapting to
them. Clouds with this function are called intelligent (smart). Smart Clouds are clouds that have the ability to learn from previous
experience. As can be seen from the review of related works above, various metrics have been used to assess the cyber resilience
of cloud systems. These metrics can include fault tolerance, risk assessment, trust assessment, etc. Considering these factors, Fig. 4
presents the proposed cyber resilience architecture of intelligent cloud systems.
This architecture aims to ensure that the system remains reliable, its confidentiality is not violated, and its integrity is protected
even when it is affected by any unexpected events. Robustness is one of the subcategories that define cyber resilience. Rapid recovery
and adaptability are also included in the categories determining cyber resilience [60]. In [61], the security of cloud systems is
analyzed in terms of the CIA triad. Despite the popularity of the CIA-triad, this triad fails to take into account the new types of
threats emerging in a dynamic environment as clouds [62]. To overcome this problem, a list of complex security aspects known as
IAS-OCTAVE (Information, Assurance, Security) is proposed [62]. According to this list, accountability, auditability, authenticity,
trustworthiness, availability, confidentiality, completeness, integrity, non-repudiation, and privacy is considered cyber security
aspects of cloud computing. The combination of both information security and cyber security aspects forms the cyber resilience
aspects of cloud systems. Fig. 4 lists the cyber resilience aspects of cloud systems in the block titled ‘‘Cyber resilience aspects of the
cloud’’.
As a result of the provided examination, a general architecture model for the cyber security and resilience of cloud systems is
proposed as follows (Fig. 5).
The proposed architecture is based on the idea of constructing a secure cloud system. Here, image, text, and signal-type incidents
related to cyber security and resilience, which pose a threat to the cloud from the Internet environment and various sources are
analyzed and countermeasures are developed to deal with them. Developed countermeasures are created in the form of separate
clouds. These clouds can be presented as ‘‘everything as a service, XaaS’’ service. Here instead of ‘‘everything’’ Fault forecasting as
a service, Personal data protection as a service, Malware identification as a service, Risk assessment as a service, trust assessment
as a service, Task scheduling as a service, VM load forecasting as a service, Server failure identification as a service and etc. can be
used. Dropbox is the most widely used Storage as a Service, with data backup, sharing, and synchronization functions.
Fault forecasting. Deep learning and machine learning methods analyzing time series data obtained from various sensors
(vibration, temperature) are developed for cloud server failure prediction [63].
Personal data protection. A deep learning method is developed to perform privacy-preserving analysis of big data [64]. The
approach is based on the idea of transforming a person’s sensitive data into non-sensitive data. To implement this process, a modified
sparse denoising auto-encoder (SAE) algorithm is used in the approach. Due to the denoising function of the autoencoder, distorted
data is inserted into the SAE model input.
Risk assessment. An approach based on risk assessment is developed for the dynamic federation of the clouds [65]. To solve this
problem, first of all, the factors seriously affecting the level of cloud information security are selected, and based on these factors, a
hierarchical risk assessment architecture is proposed. Then, applying the AHP (Analytic Hierarchy Process) methodology, the cloud
provider’s risk priorities vector is formed, and based on this vector, a fuzzy logic inference type risk assessment is performed.
Classification and clustering of cyberattacks. A method for detecting a DDoS attack in the network layer of the cloud is
proposed [66]. The proposed approach uses feature selection technology and clustering algorithms.
Provider trust assessment. A robust model is developed to estimate trust between cloud providers. The model determines the
trust degree of cloud providers based on the reputation value calculated through a fuzzy collaborative hybrid model and the risk
value calculated through risk assessment [67].
Task scheduling. A multi-criteria optimization method is developed to ensure the optimal allocation of tasks from over-loaded
VMs to under-loaded VMs [68]. The purpose of the study is to demonstrate that a better optimal solution is found by assigning

11
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

Fig. 4. Cyber resilience architecture of intelligent cloud systems.

weights to the criteria. This characteristic distinguishes the proposed method from available ones and allows finding more optimal
solutions. The objective function used in the method differs from the objective functions of existing methods, and the scheduling
problem is designed for heterogeneous VMs.
Server failure identification. Making predictions based on deep learning methods on small amounts of data obtained from servers
is considered to be impossible. In this block, a machine learning approach for predicting the failure status of cloud servers based
on a small amount of time series data is developed to enable prediction based on a small amount of data obtained from the servers.
The approach is based on the idea of combining time series forecasting methods with machine learning techniques. Here, the Auto-
regressive Integrated Moving Average (ARIMA) model is first used to identify the time series variables. Then, using the values
obtained in the previous step as input values of the Support Vector Machine (SVM) model, prediction is provided.
Unauthorized access control. An approach based on user profile collaborative filtering is developed for the detection of insider
attacks on cloud systems [69]. In the model, the similarity between users is determined on the basis of a feature vector formed
based on the calculation of various parameters. While using the similarity method constructed on the feature vector, there is no

12
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

Fig. 5. Common cyber security and resilience architecture of intelligent cloud computing systems.

need to compare the values of separate commands used by different users. Here, the statistical characteristics of all commands used
during system access are calculated, then the statistical characteristics of the accesses are compared and the similarity between the
accesses is determined.
Malware identification. This block proposes a method of effective detection of malware by dividing images into grid blocks [70].
This is achieved by training a GMM (Gaussian Mixture Model) model on RGB (Red, Green, Blue) image representations of malware
content. In the grid-based detection method, high-resolution images are divided into grids to reduce computational costs and improve
the stability of pixel-based methods. The difference between images is measured using distance criteria. Many different distance and
divergence criteria have been developed so far. The Kullback–Leibler (KL) divergence criterion is used since the distance between
probabilities is measured in the model.

13
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

VM load forecasting. The method is developed to predict the workload of virtual machines in the cloud infrastructure.
Reconstruction probabilities of variational autoencoders are used to perform prediction [71].
AL-DDoS detection (Application Layer DDoS). A deep learning-based approach is developed for effective real-time detection of
AL-DDoS attacks at the HTTP (HyperText Transfer Protocol) protocol level in a cloud environment [72]. To achieve this goal, a
self-learning deep convolutional neural network model is used.
Anomaly detection. The occurrence of various events in the cloud environment causes anomalous behavior in the memory and
CPU resources of the cloud infrastructure servers. In this block, a semi-supervised method based on a classifier ensemble is developed
for the detection of anomalies in cloud infrastructure performance indicators [73]. A multi-criteria optimization method is developed
for anomaly clustering.
Cloud security monitoring. Cloud monitoring is the process of evaluating, measuring, and managing workloads within the cloud
against specific metrics and thresholds. Cloud monitoring evaluates whether the cloud services are working according to SLA or
not, detects security risks, identifies problems related to quality indicators and analyzes costs [74]. Cloud systems are monitored
based on the QoS indicators specified in the SLA [75]. QoS indicators of cloud services are determined by many parameters such as
availability, speed, accessibility, and response time [76]. Regular monitoring of QoS attributes will enable obtaining accurate real-
time information about operational resources (components) of PaaS, SaaS, and IaaS services [74]. Deviation of the QoS attributes
specified in the SLA from the accepted threshold can lead to system failure and customer dissatisfaction. Therefore, it is important
to detect SLA violations in the system in order to effectively monitor cloud services [77]. Effective mechanisms are developed
to regularly measure the quality indicators of cloud services and detect SLA violations. In [77], adaptive methods are applied to
overcome this problem in case of SLA violations. Here, the replacement issue of a service instance that causes runtime QoS violation
with a new one is considered. Monitoring tools collect information about QoS metrics from all components of cloud services and
analyze them. These tools generate SLA reports based on recorded data. Currently, most cloud providers have their own monitoring
tools. Microsoft Azure Fabric Controller (AFC) monitors Azure-based cloud resources [78], Amazon CloudWatch (ACW) is a tool for
monitoring Amazon web services [79]. In [80], a parallel mutant-based PSO model is developed for QoS violation prediction and
detection based on response time, speed, accessibility, and availability parameters. During the experimental study of the method,
compared to the traditional PSO, the parallel mutant PSO managed to predict the QoS violation with 94% accuracy.

8. Conclusion and future work

This paper proposed the reference models for providing cyber security and cyber resilience of cloud systems. A taxonomy
of attacks targeting the main components of the proposed model was established and their goals were interpreted. The risks,
vulnerabilities, and threats of cloud computing were analyzed. A common cyber security and cyber resilience architecture of
intelligent cloud systems was established. The functional components of the architecture were made up of separate countermeasures
to combat cyber threats. These components, designed as separate clouds, allowed the intelligent cloud system to recover from
unexpected failure events.
The advantage of this approach was that the existing reference models were not taken into account the virtualization layer and
services, the main components necessary to ensure the cyber security of cloud computing. Apart from the social media IoT sensor
layer, which collects the text data typed by attackers to launch cyber attacks on the cloud infrastructure, the cyber resilience issues
of cloud computing were not considered at all.
In future studies, it is planned to develop software products for ‘‘Everything as a Service’’ models designed to ensure the cyber
resilience of intelligent cloud systems. For effective monitoring of the cyber security of cloud services, methods will be developed
to detect SLA violations in the system based on deep learning technologies.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared
to influence the work reported in this paper.

Data availability

No data was used for the research described in the article

Acknowledgments

This work was supported by the Science Foundation of the State Oil Company of Azerbaijan Republic (Contact No. 3 LR-AMEA).

References

[1] Onik MH, Kim CS, Yang J. Personal data privacy challenges of the fourth industrial revolution. In: Proc. of the international conference on advanced
communications technology, ICACT. 2019, p. 635–8. http://dx.doi.org/10.23919/ICACT.2019.8701932.
[2] Nita SL, Mihailescu MI. On artificial neural network used in cloud computing security – a survey. In: Proc. of the IEEE 10th international conference on
electronics, computers and artificial intelligence. ECAI, 2018, p. 1–6. http://dx.doi.org/10.1109/ECAI.2018.8679086.

14
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

[3] Parast FK, Sindhav C, Nikam S, Yekta HI, Kent KB, Hakak S. Cloud computing security: A survey of service-based models. Comput Secur 2022;114:1–4.
http://dx.doi.org/10.1016/j.cose.2021.102580.
[4] Ghobaei-Arani M, Jabbehdari S, Pourmina MA. An autonomic resource provisioning approach for service-based cloud applications: A hybrid approach.
Future Gener Comput Syst 2018;78(1):191–210. http://dx.doi.org/10.1016/j.future.2017.02.022.
[5] Alguliev RM, Abdullayeva FC. Identity management based security architecture of cloud computing on multi-agent systems. In: Proc. of the IEEE third
international conference on innovative computing technology, INTECH. London, UK; 2013, p. 123–6. http://dx.doi.org/10.1109/INTECH.2013.6653643.
[6] NIST cloud computing reference architecture. SP. 500-292, Recommendations of the National Institute of Standards and Technology; 2011, p. 35.
[7] IBM cloud computing reference architecture overview. 2012, p. 42.
[8] Almorsy M, Grundy J, Müller I. An analysis of the cloud computing security problem. 2016, p. 1–6. http://dx.doi.org/10.48550/arXiv.1609.01107.
[9] Basit A, Tufail M, Rehan M, Ahn CK. Dynamic event-triggered approach for distributed state and parameter estimation over networks subjected to deception
attacks. IEEE Trans Signal Inf Process Over Netw 2023;9:373–85.
[10] Yao L, Huang X. Memory-based adaptive event-triggered secure control of Markovian jumping neural networks suffering from deception attacks. Sci China
Technol Sci 2023;66(2):468–80.
[11] Basit A, Tufail M, Rehan M, Riaz M, Ahmed I. Distributed state and unknown input estimation under denial-of-service attacks: A dynamic event-triggered
approach. IEEE Trans Circuits Syst II 2023;70(6):2266–70.
[12] ISO 2700x series. 2023, http://www.27000.org/, Accessed on 25 June 2023.
[13] The SSAE 18 audit standard. 2023, https://ssae-16.com/ Accessed on 25 June 2023.
[14] International standard on assurance engagements 3402. ISAE 3402, Assurance reports on controls at a service organization; 2011, p. 49, https:
//www.ifac.org/system/files/downloads/b014-2010-iaasb-handbook-isae-3402.pdf.
[15] Code of practice for information security controls based on ISO/IEC 27002 for cloud services. ISO/IEC 27017, 2015, https://www.iso.org/standard/43757.
html.
[16] Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. ISO/IEC 27018, 1st ed.. 2014, p. 32.
[17] Information technology - security techniques - information security for supplier relationship - Part 4: Guidelines for security of cloud services. ISO/IEC
27036-4, 1st ed.. 2016, p. 28.
[18] Cloud computing - service level agreement (SLA) framework - Part 1: Overview and concepts. ISO/IEC 19086-1, 1st ed.. 2016, p. 11, https://www.iso.
org/standard/67545.html.
[19] Cloud computing - service level agreement (SLA) framework, Part 4, components of security and of protection PII. ISO/IEC 19086-4, 2019, p. 8,
https://www.iso.org/ru/standard/68242.html.
[20] Information technology- security techniques, application security. ISO/IEC 27034-6, 1st ed.. 2016, p. 11, https://www.iso.org/standard/60804.html.
[21] Privacy in cloud computing. ITU-T technology watch report, 2012, p. 26, https://pdfcoffee.com/privacy-in-cloud-computing-pdf-free.html.
[22] Special publication 800-53, security and privacy controls for federal ínformation systems and organizations, revision 4. NIST; 2013, p. 462, https:
//nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-53r4.pdf.
[23] General access control guidance for cloud systems. SP 800-210, NIST; 2020, p. 34.
[24] Open web application security project (OWASP). 2023, https://www.owasp.org, Accessed on 25 June 2023.
[25] Concept of operations (CONOPS), federal risk and authorization management programme (fedramp). 2012, p. 49, https://www.gsa.gov/cdnstatic/CONOPS_
V1.2_072712.pdf.
[26] EU cloud code of conduct, version 2.11. 2020, https://eucoc.cloud/en/about/about-eu-cloud-coc/, Accessed on 25 June 2023.
[27] Information security, cybersecurity and privacy protection — guidance on managing information security risks. ISO/IEC 27005, 1st ed.. 2022, p. 62,
https://www.iso.org/standard/80585.html.
[28] Risk taxonomy, open group. 2009, p. 49, www.opengroup.org/onlinepubs/9699919899/toc.pdf.
[29] The treacherous 12: cloud computing top threats in 2016. Cloud security alliance, CSA; 2018, https://cloudsecurityalliance.org/artifacts/the-treacherous-
twelve-cloud-computing-top-threats-in-2016/.
[30] Brodkin J. Gartner: Seven cloud-computing security risks. 2008, https://www.infoworld.com/article/2652198/gartner--seven-cloud-computing-security-
risks.html. Accessed on 25 June 2023.
[31] Zissis D, Lekkas D. Addressing cloud computing security issues. Future Gener Comput Syst 2012;28(3):583–92. http://dx.doi.org/10.1016/j.future.2010.
12.006.
[32] Guidelines on Security and Privacy in Public Cloud Computing. SP 800-144, NIST; 2011, p. 80.
[33] Onuora AC, Emereonye GI, Egwu-Ewah RI, Nnaji DI. Cloud security and resilience: Principles and best practices. AIPFU J Sch Sci 2017;1(1):1–11.
[34] Kissel R. Glossary of key ínformation security terms, NISTIR 7298 Revision 2. National Institute of Standards and Technology; 2013, p. 223, https:
//nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf.
[35] Kumar R, Goyal R. On cloud security requirements, threats, vulnerabilities and countermeasures: A survey. Comput Sci Rev 2019;33:1–48. http:
//dx.doi.org/10.1016/j.cosrev.2019.05.002.
[36] DBIR. Data breach investigations report. 2022, p. 108, https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-
report-dbir.pdf.
[37] Abdullayeva FJ. Convolutional neural network-based automatic diagnostic system for AL-DDoS attacks detection. Int J Cyber Warf Terror 2022;12(1):1–15.
http://dx.doi.org/10.4018/IJCWT.305242.
[38] Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I. A view of cloud computing. Commun ACM
2010;53(4):50–8. http://dx.doi.org/10.1145/1721654.1721672.
[39] BasuMallick C. OWASP Top 10 vulnerabilities in 2022, https://www.spiceworks.com/it-security/vulnerability-management/articles/owasp-top-ten-
vulnerabilities/.
[40] NIST cloud computing reference architecture. SP 500-292, Recommendations of the National Institute of Standards and Technology; 2011, p. 35,
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500-292.pdf.
[41] Baikloy E, Praneetpolgrang P, Jirawichitchai N. Development of cyber resilient capability maturity model for cloud computing services. TEM J
2020;9(3):915–23. http://dx.doi.org/10.18421/TEM93-11.
[42] Boyes H. Cybersecurity and cyber-resilient supply chains. Technol Innov Manag Rev 2015;5(4):28–34. http://dx.doi.org/10.22215/timreview/888.
[43] Measurement frameworks and metrics for resilient networks and services: challenges and recommendations. Technical report, ENISA; 2011, p. 42.
[44] Salapura V, Harper R, Viswanathan M. Resilient cloud computing. IBM J Res Dev 2013;57(5):1–12. http://dx.doi.org/10.1147/JRD.2013.2266972.
[45] Nicholas P, Ciglic K. Advancing cyber resilience with cloud computing. 2017, p. 20.
[46] Fargo FE. Resilient cloud computing and services (Thesis of PhD dissertation), 2015, p. 81.
[47] Mukwevho MA, Celik T. Toward a smart cloud: A review of fault-tolerance methods in cloud systems. IEEE Trans Serv Comput 2021;14(2):589–605.
http://dx.doi.org/10.1109/TSC.2018.2816644.
[48] Novak M, Shirazi SN, Hudic A, Hecht T, Tauber M, Hutchison D, Maksuti S, Bicaku A. Towards resilience metrics for future cloud applications. In: Proc.
of the 6th international conference on cloud computing and services science, Vol. 1. Rome, Italy; 2016, p. 295–301.
[49] FP7-SECURITY. Secure cloud computing for critical infrastructure IT. 2013, Grant agreement, ID: 312758. https://cordis.europa.eu/project/id/312758/
reporting.

15
F. Abdullayeva Results in Control and Optimization 12 (2023) 100268

[50] Ahmad AA, Andras P. Scalability resilience framework using application-level fault injection for cloud based software services. J Cloud Comput Adv Syst
Appl 2022;1–13. http://dx.doi.org/10.1186/s13677-021-00277-z.
[51] Natella R, Cotroneo D, Madeira HS. Assessing dependability with software fault injection: A survey. ACM Comput Surv 2016;48(3):1–55. http://dx.doi.
org/10.1145/2841425.
[52] Levy H, Brosh E, Zussman G. Attack resilient resource placement in cloud computing system and power grid. Interdisciplinary Cyber Research Center
(ICRC) at Tel Aviv University, Funded research; 2023, https://en-cyber.tau.ac.il/research/Resilient-Resource (Accessed on March 31 2023).
[53] Al-Turkistani H, AlFaadhel A. Cyber resiliency in the context of cloud computing through cyber risk assessment. In: Proc. of the IEEE 1st international
conference on artificial intelligence and data analytics. CAIDA, Riyadh, Saudi Arabia; 2021, p. 1–6. http://dx.doi.org/10.1109/CAIDA51941.2021.9425195.
[54] The ITU 2021 global cyberdrill, https://www.itu.int/en/ITU-D/Cybersecurity/Pages/Cyberdrills-2021.aspx.
[55] Welsh T, Benkhelifa E. On resilience in cloud computing: A survey of techniques across the cloud domain. ACM Comput Surv 2020;53(3):1–36.
http://dx.doi.org/10.1145/3388922.
[56] Liu J, Wang S, Zhou A, Kumar S, Yang F, Buyya R. Using proactive fault-tolerance approach to enhance cloud service reliability. IEEE Trans Cloud Comput
2016;6(4):1191–202. http://dx.doi.org/10.1109/TCC.2016.2567392.
[57] Zhou A, Wang S, Cheng B, Zheng Z, Yang F, Chang RN, Lyu MR, Buyya R. Cloud service reliability enhancement via virtual machine placement optimization.
IEEE Trans Serv Comput 2017;10(6):902–13. http://dx.doi.org/10.1109/TSC.2016.2519898.
[58] Zhou A, Wang S, Zheng Z, Hsu CH, Lyu MR, Yang F. On cloud service reliability enhancement with optimal resource usage. IEEE Trans Cloud Comput
2016;4(4):452–66.
[59] Ananth S, Saranya A. Reliability enhancement for cloud services – a survey. In: Proc. of the international conference on computer communication and
informatics. Coimbatore, India; 2016, p. 1–7. http://dx.doi.org/10.1109/ICCCI.2016.7479965.
[60] Jayawardene I. Artificial intelligence for resilience in smart grid operations (PhD dissertation), 2020, p. 131, https://tigerprints.clemson.edu/cgi/
viewcontent.cgi?article=3754&context=all_dissertations.
[61] Kumar PR, Raj PH, Jelciana P. Exploring data security issues and solutions in cloud computing. Procedia Comput Sci 2018;125:691–7. http://dx.doi.org/
10.1016/j.procs.2017.12.089.
[62] Cherdantseva Y, Hilton J. A reference model of information assurance and security. In: Proc. of the international conference on availability, reliability and
security ARES. Regensburg, Germany; 2013, p. 546–55. http://dx.doi.org/10.1109/ARES.2013.72.
[63] Imamverdiyev YN, Abdullayeva FJ. Condition monitoring of equipment in oil wells using deep learning. Adv Data Sci Adapt Anal 2020;12(1):1–30.
[64] Alguliyev RM, Aliguliyev RM, Abdullayeva FJ. Privacy-preserving deep learning algorithm for big personal data analysis. J Ind Inf Integr 2019;15:1–14.
[65] Alguliyev RM, Abdullayeva FJ. Development of risk factor management method for federation of clouds. In: IEEE ínternational conference on connected
vehicles and expo. ICCVE, 2014, p. 24–9.
[66] Abdullayeva FJ. Distributed denial of service attack detection in E-government cloud via data clustering. Array 2022;15:1–12.
[67] Alguliyev RM, Abdullayeva FJ. Development of novel robust reputation evaluation method for dynamic federation of clouds. Soc Basic Sci Res Rev
2016;4(2):56–62.
[68] Alguliyev RM, Imamverdiyev YN, Abdullayeva FJ. PSO-based load balancing method in cloud computing. Autom Control Comput Sci 2019;53(1):45–55.
[69] Alguliev RM, Abdullaeva FJ. Illegal access detection in the cloud computing environment. J Inf Secur 2014;5(2):65–71.
[70] Abdullayeva FJ. Malware detection in cloud computing using an image visualization technique. In: 13th IEEE ínternational conference on application of
í nformation and communication technologies. Baku, Azerbaijan; 2019, p. 1–5.
[71] Abdullayeva FJ. Cloud computing virtual machine workload prediction method based on variational autoencoder. Int J Syst Softw Secur Protect
2021;12(2):33–45.
[72] Abdullayeva FJ. Convolutional neural network based automatic diagnostic system for application layer DDoS attacks detection. Int J Cyber Warfare Terror
2022;12(1):1–15.
[73] Alguliyev RM, Aliguliyev RM, Abdullayeva FJ. Hybridisation of classifiers for anomaly detection in big data. Int J Big Data Intell 2019;6(1):11–9.
[74] Grati R, Boukadi K, Abdallah H. A QoS monitoring framework for composite web services in the cloud. In: Proc. of the sixth international conference on
advanced engineering computing and applications in sciences. Barcelona, Spain; 2012, p. 65–70.
[75] Matloob F, Aftab S, et al. Software defect prediction using supervised machine learning techniques: A systematic literature review. Intell Autom Soft
Comput 2021;29(2):404–21.
[76] Qu C, Calheiros RN, Buyya R. A reliable and cost-efficient auto-scaling system for web applications using heterogeneous spot instances. J Netw Comput
Appl 2016;65:167–80.
[77] Michlmayr A, Rosenberg F, Leitner P, Dustdar S. Comprehensive QoS monitoring of web services and event-based SLA violation detection. In: Proc. of the
4th international workshop on middleware for service oriented computing. 2009, p. 1–6.
[78] Microsoft azure fabric controller. 2023, https://data-flair.training/blogs/microsoft-azure-fabric-controller/, Accessed on 23 June 2023.
[79] Amazon CloudWatch. 2023, https://aws.amazon.com/cloudwatch/, Accessed on 23 June 2023.
[80] Khan MA, Kanwal A, Abbas S, Khan F, Whangbo T. Intelligent model for predicting the quality of services violation. Comput Mater Contin
2022;71(2):3607–19.

16