A General Systems Approach to Cloud Computing Security Issues

An intensive stream of messages about the problem of cloud computing security and a significant number of proposals to mitigate and prevent violation of data privacy and the integrity of the cloud computing environment indicate the rele-vance and significance of the problem. To bring everything into a certain system is the task of this chapter. We use different methodological approaches in order to find such an integrated solution to the combination of these approaches that, on a unified methodological basis, would allow us to look at the whole range of widening issues of ensuring security and the organization of thinking and activity in the near future. This approach allows us to identify additional problems in this area and outline a program for their development. We try to build a system of methodological design and research over the many private methodologies that authors of articles usually use, relying on the experience of generalizing and concretizing system approaches, and, in particular, expanding geographical and historical boundaries, including system generalizations of intercultural studies and philosophical movements. An attempt is made to disassemble the security problem of cloud computing into a certain number of layers, processes, and technologies of thinking, and to reconnect them into a single whole with the character of thinking and activity.


Introduction
Many scientific articles, many conferences, many projects are aimed at solving the issue of cloud computing security. Questions suited to this have theoretical and practical significance nevertheless, the problems and significance of this issue have not been identified in its acuteness and clear wording. In all likelihood, the problematization process lacks additional emphasis, namely, the emphasis on determining the positional structure of places for which this issue is significant; emphasis on creating an organizational structure and a system of interactions in which this issue would acquire practical significance and organizational certainty; finally, the emphasis on security and cloud computing as objects with which you can operate and technological chain of operations with objects.
The methodological approach in which we intend to pose a problematization, with the inclusion of the three accentuations described above, was developed for

Literature review
The topic of cloud computing security has a wealth of development and generalization material. Farnga [4] provides a risk assessment table for the cloud computing environment, introducing three attributes: Probability of Vulnerability (improbable 1, probable 2, occasional 3, frequent 4); Risk Impact (negligible A, marginal B, critical C, fatal D); and Severity Category (low 1A, 2A, 1B; medium 3A, 4A, 2B, 3B, 1C, 2C; high 4B, 3C, 4C, 2D, 3D, 4D). He marks vulnerabilities (Session Riding and Hijacking 4D, Virtual Machine Escape 2D, Reliability and Availability of Service 2C, Insecure Cryptography 3C, Vendor Lock-in, Data Protection and Portability 2C, Internet Dependency 3A) and prescribes protocols to prevent them ( Table 1). He also defines threats and marks them: Abuse and Nefarious Use of Cloud services 4A, Insecure Interfaces and APIs 3C, Insider threat 3D, Data Loss and Leakage 2D, Account or Service Hijacking 4B, Unknown Risk profile 3D, and recommends risk mitigation protocols. Operational risks (4D) are the following: implementing too quickly, integration issues, moving the wrong data or applications to the cloud, compliance, and cost implications.
In addition to such purely practical manuals, literature is replete with a variety of areas of research and development in the field of cloud computing. Here are some of them. Wazid et al. [5] view fog computing as an add-on for cloud computing, which is why fog computing inherits all of the security and privacy issues inherent in cloud computing. They report that they have developed a new key management and user authentication security scheme, named by them as SAKA-FC. The development is based on the well-known Real-Or-Random (ROR) model and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The scheme finds its effectiveness for its use in smart devices with a one-way cryptographic hash function. Guan et al. [6] discuss issues related to data security protection of personal data in fog computing. Fog computing, as an intermediary layer between the cloud and the end user, according to the authors, is precisely the solution to the problems of cloud computing security. This chapter discusses the design of a solution to ensure data security and privacy in fog computing. It is reported that simply transferring the protection techniques used in the cloud to the fog does not produce the desired effect. Alamer et al. [7] explore the safety of road traffic systems (CVCC) by modeling a network of cloud-based moving mechanisms in the form of a two-phase heterogeneous public good game (HPGG Model). This development helps develop security solutions for communications such as vehicleto-vehicle and vehicle-to-infrastructure, as well as the ability to integrate smart devices and various CVCC applications. Sharma et al. [8] considers that the best solution to protect the cloud from attacks is to use intrusion detection systems (IDS) in combination with different detection techniques. The chapter presents various architectures based on the cloud IDS, which are embedded cloud environments to address various security issues. Fadi and Hemayed [9] provide a literature review of the proven clouds that are used in infrastructure as a service contracts. The authors argue that the integration of the new technology, which is trust computing, with cloud computing can be provided by the proposed architectural solutions of the infrastructure as a service and on the grounds on which user trust in cloud service providers arises. Remote certification and a trusted virtual domain are important security considerations for cloud computing. A security model based on the separation of the security domain was proposed by Xu and Zheng [10] for telecommunication services. Security measures cover the storage, processing, and transmission of data in the cloud. Instead of traditional computational models of cryptographic protection, Maharajan and Paramasivan [11] offer molecular protocol (DNA) membrane computing protocol. Qui and Kung [12] as invited editors provide a clear overview of 14 articles on the topic of cloud computing security. They were selected from 57 proposed articles. The urgent need for the development of techniques and tools for cybersecurity of clouds is noted. Among the authors of the articles are noted groups Ali, Zhang, Lee, Li; Fowley, Chen, Islam, and Sha; Chi, Luna, Awad, Cafaro, Zhang, and Xu are well known in the professional community. The various cybersecurity techniques and tools described by these research and development teams are described. Xu et al. [13] analyze the relationship between openness and cloud security by addressing the results of this analysis (quantitative methods and qualitative analysis of investments in security and openness) to cloud computing providers to adopt an optimal investment strategy for openness and security. Sajai et al. [14] offer a hybrid technology of cryptographic data protection in the cloud, combining homographic and blowfish algorithms. Wei et al. [15] noted that, according to data released by the Cloud Security Alliance (CSA) and the Institute of Electrical and Electronics Engineers (IEEE), there has been an increasing involvement of cloud computing for manufacturing purposes. The authors draw attention to the complex nature of the cloud system, introduce indicators for evaluating the cloud computing system, and propose a rule of believe (BRB)-based model for predicting the safe state of the cloud. This model combines a system of expert assessments and long-term data analysis and has three levels focused on the safety of equipment, software, and services. Bhandari and Zheng [16] describe 12 cloud security threats, such as data breach, insufficient identity, credential and access management, insecure interface and APIs, system vulnerabilities, account hijacking, malicious insiders, advance persistent threats, data loss, insufficient due diligence , abuse and nefarious use of cloud services, denial of services, and shared technologies issues. Donno et al. [17] analyze the situation in which every "thing" is connected to the Internet. From the point of view of security, the technological revolution brings with it many dramatic moments. The authors offer a comprehensive overview of cloud computing security issues in the Internet of Things era. The bibliography for the article has 149 sources. Matheus and Vieira [18] at the student forum of the 15th European Dependable Computing Conference (EDCC 2019) presented a four-step sequential change model for a cloud architecture model, extending the availability and security model to a holistic cloud presentation model and security assessment using Moving Target Defense. This diversity is striking in its diversity and, in order to deal with the fundamental, essential side of the problem, the proposed methodologies are of little use due to their inconsistency. But the first layer of ideas is nevertheless lined with them. So, we have a certain field of practice and a subject built on it, which combines problems and tasks, knowledge, models and experiments, languages and methods. For the purpose of generalizing and translating this design into a megamachine's plan, it is worth building a block of private methodologies, as well as blocks of methodological design, research, and auto-reflection. So, in relation to the world of things covered by the new digital context, the following can be said. (1) The Internet of things, this new era in the sociocultural development of mankind, requires a certain environment in which each thing has its digital counterpart. A new layer of material organization is taking shape when, by referring a digital double to a thing, the latter reveals itself not only in the localities, but also in new qualities, in new directions of its use. (2) This environment, being distributed everywhere, resembles a certain smart layer covering the entire terrestrial space of things, it contains the systemic representation of a thing in its dynamics, the totality of all kinds of actions with a thing. (3) Speaking of the world of things, we include their interacting and developing aggregates in it, we expand the world of things to the world of activity, with the help of which things are not only created and consumed, but also undergo the influence of constructive thought. In this sense, we can talk about the world of thought activity. Ideal objects of scientific substantive thinking, cult rituals, customs of communication and polemics-all these-form this intelligent world of activity. (4) In a sense, the Internet of things with its infrastructure and cloud computing platforms should be considered one of the forms of such a world of thought activity. (5) An industrial structure is taking shape in which a thing is made with its digital counterpart. This makes the thing more convenient and at the first stage more expensive. Issues of owning a thing, transferring it by inheritance, its commercial use, that is, giving a thing a certain active beginning, can also have their object form and their digital counterpart. (6) Customs, ethics of relationships, trust, and control are things in our world. How will they evolve with the development of the digital era? What customs need rethinking? Is it always necessary to duplicate the predominantly conflict-free world of things in the world of cloud computing? Is activity based on principles other than the order of the real world? Data in our world, everywhere is gaining special significance, both in business and in the social environment. He pointed out that only 17% of companies make data-driven decisions. By 2025, the global data volume will grow 10 times and reach 163 Zettabytes (one Zettabyte contains 10 to the 21st power of bytes), and most of these data will be generated by enterprises, not consumers. Sixty percent of the world's data will be created by business organizations. Almost 20% of all data in the global infosphere will play a critical role in everyday life, and about 10% will be "supercritical." Almost 90% of all data will require a certain level of security, but only half of them will be really protected. The growth of big data and metadata will lead to the fact that by 2025 each average inhabitant of the Earth will begin to interact with devices connected to networks about 4800 times a day, according to one interaction procedure every 18 seconds. The share of the global information sphere under analysis will increase by 50 times compared to the current one, reaching 5.2 ZB; and the amount of data analyzed with the participation of cognitive systems will grow 100 times, amounting to 1.4 ZB. Almost 20% of the data generated will be real-time information, with more than 95% of the data coming from IoT devices [19]. These estimations mean that the problem of security of calculating and computing media will remain actual one.

Methodologies
The data used in this study is taken from open sources. The methodologies used by researchers can be expanded to private system-structural methodologies of management, sciences, engineering, and production. We are trying to look at the situation associated with the use of cloud computing from a wider angle by introducing another add-on-the general methodological system-structural design and prospecting ( [1], p. 103). You can implement several plans: (1) look through all the literature and write an attitude toward it, making some kind of system generalizations and arrangements; (2) write independently of the literature your understanding of the situation and construct a certain field for assembling sources and identifying niches for their subsequent filling; (3) and design the futures.
The first seven proposals have a historical prototype already implemented on another material. This is their forte. At the same time, in our opinion, this raises major objections. When each of the participants in the systemic movement offers his own professional solution to systemic problems, he acts as an agent of the already existing and functioning sphere of thinking and activity-science, engineering, mathematics, philosophy, etc. He has formed as a "system engineer" inside of the sphere, and by virtue of this, he is always connected and limited to that particular cultural and historical situation in which he understood the meaning and importance of systemic problems and tasks. Consequently, in the final analysis, he always only develops, due to systemic means and methods, the professional organization of his initial thought activity. However, it is well known (and can even be considered universally recognized) that the systemic movement has developed and is developing as an interdisciplinary and interprofessional formation. This means that it must form and create an organization that goes beyond the scope of each individual scientific discipline and each individual profession. Consequently, the system movement in its formation and development should take into account the contemporary sociocultural situation as a whole, and proceed from an extremely wide understanding of the possibilities and prospects of its development.
In our opinion, in the current sociocultural situation, at least eight points that have the most direct connection with the systemic movement can be distinguished.
The first of these is the process of an ever-deepening differentiation of sciences and professions. Progressive in the eighteenth and nineteenth centuries, it has now led to the design of a mass of isolated sciences, S and PM (see Figure 1), each of which develops almost independently of the others. These subjects now not only organize but also limit the thinking of researchers. Receptions and ways of thinking, new techniques and new methods created in one subject do not apply to others. Each science creates its own ontological picture, which is not compatible with the ontological pictures of other objects. All attempts to build a unified or at least connected picture of our reality run up against great difficulties.
The second point is the existence of highly specialized transferring channels of fragmented culture. The mathematician does not know and understand physics well, not to mention biology or history. The philologist, as a rule, does not know mathematics and physics, but is equally poorly versed in history and its methods. Already at school, we begin to divide children into those who are capable of mathematics and capable of literature. The idea of general education is increasingly being destroyed by the idea of specialized schools.
The third point is the crisis of classical non-Marxist philosophy, caused by the realization of the fact that this philosophy has lost its means of controlling science and has lost the role of coordinator in the development of sciences, the role of mediator, transferring methods and means from one science to another. This circumstance became clear already in the first quarter of the nineteenth century and became the subject of special discussion. K. Marx and F. Engels paid much attention to it in their works, which redefined the functions of philosophy in relation to the natural and human sciences. The loss of a direct connection with philosophy led various sciences to develop their own forms of awareness, their own individual philosophy. This has provided the basis for various forms of positivism, and in recent times has given rise to the so-called "scientism." The fourth point is the design of engineering as a special activity that combines design with various forms of quasi-scientific analysis. The traditional academic sciences, which were developed in many ways immanently, were divorced from new areas of engineering, and this forced engineers to create new types of knowledge systems that did not meet traditional patterns and standards. Information theory and cybernetics are just the most striking examples of such systems. At the same time, the problem of the relationship between design and research appeared and began to be intensively discussed.
The fifth (very important) moment is the continued isolation within the activity and the isolation of various production technologies, which acquire self-sufficient importance and become, as it were, a new principle and an objective law in the organization of our entire life activity and ultimately subordinate to ourselves both the activity, nature and behavior of people. Maintenance of these technologies is becoming the primary need and almost the main goal of all social activities. At the same time, technological forms of organizing activities are constantly formalizing and becoming increasingly important, which apply to thinking.
The sixth point is the formation, design, and partial isolation of design as a special kind of activity. As a result, the issue of the relationship and correlation of the actual design and research developments arose even sharper. Designing directly and with all acuteness ran into the problem of the ratio of natural and artificial in the objects of our activity [45,51]. None of these problems has been resolved within the framework of traditional sciences.
The seventh point is an increase in the importance and role of organizational and managerial activity in our entire social life. Its effectiveness depends primarily on scientific support. However, traditional sciences do not provide the knowledge necessary for this activity; this is primarily due to the complex, synthetic, or, as they say, complex, the nature of this activity and the analytical, or "abstract," nature of traditional scientific disciplines.
The eighth point (also especially important) is the appearance of a new type of science, which could roughly be called "complex sciences." These include the sciences serving pedagogy, design, military affairs, management, etc. Now these complex types of practices are served by chaotic agglomerations of knowledge from various scientific disciplines. But the complexity and versatility of this practice, its orientation at the same time both on normative, artificial, and on implementation, natural plans of activity require a theoretical unification and theoretical systematization of artificial and natural knowledge, which cannot be achieved.
Contemporary situation in general systems theory looks like the same described by G. Schedrovitsky in 1981 ( [1], pp. 88-114). Some additions to this domain make it more clear. An article in Wikipedia [59] pays attention to the point that systems theory is the interdisciplinary study of systems. "The goals of systems theory are to model a system's dynamics, constrains, conditions, and to elucidate principles (such as purpose, measure, methods, tools) that can be discerned and applied to other systems at every level of nesting, and in wide range of fields for achieving optimized equifinality." Dubrovsky ([60], p. 20) makes endeavor to reinterpret the system approach of G. Schedrovitsky. Zilberman [61] identifies six types of cultural traditions. The Vedanta scheme characterizes the Indian type of tradition (methodological thinking as actually "understanding"), the mimansa scheme is the Tibetan type (conceptual or "substantive" thinking), and the Vaisheshika scheme is the new European type "imaginative," axiological, or historical thinking. Further, the nyaya scheme characterizes the Hellenic type of tradition (organizational, axiomatic, mathematicaltheoretical, formal-logical thinking), the Sankhya scheme-the Chinese type ("projective," "preformative," praxeological thinking), the yoga scheme-the Japanese type (phenomenological, or existential thinking). All these complex calculations, however, are necessary for Zilberman to label or draw another universal picture of world cultures and civilizations, in the manner of Spengler or Toynbee. Here, rather, a method of intercultural interaction is proposed, with the help of which one can describe any system of culture and at the same time not fall into naturocentrism. By modifying the types of philosophical systems, Zilberman focuses on the ideal of complete modalization of all philosophies so that a "sum of philosophy" arises and the true history of this discipline begins. The thread of modal methodology lies in the fact that for the first time it consciously and intentionally refers not to versions of "reality" as unconditionally natural and therefore problematic for consciousness, but to typological thoughts that it improves. In this sense, the modal methodology plays the role of Philosophia Universalis [61].

Preliminary data
From our point of view, the specific organizations that solve these problems are the organizations of methodological thinking and methodological work, which should not be identified either with the philosophical proper or with the scientific forms of organization of thinking and activity.
The methodology takes into account the differences and the multiplicity of different positions of the figure in relation to the object; hence, work with different ideas about the same object, including different professional ideas, in this case, knowledge itself and the fact of their multiplicity, are considered as an objective moment in the research situation. Figure 1 depicts four squares, we will call them diagonal (a), triagonal (b), quadrogonal (c), and hexagonal (d) images; they depict a form of research organization of a certain set of practices E k . By practices, we mean the entire existing set of activities related to the use of cloud computing, as well as ensuring the security of the use of the cloud. These practices are described within the framework of the S k description languages that cover them. Note that these languages are different, and translation from one language to another is hardly possible. Means and methods, as well as a description of problem areas and their resolution tasks, are provided by a layer of partial applied methodologies (in the figure they are designated as PM k ). The triagonal image (b) defines the organizational form of the structure of the simplest scientific subject.
In special logical and methodological studies (see, in particular, [62]; pp. 106-190), it was established that in every scientific subject there are at least nine different epistemological units: (1) problems, (2) tasks, (3) "observable facts," (4) "experimental data," (5) the totality of the general knowledge that is built in this scientific subject, (6) ontological schemes and pictures, (7) models, (8) tools (languages, concepts, categories), and (9) methods and techniques. This is a set of basic blocks of a scientific subject.
Our task is to find a solution to the problem of ensuring the security of cloud computing in some unified system language. To this end, we turn to the quadrogonal image, introducing another layer-the general system-structural methodology (in the figure, it is indicated by the letters GM). As part of this add-in, work is underway to design and prospect the system area including as a part PM k , S k , and E k . To the extent that the diagonal image is not complete, the same tetragonal image is also not complete. Let us explain how this layer is built. Following the "Principles and basic schemes of organizing systemic structural studies" ([1], pp. 88-114), we turn to the hexagonal image. It adds two more add-ons, which we marked with the letters R and A, methodological reflection, or auto-reflection (metamethodological area) and audit (the type of methodological research by which the layers of practice, descriptions, applied and general methodology are added and adjusted). The problem areas identified in the layer of private methodologies are also accompanied by a general description that includes, in addition to the technical, engineering, and managerial contexts (determined by the practitioners of experiences), a certain general sociocultural context. This is generated by audits at all levels of the methodological organization, from specific practices to the organization of the design and futures of partial methodologies.
We used the kinematic scheme [60] for organizing methodological work in the field of cloud computing security. The kinematics of the scheme lies in the fact that it combines several methodological schemes, both early in appearance and subsequent ones. The scheme by which David Zilberman tries to build a modal methodology as a sum of methodologies (1973) is supplemented by a scheme of thought activity (1980)( [1], pp. 281-298), a scheme of organizing a system-structural methodology (1981) ( [1], pp. 88-114), and scheme (2016) that we use when working on the theme of Observation and Audit of the Processes in Experiences with Uncertainty [63] and the scheme (2000) when we were working on the topic of Reflexive Control [64]. We also used our ideas about the inclusion of thinking technologies, such as problematization, objectification, self-determination, and schematization, in this kinematic scheme, which has an enneadic form. Study of the material allows us to focus on the action plan: Step 1-an idea of organization as a platform for the formation of a space of thinking and activity; the formation of platforms and specific phrases of the principles of organization of activity and ontological pictures and vision through them. There we use techniques presented in [34].
Step 2-the process of self-determination and schematization. The layer of thought activity, its formation and occupation, determination of the order of possible interactions, and communications, as well as reflective exit (mutation). The status of the scheme as the basis for determining the understanding of the texts of communication and capturing the meanings that the text carries on itself.
Step 3from positioning and sketching to objectification. Object as a result of the integration of self-determination, problematization, and schematization. An object as it is and a tool for the deployment of an organizational-activity plan.
Step 4-from positioning and schematization through retrospection to problematization. Complex reflective transitions. Problematization is included in the text of thought-communication and serves as a basis for developing a picture of the world, the foundations of existence and individuation.
Step 5-inverse processes. The impact of problematization on positioning and re-determination, the movement of a positional structure; the impact of problematization on the schematization and construction of tools that capture a thought from a communication text.
Step 6-inverse processes. The impact of objectification on positioning and re-determination, the movement of a positional structure; the impact of objectification on the schematization and construction of tools that capture the idea from the text of communication.
Step 7integral view from the modus of the absolute. Relativity of the absolute, translation of culture and reproduction of activity. Norms and as the ultimate types of absolute and as moments that determine the principles of organization of activity and ontological design, respectively. Step 8-a bridge between self-determination in a positional structure (collective) and objectification and individuation.
If the substantive content is constantly kept in mind, and it is with it that we are obliged to constantly touch and shape it, then it is worth using different techniques.
If time is a decisive factor, then there is a middle ground between security and the speed of the cloud's response to a user's request. In other words, protection has its reasonable limit. And so that the attacker does not violate the integrity of the cloud, its normal functioning, a special kind of work is required with a potential client of this kind. Forcing, for example, to write complex programs for passing defense mechanisms, so that these codes can be used in crypto technologies.

Limitations
We limited ourselves to a fragment of an array of publications on the topic of cloud computing and ensuring their security. We did not conduct constructive criticism sufficient to decompose these texts into elements, units of a new assembly. The mention of a certain set of points that the authors of the articles draw attention to serves to approach the problem from different angles. This study is intended for practitioners who could better articulate their requirements for ordering a comprehensive methodological study.
We limited ourselves to take in account those works that will be made at Moscow Methodological Circle [34] concerning the systems and methodology [1].

Conclusions
An approach we have developed allows us to identify additional problems in this area and outline a program for their development. We try to build a system of methodological design and research over the many private methodologies that authors of articles usually use, relying on the experience of generalizing and concretizing system approaches, and, in particular, expanding geographical and historical boundaries, including system generalizations of intercultural studies and philosophical movements. An attempt is made to disassemble the security problem of cloud computing into a certain number of layers, processes, and technologies of thinking, and to reconnect them into a single whole with the character of thinking and activity.
The application of the methodological schemes of the general methodology allows us to transfer the body of texts of publications devoted to the security of cloud computing from the category of research and engineering to the category of practical, which would help to solve the problem of the relationship of openness of cloud environments and their protection from external and internal threats. We are strengthening the psychological thinking that underlies the agreement between the cloud computing provider and cloud users, design and research thinking based on substantive genetic logic. Its difference from formal logic is that its starting point is the situation that develops as a result of the functioning and development of a certain system of activity, in this case, the use of computing technologies in the cloud, the organization of this industry, and the provision of a normal functioning mode.
The expansion of the Internet of things with the inclusion of neuro prostheses [65] and nano mechanisms in this circle will give the methodological organization of security research a new meaning and additional significance. The transfer of the global economy (both at the planetary and local levels) to new platforms based on the inclusion of digital technologies in them will mean the isolation of the field of computing and the formation on the basis of cloudy and foggy computing of a sphere that needs proper immunity and its maintenance. The program idea of Society 5.0 will also require additional rethinking of the existing practice of protecting cloud computing from harmful influences In our opinion, a systematic approach exists only as a unit and a particular organization of the approach "and the corresponding organization of thinking and activity" appear in the representatives of special sciences only because they borrow the means, methods and ontology of methodological methodology and methodological approach. The goal to combine several different objects could be achieved only by using the means and norms of methodology. The expression "system work," therefore, only describes the structure of methodological work and methodology; thus, we can approach the issue of the specifics of the system approach. If we choose a description in the theory of thinking, we will determine the specifics of systemic thinking. But a system approach can also be described in the means of the theory of activity, and then its specificity will be expressed and fixed differently. Thus, here too we must take into account the moment of multiplicity of possible representations. We have presented a figure in which we have reflected the principles of the methodological approach (Figure 1(d)), in which we tried to visualize methodological machine for creating the environment of successful decision of the Cloud Computing Security problems, listed in Section 2, "Literature review."

Conflict of interests
Authors have no conflict of their interests.