Authors : Olumide Bashiru Abiola; Matthew Onuh Ijiga

Volume/Issue : Volume 10 - 2025, Issue 5 - May

Google Scholar : https://tinyurl.com/47k9sdwu

Scribd : https://tinyurl.com/bp7rndx5

DOI : https://doi.org/10.38124/ijisrt/25may587

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : The growing complexity of cloud infrastructures and the increasing sophistication of cyber threats necessitate a paradigm shift in cloud security architecture. This review explores the integration of dynamic confidential computing with continuous cloud security posture monitoring (CCSPM) to develop a Zero Trust-based threat mitigation model. Confidential computing, through trusted execution environments (TEEs), ensures data protection during processing, addressing critical gaps in data-in-use security. When combined with CCSPM tools, which provide real-time visibility and risk assessment, organizations can achieve adaptive and proactive defense mechanisms. This paper examines the fundamental principles of confidential computing, the operational mechanisms of CCSPM, and the implementation of Zero Trust frameworks across distributed cloud environments. It further proposes a dynamic model that fuses telemetry from posture monitoring with policy-based access control to enforce continuous verification and threat response. The synergistic approach promises enhanced data integrity, reduced attack surfaces, and scalable threat resilience. Finally, the paper outlines current limitations, standardization challenges, and research opportunities for advancing secure and trustworthy cloud ecosystems.

Keywords : Confidential Computing, Zero Trust Architecture, Cloud Security Posture Monitoring (CSPM), Trusted Execution Environments (TEEs), Threat Mitigation, Cloud Security Framework.

References :

1. Ahmadi, S. (2024). Zero trust architecture in cloud networks: Application, challenges and future opportunities. Journal of Engineering Research and Reports, 26(2), 215-228.
2. Akinade, A. O., Adepoju, P. A., Ige, A. B., & Afolabi, A. I. (2024). Cloud security challenges and solutions: A review of current best practices. Int. J. Multidiscip. Res. Growth Eval, 6, 26-35.
3. Alasmary, W., Mehmood, R., & Katib, I. (2021). Intelligent cloud-native security posture management for adaptive threat mitigation. Future Generation Computer Systems, 125, 503–514. https://doi.org/10.1016/j.future.2021.06.016
4. Ali, W., & Awad, A. I. (2021). A trust-aware cloud security posture assessment framework based on continuous monitoring. Future Generation Computer Systems, 124, 178–190. https://doi.org/10.1016/j.future.2021.05.014
5. Alim, M. A., Eshete, B., & Liu, Z. (2021). Adaptive security posture monitoring in cloud systems using machine learning and real-time analytics. Journal of Cloud Computing: Advances, Systems and Applications, 10(1), 1–18. https://doi.org/10.1186/s13677-021-00239-2
6. Alshamrani, A., Myneni, S., Chowdhary, A., & Huang, D. (2019). A defense-in-depth framework for cloud security using automated policy enforcement and anomaly detection. Future Generation Computer Systems, 99, 605–614. https://doi.org/10.1016/j.future.2019.05.031
7. Chandramouli, R., & Dang, Q. H. (2020). Zero Trust Architecture. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207
8. Chandrasekaran, S., Gupta, G., & Shanthini, A. (2021). A zero trust-based adaptive threat detection model for securing hybrid cloud infrastructures. Journal of Cloud Computing, 10(1), 1–19. https://doi.org/10.1186/s13677-021-00247-5
9. Cheng, R., Zhang, F., Kos, J., He, W., Hynes, N., Johnson, N., ... & Song, D. (2018). Ekiden: A platform for confidentiality-preserving, trustworthy, and performant smart contract execution. arXiv preprint arXiv:1804.05141.
10. Costan, V., & Devadas, S. (2016). Intel SGX explained. IACR Cryptology ePrint Archive, 2016, 86. https://eprint.iacr.org/2016/086
11. Costan, V., & Devadas, S. (2016). Intel SGX explained. Proceedings of the IEEE Symposium on Security and Privacy, 1(1), 1–27. https://scholar.google.com/scholar_lookup?title=Intel%20SGX%20explained&author=Costan&publication_year=2016
12. Costan, V., & Devadas, S. (2016). Intel SGX Explained. Proceedings of the 2016 IEEE Symposium on Security and Privacy, 1–18. https://doi.org/10.1109/SP.2016.35
13. Costan, V., Leblanc, S., & Devadas, S. (2016). Sanctum: Minimal hardware extensions for strong software isolation. Proceedings of the 25th USENIX Security Symposium, 857–874. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/costan
14. Damaraju, A. (2022). Integrating Zero Trust with Cloud Security: A Comprehensive Approach. Journal Environmental Sciences and Technology, 1(1), 279-291.
15. Gade, K. R. (2022). Cloud-Native Architecture: Security Challenges and Best Practices in Cloud-Native Environments. Journal of Computing and Information Technology, 2(1).
16. Goltzsche, D., Rüsch, S., Nieke, M., Vaucher, S., Weichbrodt, N., Schiavoni, V., & Kapitza, R. (2018, June). Endbox: Scalable middlebox functions using client-side trusted execution. In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (pp. 386-397). IEEE.
17. Jimmy, F. N. U. (2023). Cloud security posture management: tools and techniques. Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online), 2(3).
18. Jimmy, F. N. U. (2023). Cloud security posture management: tools and techniques. Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online), 2(3).
19. Kodakandla, N. (2024). Securing Cloud-Native Infrastructure with Zero Trust Architecture. Journal of Current Science and Research Review, 2(02), 18-28.
20. Kodakandla, N. (2024). Securing Cloud-Native Infrastructure with Zero Trust Architecture. Journal of Current Science and Research Review, 2(02), 18-28.
21. Korada, L. (2024). Use Confidential Computing to Secure Your Critical Services in Cloud. Machine Intelligence Research, 18(2), 290-307.
22. Mavroeidis, V., Vishi, K., Zych, M. D., & Jøsang, A. (2020). The security and privacy of smart environments: A critical review. Journal of Information Security and Applications, 52, 102500. https://doi.org/10.1016/j.jisa.2020.102500
23. Mohammadi, M., Al-Fuqaha, A., Guizani, M., & Oh, J. (2018). Semi-supervised deep reinforcement learning in support of IoT and smart city services. IEEE Internet of Things Journal, 5(2), 624–635. https://doi.org/10.1109/JIOT.2017.2744138
24. Raj, H., Le T., Saroiu, S., Wolman, A., & England, P. (2016). Flicker: A flexible platform for secure system extensions. ACM SIGOPS Operating Systems Review, 40(4), 315–328. https://doi.org/10.1145/1168857.1168901
25. Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), 199–212. https://doi.org/10.1145/1653662.1653687
26. Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207
27. Russinovich, M., Costa, M., Fournet, C., Chisnall, D., & Delignat-Lavaud, A. (2023). Confidential computing: Elevating cloud security and privacy. Queue, 21(4), 44–48. https://doi.org/10.1145/3623461(ResearchGate)
28. Sabt, M., Achemlal, M., & Bouabdallah, A. (2015). Trusted execution environment: What it is, and what it is not. IEEE Trustcom/BigDataSE/ISPA, 1, 57–64. https://doi.org/10.1109/Trustcom.2015.357
29. Shafagh, H., Burkhalter, L., Hithnawi, A., & Hubaux, J. P. (2017). Towards blockchain-based auditable storage and sharing of IoT data. Proceedings of the 2017 on Cloud Computing Security Workshop (CCSW), 45–50. https://doi.org/10.1145/3140649.3140656
30. Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., Chen, S., & Li, J. (2021). A review on security challenges in cloud computing: Issues, solutions, and future directions. Journal of Network and Computer Applications, 179, 102983. https://doi.org/10.1016/j.jnca.2020.102983
31. Shih, M. W., Wang, J., Dautenhahn, N., & Lee, R. B. (2021). Enforcing zero trust security policies using enclave-based isolation in cloud environments. IEEE Transactions on Dependable and Secure Computing, 18(3), 1073–1087. https://doi.org/10.1109/TDSC.2019.2906006
32. Shinde, S., Shrestha, B., Shanbhogue, V., Pei, F., Xu, Z., Wolff, F., & Seshia, S. A. (2017). PANOPLY: Low-TCB Linux Applications with SGX Enclaves. Proceedings of the 2017 USENIX Annual Technical Conference (USENIX ATC 17), 1–14. https://www.usenix.org/conference/atc17/technical-sessions/presentation/shinde
33. Taherkordi, A., Zahid, F., Verginadis, Y., & Horn, G. (2018). Future cloud systems design: challenges and research directions. IEEE Access, 6, 74120-74150.
34. Tuyishime, E., Balan, T. C., Cotfas, P. A., Cotfas, D. T., & Rekeraho, A. (2023). Enhancing cloud security—proactive threat monitoring and detection using a siem-based approach. Applied Sciences, 13(22), 12359.
35. Ullah, I., Ahmad, F., & Kim, D. (2021). Security and performance evaluation of cloud-native security posture management systems. Future Generation Computer Systems, 124, 131–145. https://doi.org/10.1016/j.future.2021.05.006
36. Zhang, Y., Chen, X., Zhang, L., & Liu, Y. (2021). Towards secure and efficient data sharing in cloud computing using trusted execution environments. IEEE Transactions on Cloud Computing, 9(3), 1247–1259. https://doi.org/10.1109/TCC.2019.2904461
37. Zhang, Y., Qiu, M., Tsai, C. W., Hassan, M. M., & Alamri, A. (2017). Health-CPS: Healthcare Cyber-Physical System Assisted by Cloud and Big Data. IEEE Systems Journal, 11(1), 88–95. https://doi.org/10.1109/JSYST.2015.2460747