That's a pretty nice challenge... I did some work on that already as a part of my MSc. Thesis, and I started working to publish a full article on that in a journal when I finished my MSc. I'm more than 60% done with the article already. We can share ideas about it if you don't mind, as a form of collaboration, and I'll credit you as a co-Author when I publish the research...

Thanks!!!

what other research challenges need to be addressed in IaaS/PaaS that you analysed during your research work?

Security point of View, the difference between SaaS and IaaS are;

SaaS: In SaaS, the Cloud Customers will use Software as a Solution for their Business process,here Customer wont be having any control over it, the Cloud Service Provider will have ultimate control so it directly rises the issue of Security.

IaaS:In Infrastructure as a Solution, the Cloud User will be having control over application,software and on some platform but the data process and storage takes place out of the organisational infrastructure, wherefore it involves data protection and other security threats like Cyber attack.

You can start from here - if you haven't already found it

https://cloudsecurityalliance.org/

There are still challenges on Resource Allocation, Resource Monitoring, and Adherence to Service Level Agreements (SLAs)...

There is a lot of resource crunch over cloud security  . However there were some organisations which work towards finding best practices and providing advocacy to professionals , organisations and industry  .

There were Top 10 Risks Published on cloud security from OWASP (Formerly popular for web app security).

1. Accountability and Data Ownership

2.User Identity Federation

3. Regulatory Compliance

4.Business Continuity and Resiliency

5.User Privacy and Secondary Usage of Data

6.Service and Data Integration

7.Multi Tenancy and Physical Security

8.Incidence Analysis and Forensic Support

9. Infrastructure Security

10.Non Production Environment Exposure

You may find more info on..

https://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project

https://www.owasp.org/images/4/47/Cloud-Top10-Security-Risks.pdf

http://www.nist.gov/itl/csd/cloud-061113.cfm

Hope this helps ...!

A "hot topic" in IaaS clouds is trust: How can the cloud customer trust the cloud provider? The easy - in my opinion solved - "problem" is: confidentiality of DATA sent to STORAGE clouds -> solution: just encrypt the data at the customer's site; then send it. Same with integrity of data sent to storage clouds: just add a default integrity technology (MAC oder digital signature): check it after receiving back the data from the cloud.

The real problem (and thus) the hot topic is: How can the cloud customer trust the cloud provider when sending CODE to the cloud. We cannot just encrypt the code at the customer site. The provider must decrypt the code on his site -> the problem is: the provider has full insight (and control) of code sent to the cloud. This scenario is the normal scenario in many cloud environments: sending code (=virtual machines) to the provider or hosting (private) virtual machines that belong to the customer at the provider site. If you are interested in this topic see the slides of my talk I gave at ECCWS2014 and my paper.

https://www.researchgate.net/publication/264338893_RetainingControlSimma_v6?ev=prf_pub

https://www.researchgate.net/publication/264037748_Retaining_Control_Over_Private_Virtual_Machines_Hosted_by_a_Cloud_Provider

Data RetainingControlSimma v6

Conference Paper Retaining Control Over Private Virtual Machines Hosted by a ...

Data Security is the key issue as well as others below 

Network Security

Authentication

Access

Data confidentiality

Web Application Security