An Adjustable Risk Assessment Method for a Cloud System

Chi An Chih, Yu-Lun Huang*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

Although cloud computing technologies provide many advantages for organizations, security is still a barrier for wide-spread adoption to the public. Many cloud systems suffer from various attacks, including unauthorized data modification, denial of service, etc. The existing researches use risk assessments to evaluate the security of a cloud environment either from a CSP's viewpoint or from a user's point of view. The results of these works may not be precise enough, nor can they satisfy both CSP's and user's security requirements. We propose an Adjustable Cloud Risk Assessment systeM (ACRAM) for Cloud Service Providers (CSPs) and users to assess the cloud security. ACRAM consists of a risk assessment module running at two modes (Offline or Online mode) with the help of Security Service Level Agreement (SecSLA) signed by the CSP and the cloud user. The Offline mode is used for assessing the risk of a cloud based on the historical software vulnerabilities, while the Online mode is for assessing the risk of a cloud system at RUNTIME. To explain how ACRAM works for altering the potential threats in a cloud system, we conduct an experiment using different weights in Confidentiality (C), Integrity (I) and Availability (A). The results show that 1) CSP can protect future users from being co-located with a possible attacker, 2) CSP can take some risk mitigation to meet a user's requirements and keep the user from being attacked.

Original languageEnglish
Title of host publicationProceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages115-120
Number of pages6
ISBN (Electronic)9781467395984
DOIs
StatePublished - 6 Nov 2015
EventIEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2015 - Vancouver, Canada
Duration: 3 Aug 20155 Aug 2015

Publication series

NameProceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2015

Conference

ConferenceIEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2015
CountryCanada
CityVancouver
Period3/08/155/08/15

Keywords

  • Cloud Risk Assessment
  • Cloud Security

Fingerprint Dive into the research topics of 'An Adjustable Risk Assessment Method for a Cloud System'. Together they form a unique fingerprint.

Cite this