| Item type |
JInfP(1) |
| 公開日 |
2015-07-15 |
| タイトル |
|
|
タイトル |
Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms |
| タイトル |
|
|
言語 |
en |
|
タイトル |
Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms |
| 言語 |
|
|
言語 |
eng |
| キーワード |
|
|
主題Scheme |
Other |
|
主題 |
[Special Issue of Applications and the Internet in Conjunction with Main Topics of COMPSAC 2014] cloud computing, security, risk, quantification |
| 資源タイプ |
|
|
資源タイプ識別子 |
http://purl.org/coar/resource_type/c_6501 |
|
資源タイプ |
journal article |
| 著者所属 |
|
|
|
Nara Institute of Science and Technology |
| 著者所属 |
|
|
|
Nara Institute of Science and Technology |
| 著者所属 |
|
|
|
Nara Institute of Science and Technology |
| 著者所属 |
|
|
|
Nara Institute of Science and Technology |
| 著者所属(英) |
|
|
|
en |
|
|
Nara Institute of Science and Technology |
| 著者所属(英) |
|
|
|
en |
|
|
Nara Institute of Science and Technology |
| 著者所属(英) |
|
|
|
en |
|
|
Nara Institute of Science and Technology |
| 著者所属(英) |
|
|
|
en |
|
|
Nara Institute of Science and Technology |
| 著者名 |
Doudou, Fall
Takeshi, Okuda
Youki, Kadobayashi
Suguru, Yamaguchi
|
| 著者名(英) |
Doudou, Fall
Takeshi, Okuda
Youki, Kadobayashi
Suguru, Yamaguchi
|
| 論文抄録 |
|
|
内容記述タイプ |
Other |
|
内容記述 |
Cloud computing has revolutionized information technology, in that It allows enterprises and users to lower computing expenses by outsourcing their needs to a cloud service provider. However, despite all the benefits it brings, cloud computing raises several security concerns that have not yet been fully addressed to a satisfactory note. Indeed, by outsourcing its operations, a client surrenders control to the service provider and needs assurance that data is dealt with in an appropriate manner. Furthermore, the most inherent security issue of cloud computing is multi-tenancy. Cloud computing is a shared platform where users' data are hosted in the same physical infrastructure. A malicious user can exploit this fact to steal the data of the users whom he or she is sharing the platform with. To address the aforementioned security issues, we propose a security risk quantification method that will allow users and cloud computing administrators to measure the security level of a given cloud ecosystem. Our risk quantification method is an adaptation of the fault tree analysis, which is a modeling tool that has proven to be highly effective in mission-critical systems. We replaced the faults by the probable vulnerabilities in a cloud system, and with the help of the common vulnerability scoring system, we were able to generate the risk formula. In addition to addressing the previously mentioned issues, we were also able to quantify the security risks of a popular cloud management stack, and propose an architecture where users can evaluate and rank different cloud service providers. |
| 論文抄録(英) |
|
|
内容記述タイプ |
Other |
|
内容記述 |
Cloud computing has revolutionized information technology, in that It allows enterprises and users to lower computing expenses by outsourcing their needs to a cloud service provider. However, despite all the benefits it brings, cloud computing raises several security concerns that have not yet been fully addressed to a satisfactory note. Indeed, by outsourcing its operations, a client surrenders control to the service provider and needs assurance that data is dealt with in an appropriate manner. Furthermore, the most inherent security issue of cloud computing is multi-tenancy. Cloud computing is a shared platform where users' data are hosted in the same physical infrastructure. A malicious user can exploit this fact to steal the data of the users whom he or she is sharing the platform with. To address the aforementioned security issues, we propose a security risk quantification method that will allow users and cloud computing administrators to measure the security level of a given cloud ecosystem. Our risk quantification method is an adaptation of the fault tree analysis, which is a modeling tool that has proven to be highly effective in mission-critical systems. We replaced the faults by the probable vulnerabilities in a cloud system, and with the help of the common vulnerability scoring system, we were able to generate the risk formula. In addition to addressing the previously mentioned issues, we were also able to quantify the security risks of a popular cloud management stack, and propose an architecture where users can evaluate and rank different cloud service providers. |
| 書誌レコードID |
|
|
収録物識別子タイプ |
NCID |
|
収録物識別子 |
AA00700121 |
| 書誌情報 |
Journal of information processing
巻 23,
号 4,
p. 465-475,
発行日 2015-07-15
|
| ISSN |
|
|
収録物識別子タイプ |
ISSN |
|
収録物識別子 |
1882-6652 |
| 出版者 |
|
|
言語 |
ja |
|
出版者 |
情報処理学会 |
IPSJ-JIP2304011.pdf (1.4 MB)
