A Quantitative Methodology for Cloud Security Risk Assessment

被引:4
|
作者
Basu, Srijita [1 ]
Sengupta, Anirban [1 ]
Mazumdar, Chandan [2 ]
机构
[1] Jadavpur Univ, Ctr Distributed Comp, 188 Raja SC Mullick Rd, Kolkata, India
[2] Jadavpur Univ, Dept Comp Sci & Engn, 188 Raja SC Mullick Rd, Kolkata, India
来源
CLOSER: PROCEEDINGS OF THE 7TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND SERVICES SCIENCE | 2017年
关键词
Asset Dependency; Cloud Security; Cloud Service Provider; Risk Assessment; Security Concern;
D O I
10.5220/0006294401200131
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Assets of Cloud stakeholders (Service Providers, Consumers and Third Parties) are the essential elements required to carry out necessary functions / services of the cloud system. Assets usually contain vulnerabilities that may be exploited by threats to jeopardize the functioning of the cloud system. Therefore a proper risk assessment methodology is required to determine the asset-specific and stakeholder-specific risks so as to be able to control them. Existing methodologies fail to comprehensively evaluate various risk elements like asset value, vulnerabilities and threats. This paper is an attempt to quantitatively model all risk elements and devise a methodology to assess risks to assets and stakeholders of a cloud system.
引用
收藏
页码:92 / 103
页数:12
相关论文
共 50 条
  • [21] Security Risk Assessment on Cloud: A Systematic Mapping Study
    Annunziata, Giusy
    Sheykina, Alexandra
    Palomba, Fabio
    De Lucia, Andrea
    Catolino, Gemma
    Ferrucci, Filomena
    PROCEEDINGS OF 2024 28TH INTERNATION CONFERENCE ON EVALUATION AND ASSESSMENT IN SOFTWARE ENGINEERING, EASE 2024, 2024, : 604 - 613
  • [22] Security risk assessment framework for cloud computing environments
    Albakri, Sameer Hasan
    Shanmugam, Bharanidharan
    Samy, Ganthan Narayana
    Idris, Norbik Bashah
    Ahmed, Azuan
    SECURITY AND COMMUNICATION NETWORKS, 2014, 7 (11) : 2114 - 2124
  • [23] A Formal Methodology for Enterprise Information Security Risk Assessment
    Bhattacharjee, Jaya
    Sengupta, Anirban
    Mazumdar, Chandan
    2013 INTERNATIONAL CONFERENCE ON RISKS AND SECURITY OF INTERNET AND SYSTEMS (CRISIS), 2013,
  • [24] Quantitative Risk Assessment of Container Based Cloud Platform
    Mostajeran, Ehsan
    Mydin, Mohd Nizam Mohd
    Khalid, Mohammad Fairus
    Ismail, Bukhary Ikhwan
    Kandan, Rajendar
    Hoe, Ong Hong
    2017 IEEE CONFERENCE ON APPLICATION, INFORMATION AND NETWORK SECURITY (AINS), 2017, : 19 - 24
  • [25] A methodology to quantitative ecological risk assessment for industrial accidents
    Duarte, O. H.
    Droguett, E. A.
    ADVANCES IN SAFETY, RELIABILITY AND RISK MANAGEMENT, 2012, : 1258 - 1265
  • [26] Uses of benchmark dose methodology in quantitative risk assessment
    Starr, TB
    Goodman, JI
    Hoel, DG
    REGULATORY TOXICOLOGY AND PHARMACOLOGY, 2005, 42 (01) : 1 - 2
  • [27] Towards Integrated Quantitative Security and Safety Risk Assessment
    Dobaj, Juergen
    Schmittner, Christoph
    Krisper, Michael
    Macher, Georg
    COMPUTER SAFETY, RELIABILITY, AND SECURITY, SAFECOMP 2019, 2019, 11699 : 102 - 116
  • [28] Cyber Security Risk Modelling and Assessment: A Quantitative Approach
    Sokri, Abderrahmane
    PROCEEDINGS OF THE 18TH EUROPEAN CONFERENCE ON CYBER WARFARE AND SECURITY (ECCWS 2019), 2019, : 466 - 474
  • [29] A new quantitative approach for information security risk assessment
    Asosheh, Abbas
    Dehmoubed, Bijan
    Khani, Amir
    2009 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY, VOL 2, 2009, : 222 - +
  • [30] Quantitative Security Risk Assessment of Android Permissions and Applications
    Wang, Yang
    Zheng, Jun
    Sun, Chen
    Mukkamala, Srinivas
    DATA AND APPLICATIONS SECURITY AND PRIVACY XXVII, 2013, 7964 : 226 - 241
12345