Skip to main content
Springer Nature Link
Log in

Supporting Cloud Service Selection with a Risk-Driven Cost-Benefit Analysis

  • Conference paper
  • First Online:
Advances in Service-Oriented and Cloud Computing (ESOCC 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 567))

Included in the following conference series:

  • 2042 Accesses

Abstract

Our earlier work indicates feasibility of eliciting multi-cloud requirements and thus identifying selectable cloud services based on a risk-driven approach. Once an overview of the selectable services that treat a specific risk is obtained, a decision needs to be taken regarding the final selection. This position paper focuses on providing a practical and simple approach to choosing a concrete cloud service (or a set of thereof) when several alternatives are available. We propose a risk-driven cost-benefit analysis approach and exemplify how a decision maker, such as a business analyst or a multi-cloud architecture designer, can apply it in the context of cloud service selection. The strength of the approach is in its simplicity, since the approach is based on a set of relatively comprehensible guidelines. Still, we consider this to be work in progress, since an analysis of how to combine a set of interdependent cloud services (which address several respective risks) is necessary for enabling a full-scale design of a multi-cloud based architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Best known acceptance criteria in practical use are colors shaded on a two-dimensional risk matrix – a table with frequency and consequence levels on the two respective axes, where the fields of combinations of the two factors are colored by for example green (acceptable), yellow (should be examined closer) and red (unacceptable).

References

  • Alberts, C.J., Davey, J.: OCTAVE criteria version 2.0. Technical report CMU/SEI-2001-TR-016, Carnegie Mellon University (2004)

    Google Scholar 

  • Barber, B., Davey, J.: The use of the CCTA risk analysis and management methodology cramm in health information systems. In: 7th International Congress on Medical Informatics (1992)

    Google Scholar 

  • Daneva, M.: Applying real options thinking to information security in networked organizations. CTIT Report TR-CTIT-06-11. Technical report, University of Twente (2006)

    Google Scholar 

  • Fenton, N.E., Pfleeger, S.L.: A Rigorous and Practical Approach, 2nd edn. PWS Publishing Company, Boston (1997)

    Google Scholar 

  • Gupta, S., Dominiak, J., Matthews, P., Mulero, V.M., Omerovic, A.: Decision Making Toolkit Prototype - Final Version. MODAClouds project deliverable D 2.3.3 (2015a)

    Google Scholar 

  • Gupta, S., Muntes-Mulero, V., Matthews, P., Dominiak, J., Omerovic, A., Aranda, J., Seycek, S.: Risk-driven framework for decision support in cloud service selection. In: 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CC-GRID 2015), Shenzhen, Guangdong, China. IEEE/ACM (2015b)

    Google Scholar 

  • Houmb, S.H., Georg, G., France, R., Bieman, J., Jürjens, J.: Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development. In: 10th International Conference on Engineering of Complex Computer Systems, pp. 195–204. IEEE Computer Society (2005)

    Google Scholar 

  • IEC: International Electrotechnical Commission. IEC 60300-3-9 Dependability management - Part 3: Application guide - Section 9: Risk analysis of technological systems - Event Tree Analysis. International Electrotechnical Commission (1995)

    Google Scholar 

  • IEC: International Electrotechnical Commission. IEC 61025 Fault Tree Analysis Edition 2.0 (FTA). Technical report, International Electrotechnical Commission (2006)

    Google Scholar 

  • Kazman, R., Asundi, J., Klein, M.: Making architecture design decisions: an economic approach. Technical report CMU/SEI-2002-TR-035. Carnegie Mellon (2002)

    Google Scholar 

  • Kazman, R., Klein, M., Clements, P.: Method for architecture evaluation. Technical report CMU/SEI-2000-TR-004. Carnegie Mellon (2000)

    Google Scholar 

  • Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis - The CORAS Approach. Springer, Heidelberg (2011)

    Book  MATH  Google Scholar 

  • Nielsen, D.S.: The cause/consequence diagram method as basis for quantitative accident analysis. Technical report RISO-M-1374. Danish Atomic Energy Commission (1971)

    Google Scholar 

  • Omerovic, A.: PREDIQT: a method for model-based prediction of impacts of architectural design changes on system quality. Doctoral dissertation, Faculty of Mathematics and Natural Sciences, University of Oslo, Oslo (2012)

    Google Scholar 

  • Omerovic, A., Karahasanovic, A., Stølen, K.: Uncertainty handling in weighted dependency trees: a systematic literature review. In: Dependability and Computer Engineering: Concepts for Software-Intensive Systems. IGI Global (2012a)

    Google Scholar 

  • Omerovic, A., Solhaug, B., Stølen, K.: Assessing practical usefulness and performance of the PREDIQT method: an industrial case study. Inf. Softw. Technol. 54(12), 1377–1395 (2012b)

    Article  Google Scholar 

  • Omerovic, A., Stølen, K.: A practical approach to uncertainty handling and estimate acquisition in model-based prediction of system quality. Int. J. Adv. Syst. Meas. 4(1–2), 55–70 (2011)

    Google Scholar 

  • Singh, A.G., Omerovic, A., Chauvel, F., Ferry, N.: An experience report. In: Proceedings of the 13th Workshop on Adaptive and Reflective Middleware, ARM 2014, pp. 7:1–7:6. ACM, New York (2014)

    Google Scholar 

  • Singh, A.G., Omerovic, A., Chauvel, F., Ferry, N.: Towards feature-driven goal fulfillment analysis - a feasibility study. In: Proceedings of the 3rd International Conference on Model-Driven Engineering and Software Development, pp. 193–204 (2015)

    Google Scholar 

  • Sonnenreich, W., Albanese, J., Stout, B.: Return on security investment (ROSI)-a practical quantitative model. J. Res. Pract. Inf. Technol. 38(1), 45–56 (2006)

    Google Scholar 

Download references

Acknowledgments

This work has been supported by the MODAClouds project (Grant Agreement FP7-318484) funded by European Commission within the 7th Framework Programme.

Author information

Authors and Affiliations

  1. SINTEF, Trondheim, Norway

    Aida Omerovic

Authors
  1. Aida Omerovic
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aida Omerovic .

Editor information

Editors and Affiliations

  1. DICIEAMA, University of Messina, Messina, Italy

    Antonio Celesti

  2. Software Evolution and Architecture Lab, University of Zürich Software Evolution and Architecture Lab, Zürich, Switzerland

    Philipp Leitner

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Omerovic, A. (2016). Supporting Cloud Service Selection with a Risk-Driven Cost-Benefit Analysis. In: Celesti, A., Leitner, P. (eds) Advances in Service-Oriented and Cloud Computing. ESOCC 2015. Communications in Computer and Information Science, vol 567. Springer, Cham. https://doi.org/10.1007/978-3-319-33313-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-33313-7_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-33312-0

  • Online ISBN: 978-3-319-33313-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics