Abstract
The cloud computing is a new trending paradigm that presents several benefits in achieving rapid and scalable resource provisioning capabilities to their users. Despite the fact that cloud computing offers many cost benefits for their cloud users, number of security risk are emerging in association with cloud usage that need to be assessed. Assessing risk in Cloud computing environment remains an open research issue. This paper presents a comprehensive and shared risk assessment method for cloud computing that will add a great help and assistance to both cloud consumers and cloud providers, which is also in compliance with all the specific characteristics of the Cloud Computing. An experimental result will be showed at the end to demonstrate the effectiveness of this new risk assessment model.
Keywords
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
Cloud Security Alliance (CSA): Top threats to cloud computing, version 1.0, March 2010. http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
Kaliski Jr., B.S., Pauley, W.: Toward Risk Assessment as a Service in Cloud Environment. EMC Corporation, Hopkinton (2010)
EBIOS, Central Directorate for Information Systems Security, Version 2010 website. http://www.ssi.gouv.fr
Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE), Carnegie Mellon - Software Engineering Institute (1999)
Method Harmonized Risk Analysis (MEHARI) Principles and mechanisms CLUSIF, issue 3, October 2004
Mell, P., Grance, T.: Perspectives on cloud computing and standards. National Institute of Standards and Technology (NIST). Information Technology Laboratory (2009)
CSS, White paper on software and service architectures, Infrastructures and Engineering – Action Paper on the area for the future EU competitiveness: Background information, Version 1.3, vol. 2 (retrieved: 15.08.2010). http://www.euecss.eu/contents/documentation/volume%20two_ECSS%20White%20Paper.pdf
Miller, M.: Cloud computing: Web-based applications that change the way you work and collaborate online. Indianapolis (2008)
Van Scoy, R.L.: Software Development Risk: Opportunity, Not Problem
Farrell, R.: Securing the cloud-governance, risk and compliance issues reign supreme. Information Security Journal: A Global Perspective (2010)
Sayouti, A., Medromi, H.: Les Systèmes Multi-Agents: Application au Contrôle sur Internet, Auteurs Éditions universitaires européennes, Août 2012
Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: The Proceedings of the IEEE 3rd International Conference on Cloud Computing, pp. 280–288 (2010)
Peiyu, L., Dong, L.: The New Risk Assessment Model for Information System in Cloud Computing Environment. Procedia Engineering 15, 3200–3204 (2011)
Xuan, Z., Wuwong, N., et al.: Information security risk management framework for the cloud computing environments. In: 2010 IEEE 10th International Conference on Computer and Information Technology (CIT) (2010)
Sangroya, A., Kumar, S., Dhok, J., Varma, V.: Towards analyzing data security risks in cloud computing environments. In: International Conference on Information Systems, Technology, and Management (ICISTM), Bangkok, Thailand (2010)
Drissi, S., Houmani, H., Medromi, H.: Survey: risk assessment for cloud computing. International Journal of Advanced Computer Science and Applications, pp. 143–148 (2013)
Altuzarra, A., Moreno-Jimnez, J.M., Salvador, M.: A Bayesian prioritization procedure for AHP-group decision making. European Journal of Operational Research 182(1), 367–382 (2007)
Ramanathan, R., Ganesh, L.S.: Group preference aggregation methods employed in AHP: An evaluation and an intrinsic process for deriving members’ weightages. European Journal of Operational Research 79(2), 249–265 (1994)
Dyer, R.F., Forman, E.H.: Group decision support with the analytic hierarchy process. Decision Support Systems 8(2), 99–124 (1992)
Lichtenstein, S.: Factors in the selection of a risk assessment method. Information Management & Computer Security 4(4), 20–25 (1996)
Drissi, S., Medromi, H.: A new risk assessment approach for cloud consumer. Journal of Communication and Computer 11, 52–58 (2014)
Free Security Assessment by Trend Micro, Security Assessment Tool
Onwudebelu, U., Chukuka, B.: Will adoption of cloud computing put the enterprise at risk? In: 2012 IEEE 4th International Conference on Adaptive Science & Technology (ICAST), October 25–27, pp. 82–85 (2012)
Security Risk Assessment for Cloud and Web. Cenzic Cloud
SecaaS Category 5 Security Assessments Implementation Guidance. Cloud Security Alliance, September 2012
Fito, J.O., Macias, M., Guitart, J.: Toward business-driven risk management for cloud computing. In: 2010 International Conference on Network and Service Management (CNSM), October 25–29, pp. 238–241 (2010)
Djemame, K., et al.: A risk assessment framework and software toolkit for cloud service ecosystems. In: Cloud Computing 2011, The Second International Conference on Cloud Computing, GRIDs, and Virtualization (2011)
Tanimoto, S., Hiramoto, M., Iwashita, M., Sato, H., Kanai, A.: Risk management on the security problem in cloud computing. In: 2011 First ACIS/JNU International Conference on Computers Networks, Systems and Industrial Engineering (CNSI), May 23–25, pp. 147–152 (2011)
Leitold, F., Hadarics, K.: Measuring security risk in the cloud-enabled enterprise. In: 2012 7th International Conference on Malicious and Unwanted Software (MALWARE), October 16–18, pp. 62–66 (2012)
Zhang, J., Sun, D., Zhai, D.: A research on the indicator system of cloud computing security risk assessment. In: 2012 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (ICQR2MSE), June 15–18, pp. 121–123 (2012)
Chandran, S., Angepat, M.: Cloud computing: analyzing the risk involved in cloud computing environments. In: Proceedings of Natural Sciences and Engineering, Sweden, pp. 2–4 (2010)
Cloud Security Alliance, Cloud Control Matri, September 26, 2013
Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, risks and recommendations or information security. ENISA (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Drissi, S., Benhadou, S., Medromi, H. (2016). A New Shared and Comprehensive Tool of Cloud Computing Security Risk Assessment. In: Sabir, E., Medromi, H., Sadik, M. (eds) Advances in Ubiquitous Networking. UNet 2015. Lecture Notes in Electrical Engineering, vol 366. Springer, Singapore. https://doi.org/10.1007/978-981-287-990-5_13
Download citation
DOI: https://doi.org/10.1007/978-981-287-990-5_13
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-287-989-9
Online ISBN: 978-981-287-990-5
eBook Packages: EngineeringEngineering (R0)