عرض بسيط للتسجيلة

المؤلفNhlabatsi, Armstrong
المؤلفHong, Jin B.
المؤلفKim, Dong Seong
المؤلفFernandez, Rachael
المؤلفHussein, Alaa
المؤلفFetais, Noora
المؤلفKhan, Khaled M.
تاريخ الإتاحة2024-03-10T05:42:09Z
تاريخ النشر2021
اسم المنشورIEEE Transactions on Cloud Computing
المصدرScopus
الرقم المعياري الدولي للكتاب21687161
معرّف المصادر الموحدhttp://dx.doi.org/10.1109/TCC.2018.2883063
معرّف المصادر الموحدhttp://hdl.handle.net/10576/52819
الملخصExisting security risk evaluation approaches (e.g., asset-based) do not consider specific security requirements of individual cloud computing clients in the security risk evaluation. In this paper, we propose a threat-specific risk evaluation approach that uses various security attributes of the cloud (e.g., vulnerability information, the probability of an attack, and the impact of each attack associated with the identified threat(s)) as well as the client-specific security requirements in the cloud. Our approach allows a security administrator of the cloud provider to make fine-grained decisions for selecting mitigation strategies in order to protect the outsourced computing assets of individual clients based on their specific security needs against specific threats. This is different from the existing asset-based approaches where they do not have the functionalities to provide the security evaluation of the cloud with respect to specific threats. On the other hand, the proposed approach enables security administrators to compute a range of more effective client-specific countermeasures with respect to the importance of security requirements and threats. The experimental evaluation results demonstrate that effective security solutions vary due to specific threats prioritized by different clients for an application in the cloud. Further, the proposed approach is not limited to only the cloud-based systems, but can easily be adopted to other networked systems. We have also developed a software tool to support the proposed approach.
راعي المشروعThis paper was made possible by Grant NPRP 8-531-1-111 from Qatar National Research Fund (QNRF). The statements made herein are solely the responsibility of the authors.
اللغةen
الناشرInstitute of Electrical and Electronics Engineers Inc.
الموضوعCloud computing
security requirements
security risk evaluation
threat
vulnerability
العنوانThreat-specific security risk evaluation in the cloud
النوعArticle
الصفحات793-806
رقم العدد2
رقم المجلد9
dc.accessType Abstract Only


الملفات في هذه التسجيلة

الملفاتالحجمالصيغةالعرض

لا توجد ملفات لها صلة بهذه التسجيلة.

هذه التسجيلة تظهر في المجموعات التالية

عرض بسيط للتسجيلة