عرض بسيط للتسجيلة

المؤلفNhlabatsi, Armstrong
المؤلفHussein, Alaa
المؤلفFetais, Noora
المؤلفKhan, Khaled M.
تاريخ الإتاحة2024-03-10T05:42:10Z
تاريخ النشر2020
اسم المنشور2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020
المصدرScopus
معرّف المصادر الموحدhttp://dx.doi.org/10.1109/ICIoT48696.2020.9089459
معرّف المصادر الموحدhttp://hdl.handle.net/10576/52820
الملخصSecurity threats posed to individual cloud computing clients vary depending on their specific security requirements. However, Cloud Providers apply generic security risk assessment approaches which result do not consider client-specific security requirements. This results into unrealistic and inaccurate security risk evaluation. In this paper, we describe the detailed design and implementation of a security risk assessment tool. The tool supports a threat-specific method to security risk evaluation. The threat-specific method enables Cloud Providers to evaluate the security risk of their tenants based tenant-specific threats as dictated by their particular security requirements. Evaluation shows that the tool is highly usable, but lacks in scaleability.
راعي المشروعThis paper has described the detailed design and implementation of a threat-specific security risk evaluation tool, called ThreatRiskEvaluator. The tool enables security administrators of Cloud Providers to evaluate security risk from the perspective of different threats for their tenants. The approach is centered on the idea that Cloud tenants have different security requirements and hence they hence care about different threats. ThreatRiskEvaluator helps security administrators decide which threats to prioritize for each of their clients and to formulate more effective security solutions specific to the security requirements of particular clients. Evaluation of the tool shows that it is highly usable, but lacking in scaleability. In the current version of the tool, the user has to manually draw the network topology model. This is time-consumming and may lead to modelling errors, especially, when the network topology is large and complex. We plan to extend the tool to incorporate network scanners to scanner in order to build a more accurate network topology quickly. The evaluation of security risk is dependent on the general vulnerability information supplied by the National Vulnerability Database(NVD). This does not take account that, for a given instance of an Operating system, certain vulnerabilities may have already been patched. The consideration of such threats may lead to inaccurate risk evaluation. In order to address this limitation, we are extending the tool to incorporate a vulnerability scanner so that risk evauation is based only on the vulnerabilities that are not yet patched in a particular node, instead of all the vulnerabilities that are recorded in the NVD. We are in the process of reviewing and optimizing the design of the tool to make more scaleable. ACKNOWLEDGMENT This paper was made possible by Grant NPRP 8-531-1-111 from Qatar National Research Fund (QNRF). The statements made herein are solely the responsibility of the authors.
اللغةen
الناشرInstitute of Electrical and Electronics Engineers Inc.
الموضوعclass diagrams
Cloud computing
domain model
risk assessment
security objectives
security risk
security threats
use cases
vulnerability
العنوانDesign and Implementation of a Threat-Specific Security Risk Assessment Tool
النوعConference
الصفحات511-518
dc.accessType Abstract Only


الملفات في هذه التسجيلة

الملفاتالحجمالصيغةالعرض

لا توجد ملفات لها صلة بهذه التسجيلة.

هذه التسجيلة تظهر في المجموعات التالية

عرض بسيط للتسجيلة