Show simple item record

AuthorNhlabatsi, Armstrong
AuthorHong, Jin B.
AuthorKim, Dong Seong
AuthorFernandez, Rachael
AuthorHussein, Alaa
AuthorFetais, Noora
AuthorKhan, Khaled M.
Available date2024-03-10T05:42:09Z
Publication Date2021
Publication NameIEEE Transactions on Cloud Computing
ResourceScopus
ISSN21687161
URIhttp://dx.doi.org/10.1109/TCC.2018.2883063
URIhttp://hdl.handle.net/10576/52819
AbstractExisting security risk evaluation approaches (e.g., asset-based) do not consider specific security requirements of individual cloud computing clients in the security risk evaluation. In this paper, we propose a threat-specific risk evaluation approach that uses various security attributes of the cloud (e.g., vulnerability information, the probability of an attack, and the impact of each attack associated with the identified threat(s)) as well as the client-specific security requirements in the cloud. Our approach allows a security administrator of the cloud provider to make fine-grained decisions for selecting mitigation strategies in order to protect the outsourced computing assets of individual clients based on their specific security needs against specific threats. This is different from the existing asset-based approaches where they do not have the functionalities to provide the security evaluation of the cloud with respect to specific threats. On the other hand, the proposed approach enables security administrators to compute a range of more effective client-specific countermeasures with respect to the importance of security requirements and threats. The experimental evaluation results demonstrate that effective security solutions vary due to specific threats prioritized by different clients for an application in the cloud. Further, the proposed approach is not limited to only the cloud-based systems, but can easily be adopted to other networked systems. We have also developed a software tool to support the proposed approach.
SponsorThis paper was made possible by Grant NPRP 8-531-1-111 from Qatar National Research Fund (QNRF). The statements made herein are solely the responsibility of the authors.
Languageen
PublisherInstitute of Electrical and Electronics Engineers Inc.
SubjectCloud computing
security requirements
security risk evaluation
threat
vulnerability
TitleThreat-specific security risk evaluation in the cloud
TypeArticle
Pagination793-806
Issue Number2
Volume Number9
dc.accessType Abstract Only


Files in this item

FilesSizeFormatView

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record