WEKO3
-
RootNode
アイテム
Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms
https://ipsj.ixsq.nii.ac.jp/records/142351
https://ipsj.ixsq.nii.ac.jp/records/142351fb14fb9d-f701-44c6-8fe5-cae4565721cc
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL5606011 (1.4 MB)
|
Copyright (c) 2015 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2015-06-15 | |||||||||||||
| タイトル | ||||||||||||||
| タイトル | Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms | |||||||||||||
| タイトル | ||||||||||||||
| 言語 | en | |||||||||||||
| タイトル | Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms | |||||||||||||
| 言語 | ||||||||||||||
| 言語 | eng | |||||||||||||
| キーワード | ||||||||||||||
| 主題Scheme | Other | |||||||||||||
| 主題 | [特集:Applications and the Internet in Conjunction with Main Topics of COMPSAC 2014] cloud computing, security, risk, quantification | |||||||||||||
| 資源タイプ | ||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
| 資源タイプ | journal article | |||||||||||||
| 著者所属 | ||||||||||||||
| Nara Institute of Science and Technology | ||||||||||||||
| 著者所属 | ||||||||||||||
| Nara Institute of Science and Technology | ||||||||||||||
| 著者所属 | ||||||||||||||
| Nara Institute of Science and Technology | ||||||||||||||
| 著者所属 | ||||||||||||||
| Nara Institute of Science and Technology | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Nara Institute of Science and Technology | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Nara Institute of Science and Technology | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Nara Institute of Science and Technology | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| Nara Institute of Science and Technology | ||||||||||||||
| 著者名 |
Doudou, Fall
× Doudou, Fall
× Takeshi, Okuda
× Youki, Kadobayashi
× Suguru, Yamaguchi
|
|||||||||||||
| 著者名(英) |
Doudou, Fall
× Doudou, Fall
× Takeshi, Okuda
× Youki, Kadobayashi
× Suguru, Yamaguchi
|
|||||||||||||
| 論文抄録 | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | Cloud computing has revolutionized information technology, in that It allows enterprises and users to lower computing expenses by outsourcing their needs to a cloud service provider. However, despite all the benefits it brings, cloud computing raises several security concerns that have not yet been fully addressed to a satisfactory note. Indeed, by outsourcing its operations, a client surrenders control to the service provider and needs assurance that data is dealt with in an appropriate manner. Furthermore, the most inherent security issue of cloud computing is multi-tenancy. Cloud computing is a shared platform where users' data are hosted in the same physical infrastructure. A malicious user can exploit this fact to steal the data of the users whom he or she is sharing the platform with. To address the aforementioned security issues, we propose a security risk quantification method that will allow users and cloud computing administrators to measure the security level of a given cloud ecosystem. Our risk quantification method is an adaptation of the fault tree analysis, which is a modeling tool that has proven to be highly effective in mission-critical systems. We replaced the faults by the probable vulnerabilities in a cloud system, and with the help of the common vulnerability scoring system, we were able to generate the risk formula. In addition to addressing the previously mentioned issues, we were also able to quantify the security risks of a popular cloud management stack, and propose an architecture where users can evaluate and rank different cloud service providers. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.23(2015) No.4 (online) ------------------------------ |
|||||||||||||
| 論文抄録(英) | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | Cloud computing has revolutionized information technology, in that It allows enterprises and users to lower computing expenses by outsourcing their needs to a cloud service provider. However, despite all the benefits it brings, cloud computing raises several security concerns that have not yet been fully addressed to a satisfactory note. Indeed, by outsourcing its operations, a client surrenders control to the service provider and needs assurance that data is dealt with in an appropriate manner. Furthermore, the most inherent security issue of cloud computing is multi-tenancy. Cloud computing is a shared platform where users' data are hosted in the same physical infrastructure. A malicious user can exploit this fact to steal the data of the users whom he or she is sharing the platform with. To address the aforementioned security issues, we propose a security risk quantification method that will allow users and cloud computing administrators to measure the security level of a given cloud ecosystem. Our risk quantification method is an adaptation of the fault tree analysis, which is a modeling tool that has proven to be highly effective in mission-critical systems. We replaced the faults by the probable vulnerabilities in a cloud system, and with the help of the common vulnerability scoring system, we were able to generate the risk formula. In addition to addressing the previously mentioned issues, we were also able to quantify the security risks of a popular cloud management stack, and propose an architecture where users can evaluate and rank different cloud service providers. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.23(2015) No.4 (online) ------------------------------ |
|||||||||||||
| 書誌レコードID | ||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 56, 号 6, 発行日 2015-06-15 |
|||||||||||||
| ISSN | ||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||
