A Multi-Dimensional Mean Failure Cost Model to Enhance Security of Cloud Computing Systems

A Multi-Dimensional Mean Failure Cost Model to Enhance Security of Cloud Computing Systems

Mouna Jouini (Laboratoire SOIE, Institut Supérieur de Gestion, Tunis, Tunisia) and Latifa Ben Arfa Rabai (Laboratoire SOIE, Institut Supérieur de Gestion, Tunis, Tunisia)
DOI: 10.4018/IJERTCS.2016070101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Cloud computing technology is a relatively new concept of offering reliable and virtualized resources, software and hardware on demand to users. It presents a new technology to deliver computing resources as a service. It allows several benefits for example services on demand, provisioning, shared resources and pay per use and suffers from several challenges. In fact, security presents a major obstacle in cloud computing adoption. In this paper, the authors will deal with security problems in cloud computing systems and estimate security breaches using a quantitative security risk assessment model. Finally, the authors use this quantitative model to solve these problems in cloud environments.
Article Preview

1. Introduction

Cloud Computing (CC) is an emerging technology which recently has shown significant attention lately in the word. It has several advantages like pay per use, resource pooling and scalability. The National Institute of Standard and Technology (NIST) definition defines cloud computing as a paradigm for enabling useful, on-demand network access to a shared pool of configurable computing resources (Mell & Grance, 2010; Shrivastava & Bhilare, 2015). It offers several services presented in three models: Software as Service (SaaS), Platform as Service (PaaS), and Infrastructure as Service (IaaS). Software as Service (SaaS) provides applications or software to end users, Platform as Service (PaaS) provides access to platforms and Infrastructure as Service (IaaS) offers processing storage service.

Cloud Computing offers many advantages. However, the biggest challenge in cloud computing is the security and privacy problems caused by its multi-tenancy nature and the outsourcing of infrastructure, sensitive data and critical applications which causes serious consequences (Sun, Zhang, Xiong, & Zhu, 2014; Kushwah & Saxena, 2013; Kushwah & Saxena, 2013; Youssef & Alageel, 2012; Aljawarneh & Bani Yassein, 2016; Mell & Grance, 2010; Ben Arfa Rabai, Jouini, Ben Aissa & Mili, 2012; Jouini, Ben Arfa Rabai, Ben Aissa & Mili, 2012; Ben Arfa Rabai, Jouini, Ben Aissa & Mili, 2013; Jouini, Ben Arfa Rabai & Ben Aissa, 2014; Sampathkumar, 2015; Shrivastava & Bhilare, 2015; Jakimoski, 2016). In fact, According to survey conducted by International Data Group (IDG) enterprise in 2014 (IDG Cloud Computing Survey, 2014), security is deeply the top concern for cloud computing. In fact, up from 61% in 2014, and higher among finance organizations (78%), 67% of organizations have concerns about the security of Cloud Computing solutions. The additional challenges are not even on the same playing field for tech decision-makers; only 43% are concerned with integration, followed by the ability of cloud solutions to meet enterprise and/or industry standards (35%) (IDG Cloud Computing Survey, 2014). Given their high security concerns, organizations are integrating strategies and tools (like cloud management and monitoring tools, and cloud security management tools) to lessen these challenges over the next 12 months.

In this paper, we show the use of a quantitative security risk analysis model to estimate security breaches for Cloud Computing systems by considering new threats perspectives. Then, we will show how to solve security problems in Cloud Computing systems using a quantitative security risk assessment model. We aim to present a generic framework that evaluate firstly cloud security by identifying unique security requirements, secondly to identify architectural components affected by this risk, thirdly to make out security threats that damage these components and finally to attempt to present viable solutions that eliminates these potential threats.

The remainder of this paper is organized as follows. Section 2 presents related work. Section 3 presents security challenges in Cloud Computing environments. Section 4 defines the Multi-dimensional Mean Failure Cost model (M2FC) and illustrates its use to quantify security risk on a practical case study. Section 5 presents our security framework that solves security problems in CC in a quantitative way. Finally, conclusions and a direction for future work are given in section 6.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 2 Issues (2017)
Volume 7: 2 Issues (2016)
Volume 6: 2 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing