Abstract
Cloud Computing is a technology which provides us a convenient way of an on-demand network-based access to available shared pools of pre configurable system resources and higher-level services. The increasing data breaches demand security assurance inside the cloud computing system. In this research work we have studied different types of tools/models available for cloud computing accordingly we proposed a vulnerability assessment framework/process for Cloud computing system based on the Common Vulnerability Scoring System, i.e., CVSS 2.0 or 3.0 which generated or published by the NVD at regular interval. Since the proposed model/process is built with the progressive security automation protocols for Cloud computing, it has the capability of automobilists and interoperability with the other existing applications and models and also has the capabilities to address all the prospective cloud vulnerabilities which are still not identified. The proposed model/process addresses the vulnerability issues on the basis of CVSS which provides the new dimensions for effective handling of unknown vulnerabilities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jomina J, Norman J (2019) Major vulnerabilities and their prevention methods in cloud computing. Advances in big data and cloud computing. Springer, Singapore, pp 11–26
Nabeel, K, Al-Yasiri A (2018) Cloud security threats and techniques to strengthen cloud computing adoption framework. In: Cyber security and threats: concepts, methodologies, tools, and applications. IGI Global, pp 268–285
Suryateja PS (2018) Threats and vulnerabilities of cloud computing: a review. Int J Comput Sci Eng 6(3):297–302
Aljawarneh Shadi A, Alawneh Ali, Jaradat Reem (2017) Cloud security engineering: early stages of SDLC. Future Gener Comput Syst 74:385–392
Coppolino L et al (2017) Cloud security: emerging threats and current solutions. Comput Electr Eng 59:126–140
National Vulnerability Database (2017) NIST. http://nvd.nist.gov/
Su Z, Ou X, Caragea D (2015) Predicting cyber risks through national vulnerability database. Inf Secur J Glob Perspect 24(4–6):194–206
Ab Rahman NH, Choo K-KR (2015) A survey of information security incident handling in the cloud. Comput Secur 49:45–69
Haimes YY et al (2015) Assessing systemic risk to cloud? Computing technology as complex interconnected systems of systems. Syst Eng 18(3):284–299
Patrick K et al (2013) Vulcan: vulnerability assessment framework for cloud computing. In: 2013 IEEE 7th international conference on software security and reliability (SERE). IEEE
Chou T-S (2013) Security threats on cloud computing vulnerabilities. Int J Comput Sci Inf Technol 5(3):79
Kotikela S, Kavi K, Gomathisankaran M (2012) Vulnerability assessment in cloud computing. In: Daimi K, Arabnia HR (eds) The 2012 international conference on security & management (SAM 2012). WORLDCOMP 2012, 16–19 July 2012. CSREA Press, Las Vegas, pp 67–73
von Laszewski G, Diaz J, Wang F, Fox G: Comparison of multiple cloud frameworks. In: 2012 IEEE 5th international conference on cloud computing (CLOUD), June 2012, pp 734–741
Mohamed A, Grundy J, Müller I (2016) An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107
Joh HC, Malaiya YK (2011) Defining and assessing quantitative security risk measures using vulnerability lifecycle and CVSS metrics. In: The 2011 international conference on security and management (SAM)
Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Priv 9(2):50–57
Poolsappasit Nayot, Dewri Rinku, Ray Indrajit (2012) Dynamic security risk management using bayesian attack graphs. IEEE Trans Dependable Secure Comput 9(1):61–74
Jianchun J et al (2012) VRank: a context-aware approach to vulnerability scoring and ranking in SOA. 2012 IEEE sixth international conference on software security and reliability (SERE). IEEE
Shubhashis S, Kaulgud V, Sharma VS (2011) Cloud computing security–trends and research directions. In: 2011 IEEE world congress on services. IEEE
Laurent G (2011) Vulnerability discrimination using CVSS framework. In: 2011 4th IFIP international conference on new technologies, mobility and security (NTMS). IEEE
Shaikh FB, Haider S (2011) Security threats in cloud computing. In: 2011 international conference for internet technology and secured transactions (ICITST). IEEE
Li HC, Liang PH, Yang JM, Chen SJ (2010) Analysis on cloud-based security vulnerability assessment. In: IEEE international conference on E-business engineering, pp 490–494, Nov 2010
Al-Mosry M et al (2010) An analysis of the cloud computing security problem. In: Applied security (Appsec) 2010 cloud workshop
Wang W, Chung WY, Rashid A, Chuang H-M (2011) Toward the trend of cloud computing. J Electron Commer Res 12(4):238
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Mishra, N., Singh, R.K., Yadav, S.K. (2020). Analysis and Vulnerability Assessment of Various Models and Frameworks in Cloud Computing. In: Jain, V., Chaudhary, G., Taplamacioglu, M., Agarwal, M. (eds) Advances in Data Sciences, Security and Applications. Lecture Notes in Electrical Engineering, vol 612. Springer, Singapore. https://doi.org/10.1007/978-981-15-0372-6_33
Download citation
DOI: https://doi.org/10.1007/978-981-15-0372-6_33
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0371-9
Online ISBN: 978-981-15-0372-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)