Advertisement

Analysis and Vulnerability Assessment of Various Models and Frameworks in Cloud Computing

  • Narendra MishraEmail author
  • R. K. Singh
  • Sumit Kumar Yadav
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 612)

Abstract

Cloud Computing is a technology which provides us a convenient way of an on-demand network-based access to available shared pools of pre configurable system resources and higher-level services. The increasing data breaches demand security assurance inside the cloud computing system. In this research work we have studied different types of tools/models available for cloud computing accordingly we proposed a vulnerability assessment framework/process for Cloud computing system based on the Common Vulnerability Scoring System, i.e., CVSS 2.0 or 3.0 which generated or published by the NVD at regular interval. Since the proposed model/process is built with the progressive security automation protocols for Cloud computing, it has the capability of automobilists and interoperability with the other existing applications and models and also has the capabilities to address all the prospective cloud vulnerabilities which are still not identified. The proposed model/process addresses the vulnerability issues on the basis of CVSS which provides the new dimensions for effective handling of unknown vulnerabilities.

Keywords

Framework CVSS 2.0 CVSS 3.0 component Styling CVE NVD 

References

  1. 1.
    Jomina J, Norman J (2019) Major vulnerabilities and their prevention methods in cloud computing. Advances in big data and cloud computing. Springer, Singapore, pp 11–26Google Scholar
  2. 2.
    Nabeel, K, Al-Yasiri A (2018) Cloud security threats and techniques to strengthen cloud computing adoption framework. In: Cyber security and threats: concepts, methodologies, tools, and applications. IGI Global, pp 268–285Google Scholar
  3. 3.
    Suryateja PS (2018) Threats and vulnerabilities of cloud computing: a review. Int J Comput Sci Eng 6(3):297–302Google Scholar
  4. 4.
    Aljawarneh Shadi A, Alawneh Ali, Jaradat Reem (2017) Cloud security engineering: early stages of SDLC. Future Gener Comput Syst 74:385–392CrossRefGoogle Scholar
  5. 5.
    Coppolino L et al (2017) Cloud security: emerging threats and current solutions. Comput Electr Eng 59:126–140CrossRefGoogle Scholar
  6. 6.
    National Vulnerability Database (2017) NIST. http://nvd.nist.gov/
  7. 7.
    Su Z, Ou X, Caragea D (2015) Predicting cyber risks through national vulnerability database. Inf Secur J Glob Perspect 24(4–6):194–206Google Scholar
  8. 8.
    Ab Rahman NH, Choo K-KR (2015) A survey of information security incident handling in the cloud. Comput Secur 49:45–69CrossRefGoogle Scholar
  9. 9.
    Haimes YY et al (2015) Assessing systemic risk to cloud? Computing technology as complex interconnected systems of systems. Syst Eng 18(3):284–299CrossRefGoogle Scholar
  10. 10.
  11. 11.
    Patrick K et al (2013) Vulcan: vulnerability assessment framework for cloud computing. In: 2013 IEEE 7th international conference on software security and reliability (SERE). IEEEGoogle Scholar
  12. 12.
    Chou T-S (2013) Security threats on cloud computing vulnerabilities. Int J Comput Sci Inf Technol 5(3):79Google Scholar
  13. 13.
    Kotikela S, Kavi K, Gomathisankaran M (2012) Vulnerability assessment in cloud computing. In: Daimi K, Arabnia HR (eds) The 2012 international conference on security & management (SAM 2012). WORLDCOMP 2012, 16–19 July 2012. CSREA Press, Las Vegas, pp 67–73Google Scholar
  14. 14.
    von Laszewski G, Diaz J, Wang F, Fox G: Comparison of multiple cloud frameworks. In: 2012 IEEE 5th international conference on cloud computing (CLOUD), June 2012, pp 734–741Google Scholar
  15. 15.
    Mohamed A, Grundy J, Müller I (2016) An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107
  16. 16.
    Joh HC, Malaiya YK (2011) Defining and assessing quantitative security risk measures using vulnerability lifecycle and CVSS metrics. In: The 2011 international conference on security and management (SAM)Google Scholar
  17. 17.
    Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Priv 9(2):50–57CrossRefGoogle Scholar
  18. 18.
    Poolsappasit Nayot, Dewri Rinku, Ray Indrajit (2012) Dynamic security risk management using bayesian attack graphs. IEEE Trans Dependable Secure Comput 9(1):61–74CrossRefGoogle Scholar
  19. 19.
    Jianchun J et al (2012) VRank: a context-aware approach to vulnerability scoring and ranking in SOA. 2012 IEEE sixth international conference on software security and reliability (SERE). IEEEGoogle Scholar
  20. 20.
    Shubhashis S, Kaulgud V, Sharma VS (2011) Cloud computing security–trends and research directions. In: 2011 IEEE world congress on services. IEEEGoogle Scholar
  21. 21.
    Laurent G (2011) Vulnerability discrimination using CVSS framework. In: 2011 4th IFIP international conference on new technologies, mobility and security (NTMS). IEEEGoogle Scholar
  22. 22.
    Shaikh FB, Haider S (2011) Security threats in cloud computing. In: 2011 international conference for internet technology and secured transactions (ICITST). IEEEGoogle Scholar
  23. 23.
    Li HC, Liang PH, Yang JM, Chen SJ (2010) Analysis on cloud-based security vulnerability assessment. In: IEEE international conference on E-business engineering, pp 490–494, Nov 2010Google Scholar
  24. 24.
    Al-Mosry M et al (2010) An analysis of the cloud computing security problem. In: Applied security (Appsec) 2010 cloud workshopGoogle Scholar
  25. 25.
    Wang W, Chung WY, Rashid A, Chuang H-M (2011) Toward the trend of cloud computing. J Electron Commer Res 12(4):238Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Narendra Mishra
    • 1
    Email author
  • R. K. Singh
    • 1
  • Sumit Kumar Yadav
    • 1
  1. 1.IGDTUWNew DelhiIndia

Personalised recommendations