A Review of Security Risk Assessment Methods in Cloud Computing

Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 275)


The Cloud computing is a major technological trend that continues to evolve and flourish. It has potential benefits in achieving rapid and scalable resource provisioning capabilities as well as resource sharing. However, a number of security risk are emerging in association with cloud usage that need to be assessed before cloud computing is adopted. This paper presents a review of the security risk assessment methods in cloud computing. The paper aims to summarize, organize and classify the information available in the literature to identify any gaps in current research then suggest areas for further investigation. At the end, the paper suggests to have a collaborative security risk assessment method that will add great assistance to both service providers and consumers.


Cloud computing security security risk risk analysis risk assessment threat analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chandran, S., Angepat, M.: Cloud Computing: Analyzing the risk involved in cloud computing environments. In: Proceedings of Natural Sciences and Engineering, Sweden, pp. 2–4 (2010)Google Scholar
  2. 2.
    Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing - UPDATED (February 14, 2011)Google Scholar
  3. 3.
    Cloud Security Alliance, Security guidance for cloud computing. United States: Cloud Security Alliance Guidance (2009)Google Scholar
  4. 4.
    Djemame, K., et al.: A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems. In: Cloud Computing 2011, The Second International Conference on Cloud Computing, GRIDs, and Virtualization (2011)Google Scholar
  5. 5.
    Verdon, D., McGraw, G.: Risk Analysis in Software Design. IEEE Security and Privacy, 79–84 (2004)Google Scholar
  6. 6.
    ENISA, Cloud computing: benefits, risk and recommendations for information securityGoogle Scholar
  7. 7.
    Zhang, J., Sun, D., Zhai, D.: A research on the indicator system of Cloud Computing Security Risk Assessment. In: 2012 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (ICQR2MSE), June 15-18, pp. 121–123 (2012)Google Scholar
  8. 8.
    Johnson, B., Qu, Y.: A Holistic Model for Making Cloud Migration Decision: A Consideration of Security, Architecture and Business Economics. In: 2012 IEEE 10th International Symposium on Parallel and Distributed Processing with Applications (ISPA), July 10-13, pp. 435–441 (2012)Google Scholar
  9. 9.
    Hale, M.L., Gamble, R.: SecAgreement: Advancing Security Risk Calculations in Cloud Services. In: 2012 IEEE Eighth World Congress on Services (SERVICES), June 24-29, pp. 133–140 (2012)Google Scholar
  10. 10.
    Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. Journal of Internet Services and Applications (2013)Google Scholar
  11. 11.
    Kaliski Jr., B.S., Pauley, W.: Toward risk assessment as a service in cloud environments. In: Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, USENIX Association (2010)Google Scholar
  12. 12.
    Khan, A.U., Oriol, M., Kiran, M., Jiang, M., Djemame, K.: Security risk and their management in cloud computing. In: 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), December 3-6, pp. 121–128 (2012)Google Scholar
  13. 13.
    Kiran, M., Jiang, M., Armstrong, D.J., Djemame, K.: Towards a Service Lifecycle Based Methodology for Risk Assessment in Cloud Computing. In: 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing (DASC), December 12-14, pp. 449–456 (2011)Google Scholar
  14. 14.
    Free Security Assessment by Trend Micro, Security Assessment ToolGoogle Scholar
  15. 15.
    Leitold, F., Hadarics, K.: Measuring security risk in the cloud-enabled enterprise. In: 2012 7th International Conference on Malicious and Unwanted Software (MALWARE), October 16-18, pp. 62–66 (2012)Google Scholar
  16. 16.
    Lim, C., Suparman, A.: Risk analysis and comparative study of the different cloud computing providers in Indonesia. In: 2012 International Conference on Cloud Computing and Social Networking (ICCCSN). IEEE (2012)Google Scholar
  17. 17.
    Luna, J., et al.: A security metrics framework for the cloud. In: Proc. of Security and Cryptography, pp. 245–250 (2011)Google Scholar
  18. 18.
    Okuhara, M., Shiozaki, T., Suzuki, T.: Security Architecture for Cloud Computing. Fujitsu Sci. Tech. J. 46(4), 397–402 (2010)Google Scholar
  19. 19.
    Onwudebelu, U., Chukuka, B.: Will adoption of cloud computing put the enterprise at risk? In: 2012 IEEE 4th International Conference on Adaptive Science & Technology (ICAST), October 25-27, pp. 82–85 (2012)Google Scholar
  20. 20.
    Peiyu, L.I.U., Don, L.I.U.: he new risk assessment model for information system in cloud computing environment. Procedia Engineering 15, 3200–3204 (2011)CrossRefGoogle Scholar
  21. 21.
    Wang, P., Lin, W.-H., Kuo, P.-T., Lin, H.-T., Wang, T.C.: Threat risk analysis for cloud security based on Attack-Defense Trees. In: 2012 8th International Conference on Computing Technology and Information Management (ICCM), April 24-26, pp. 106–111 (2012)Google Scholar
  22. 22.
    Saripalli, P., Walters, B.: QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security. In: 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD), July 5-10, pp. 280–288 (2010)Google Scholar
  23. 23.
    Tanimoto, S., Hiramoto, M., Iwashita, M., Sato, H., Kanai, A.: Risk Management on the Security Problem in Cloud Computing. In: 2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering (CNSI), May 23-25, pp. 147–152 (2011)Google Scholar
  24. 24.
    Zhang, X., Wuwong, N., Li, H., Zhang, X.: Information Security Risk Management Framework for the Cloud Computing Environments. In: 2010 IEEE 10th International Conference on Computer and Information Technology (CIT), pp. 1328–1334 (June 29, 2010)Google Scholar
  25. 25.
    Zech, P., Felderer, M., Breu, R.: Cloud risk analysis by textual models. In: Proceedings of the 1st International Workshop on Model-Driven Engineering for High Performance and Cloud Computing. ACM (2012)Google Scholar
  26. 26.
    Cloud Security Alliance, Cloud Control Matrix (September 26, 2013)Google Scholar
  27. 27.
    Cloud Security Alliance, GRC Stack an Integrated Suite of Four Initiatives (2011)Google Scholar
  28. 28.
    CSA Security, Trust & Assurance Registry (STAR). Cloud Security AllianceGoogle Scholar
  29. 29.
    Security Risk Assessment for Cloud and Web. Cenzic CloudGoogle Scholar
  30. 30.
    Fito, J.O., Macias, M., Guitart, J.: Toward business-driven risk management for Cloud computing. In: 2010 International Conference on Network and Service Management (CNSM), October 25-29, pp. 238–241 (2010)Google Scholar
  31. 31.
    SecaaS Category 5 Security Assessments Implementation Guidance. Cloud Security Alliance (September 2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.College of Computer & Information SystemKing Saud UniversityRiyadhSaudi Arabia

Personalised recommendations