Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Ubiquitous Networking

UNet 2015: Advances in Ubiquitous Networking pp 155–167Cite as

A New Shared and Comprehensive Tool of Cloud Computing Security Risk Assessment

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 366))

Abstract

The cloud computing is a new trending paradigm that presents several benefits in achieving rapid and scalable resource provisioning capabilities to their users. Despite the fact that cloud computing offers many cost benefits for their cloud users, number of security risk are emerging in association with cloud usage that need to be assessed. Assessing risk in Cloud computing environment remains an open research issue. This paper presents a comprehensive and shared risk assessment method for cloud computing that will add a great help and assistance to both cloud consumers and cloud providers, which is also in compliance with all the specific characteristics of the Cloud Computing. An experimental result will be showed at the end to demonstrate the effectiveness of this new risk assessment model.

This is a preview of subscription content, log in via an institution.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cloud Security Alliance (CSA): Top threats to cloud computing, version 1.0, March 2010. http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

  2. Kaliski Jr., B.S., Pauley, W.: Toward Risk Assessment as a Service in Cloud Environment. EMC Corporation, Hopkinton (2010)

    Google Scholar 

  3. EBIOS, Central Directorate for Information Systems Security, Version 2010 website. http://www.ssi.gouv.fr

  4. Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE), Carnegie Mellon - Software Engineering Institute (1999)

    Google Scholar 

  5. Method Harmonized Risk Analysis (MEHARI) Principles and mechanisms CLUSIF, issue 3, October 2004

    Google Scholar 

  6. Mell, P., Grance, T.: Perspectives on cloud computing and standards. National Institute of Standards and Technology (NIST). Information Technology Laboratory (2009)

    Google Scholar 

  7. CSS, White paper on software and service architectures, Infrastructures and Engineering – Action Paper on the area for the future EU competitiveness: Background information, Version 1.3, vol. 2 (retrieved: 15.08.2010). http://www.euecss.eu/contents/documentation/volume%20two_ECSS%20White%20Paper.pdf

  8. Miller, M.: Cloud computing: Web-based applications that change the way you work and collaborate online. Indianapolis (2008)

    Google Scholar 

  9. Van Scoy, R.L.: Software Development Risk: Opportunity, Not Problem

    Google Scholar 

  10. Farrell, R.: Securing the cloud-governance, risk and compliance issues reign supreme. Information Security Journal: A Global Perspective (2010)

    Google Scholar 

  11. Sayouti, A., Medromi, H.: Les Systèmes Multi-Agents: Application au Contrôle sur Internet, Auteurs Éditions universitaires européennes, Août 2012

    Google Scholar 

  12. Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: The Proceedings of the IEEE 3rd International Conference on Cloud Computing, pp. 280–288 (2010)

    Google Scholar 

  13. Peiyu, L., Dong, L.: The New Risk Assessment Model for Information System in Cloud Computing Environment. Procedia Engineering 15, 3200–3204 (2011)

    Article  Google Scholar 

  14. Xuan, Z., Wuwong, N., et al.: Information security risk management framework for the cloud computing environments. In: 2010 IEEE 10th International Conference on Computer and Information Technology (CIT) (2010)

    Google Scholar 

  15. Sangroya, A., Kumar, S., Dhok, J., Varma, V.: Towards analyzing data security risks in cloud computing environments. In: International Conference on Information Systems, Technology, and Management (ICISTM), Bangkok, Thailand (2010)

    Google Scholar 

  16. Drissi, S., Houmani, H., Medromi, H.: Survey: risk assessment for cloud computing. International Journal of Advanced Computer Science and Applications, pp. 143–148 (2013)

    Google Scholar 

  17. Altuzarra, A., Moreno-Jimnez, J.M., Salvador, M.: A Bayesian prioritization procedure for AHP-group decision making. European Journal of Operational Research 182(1), 367–382 (2007)

    Article  MATH  Google Scholar 

  18. Ramanathan, R., Ganesh, L.S.: Group preference aggregation methods employed in AHP: An evaluation and an intrinsic process for deriving members’ weightages. European Journal of Operational Research 79(2), 249–265 (1994)

    Article  MATH  Google Scholar 

  19. Dyer, R.F., Forman, E.H.: Group decision support with the analytic hierarchy process. Decision Support Systems 8(2), 99–124 (1992)

    Article  Google Scholar 

  20. Lichtenstein, S.: Factors in the selection of a risk assessment method. Information Management & Computer Security 4(4), 20–25 (1996)

    Article  Google Scholar 

  21. Drissi, S., Medromi, H.: A new risk assessment approach for cloud consumer. Journal of Communication and Computer 11, 52–58 (2014)

    Google Scholar 

  22. Free Security Assessment by Trend Micro, Security Assessment Tool

    Google Scholar 

  23. Onwudebelu, U., Chukuka, B.: Will adoption of cloud computing put the enterprise at risk? In: 2012 IEEE 4th International Conference on Adaptive Science & Technology (ICAST), October 25–27, pp. 82–85 (2012)

    Google Scholar 

  24. Security Risk Assessment for Cloud and Web. Cenzic Cloud

    Google Scholar 

  25. SecaaS Category 5 Security Assessments Implementation Guidance. Cloud Security Alliance, September 2012

    Google Scholar 

  26. Fito, J.O., Macias, M., Guitart, J.: Toward business-driven risk management for cloud computing. In: 2010 International Conference on Network and Service Management (CNSM), October 25–29, pp. 238–241 (2010)

    Google Scholar 

  27. Djemame, K., et al.: A risk assessment framework and software toolkit for cloud service ecosystems. In: Cloud Computing 2011, The Second International Conference on Cloud Computing, GRIDs, and Virtualization (2011)

    Google Scholar 

  28. Tanimoto, S., Hiramoto, M., Iwashita, M., Sato, H., Kanai, A.: Risk management on the security problem in cloud computing. In: 2011 First ACIS/JNU International Conference on Computers Networks, Systems and Industrial Engineering (CNSI), May 23–25, pp. 147–152 (2011)

    Google Scholar 

  29. Leitold, F., Hadarics, K.: Measuring security risk in the cloud-enabled enterprise. In: 2012 7th International Conference on Malicious and Unwanted Software (MALWARE), October 16–18, pp. 62–66 (2012)

    Google Scholar 

  30. Zhang, J., Sun, D., Zhai, D.: A research on the indicator system of cloud computing security risk assessment. In: 2012 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (ICQR2MSE), June 15–18, pp. 121–123 (2012)

    Google Scholar 

  31. Chandran, S., Angepat, M.: Cloud computing: analyzing the risk involved in cloud computing environments. In: Proceedings of Natural Sciences and Engineering, Sweden, pp. 2–4 (2010)

    Google Scholar 

  32. Cloud Security Alliance, Cloud Control Matri, September 26, 2013

    Google Scholar 

  33. Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, risks and recommendations or information security. ENISA (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National High School of Electricity and Mechanics, ENSEM, 8118, Casablanca, Morocco

    Saadia Drissi, Siham Benhadou & Hicham Medromi

Authors
  1. Saadia Drissi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Siham Benhadou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hicham Medromi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saadia Drissi .

Editor information

Editors and Affiliations

  1. Hassan II University of Casablanca, ENSEM Hassan II University of Casablanca, Oasis – Casablanca, Morocco

    Essaïd Sabir

  2. Ecole Nationale Supérieure d'Electricité et de Mécanique, Université Hassan II – Casablanca, Casablanca, Morocco

    Hicham Medromi

  3. Ecole Nationale Supérieure d'Electricité et de Mécanique, Université Hassan II – Casablanca, Casablanca, Morocco

    Mohamed Sadik

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Science+Business Media Singapore

About this paper

Cite this paper

Drissi, S., Benhadou, S., Medromi, H. (2016). A New Shared and Comprehensive Tool of Cloud Computing Security Risk Assessment. In: Sabir, E., Medromi, H., Sadik, M. (eds) Advances in Ubiquitous Networking. UNet 2015. Lecture Notes in Electrical Engineering, vol 366. Springer, Singapore. https://doi.org/10.1007/978-981-287-990-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-981-287-990-5_13

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-287-989-9

  • Online ISBN: 978-981-287-990-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation