26 research outputs found
Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts
Cloud computing is without a doubt one of the most significant innovations presented in the
global technological map. This new generation of technology has the potential to positively
change our lives since on the one hand it provides capabilities that make our digital lives
much easier, than before, while on the other hand it assists developers in creating services
that can be disseminated easier and faster, than before, and with significantly less cost.
However, one of the major research challenges for the successful deployment of cloud
services is a clear understanding of security and privacy issues on a cloud environment, since
the cloud architecture has dissimilarities comparing to the traditional distributed systems.
Such differences might introduce new threats and require different treatment of security and
privacy issues. Nevertheless, current security and privacy requirements engineering
techniques and methodologies have not been developed with cloud computing in mind and
fail to capture the unique characteristics of such domain. It is therefore important to
understand security and privacy within the context of cloud computing and identify relevant
security and privacy properties and threats that will support techniques and methodologies
aimed to analyze and design secure cloud based systems. The contribution of this paper to the
literature is two-fold. Firstly, it provides a clear linkage between a set of critical cloud
computing areas with security and privacy threats and properties. Secondly, it introduces a
number of requirements for analysis and design methodologies to consider for security and
privacy concerns in the cloud
Cloud Computing, Sustainability, and Risk
Cloud computing is considered a growing trend in the information and communication technology (ICT) industry, and, of course, risk issues of leveraging this computing model are still in focus. In this chapter, we develop a novel quantitative model for cloud security risk management regarding optimal cloud risk appetite. We focus most on determining cloud risk appetite, which must be considered in advance to make an applicable enterprise risk management (ERM) and to make any plan regarding strategic risk mitigation. In this approach, we mention primarily some of the main risk examples in terms of cloud architecture layers and the developing optimization model of cloud risk appetite. We use a risk map that indicates the severity of each individual risk, Confidentiality, Integrity, Availability (CIA) as risk constraints and evaluation criteria, and linear programming for final fuzzy optimization calculation to gain risk acceptance amount for a given organization in regard to each cloud’s predefined risk. Finally, the applicability and effectiveness of our model is demonstrated through a case study
Risk perception and risk management in cloud computing: Results from a case study of Swiss companies
Tool-based risk assessment of cloud infrastructures as socio-technical systems
Assessing risk in cloud infrastructures is difficult. Typical cloud infrastructures contain potentially thousands of nodes that are highly interconnected and dynamic. Another important component is the set of human actors who get access to data and computing infrastructure. The cloud infrastructure therefore constitutes a socio-technical system. Attacks on socio-technical systems are still mostly identified through expert brainstorming. However, formal risk assessment for systems including human actors requires modeling human behavior, which is difficult at best. In this chapter, we present a modeling exercise for cloud infrastructures using the socio-technical model developed in the TRESPASS project; after showing how to model typical components of a cloud infrastructure, we show how attacks are identified on this model and discuss their connection to risk assessment. The technical part of the model is extracted automatically from the configuration of the cloud infrastructure, which is especially important for systems so dynamic and complex