A Hierarchical Security-Auditing Methodology for Cloud Computing

Security concerns are frequently mentioned among the reasons why organizations hesitate to adopt cloud computing. Given the numerous choices of cloud-resource providers, clients often find it difficult to assess their relative advantages and shortcomings with respect to security, which may prevent them from making any choice. In this paper, we describe our methodology for a hierarchical security-audit method for cloud-computing services. Our method examines the overall security of the cloud offering, based on the examination of a comprehensive set of security concerns at the IaaS, PaaS, and SaaS layers. For each layer, relevant evidence regarding its security is collected and subsequently synthesized into an overall security score. We illustrate our method through a case study, examining the relative security merits of the Google Cloud and the Microsoft Azure Cloud.

[1]  Thomas L. Saaty,et al.  How to Make a Decision: The Analytic Hierarchy Process , 1990 .

[2]  Harkeerat Singh Bedi,et al.  Evaluating security and privacy in cloud computing services: A Stakeholder's perspective , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[3]  Sasko Ristov,et al.  Security evaluation of open source clouds , 2013, Eurocon 2013.

[4]  M Hasan Islam,et al.  Cloud computing security auditing , 2011, The 2nd International Conference on Next Generation Information Technology.

[5]  Eduardo B. Fernandez,et al.  Two patterns for cloud computing: secure virtual machine image repository and cloud policy management point , 2013 .

[6]  R Ramanathan,et al.  A note on the use of the analytic hierarchy process for environmental impact assessment. , 2001, Journal of environmental management.

[7]  Jiann-Min Yang,et al.  Analysis on Cloud-Based Security Vulnerability Assessment , 2010, 2010 IEEE 7th International Conference on E-Business Engineering.

[8]  H. Zimmermann,et al.  Fuzzy Set Theory and Its Applications , 1993 .

[9]  Farokh B. Bastani,et al.  Evaluation and Comparisons of Dependable Distributed Storage Designs for Clouds , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.

[10]  Marc Roubens,et al.  Multiple criteria decision making , 1994 .

[11]  Thomas L. Saaty What is the analytic hierarchy process , 1988 .

[12]  Zhi Xue,et al.  Research on security evaluation of cloud computing based on attack graph , 2012, 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems.

[13]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[14]  Rajkumar Buyya,et al.  A framework for ranking of cloud computing services , 2013, Future Gener. Comput. Syst..

[15]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[16]  Issa M. Khalil,et al.  Security Concerns in Cloud Computing , 2013, 2013 10th International Conference on Information Technology: New Generations.

[17]  Guy Ngongang Cloud Computing Security , 2011 .

[18]  Abhinav Mishra,et al.  Cloud computing security considerations , 2011, 2011 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC).

[19]  Ming Zhong,et al.  Using Multi-level Fuzzy Comprehensive Evaluation to Assess Reservoir Induced Seismic Risk , 2011, J. Comput..

[20]  Mohammed El Ghazi,et al.  Cloud computing: Security challenges , 2012, 2012 Colloquium in Information Science and Technology.

[21]  M. Bohanec,et al.  The Analytic Hierarchy Process , 2004 .

[22]  Kevin Curran,et al.  Cloud Computing Security , 2011, Int. J. Ambient Comput. Intell..