Security Quantification of Complex Attacks in Infrastructure as a Service Cloud Computing

It is a truism to single out the inherent security issues of cloud computing as the main hurdle to its adoption. Particularly, infrastructure clouds are composed of multiple components and applications where vulnerabilities are regularly discovered. We propose a probabilistic security quantification method, which allows quantifying the security level of a given Infrastructure as a Service cloud environment. We translate the vulnerable IaaS environment into a vulnerability tree that we built basing on fault tree analysis, which is a well established modeling tool. The analysis of the vulnerability tree leads us to the security quantification formula.

[1]  Wei Xie,et al.  Security and Privacy in Cloud Computing: A Survey , 2010, 2010 Sixth International Conference on Semantics, Knowledge and Grids.

[2]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[3]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[4]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[5]  Luis Miguel Vaquero Gonzalez,et al.  Locking the sky: a survey on IaaS cloud security , 2010, Computing.

[6]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[7]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.