FRiCS: A Framework for Risk-driven Cloud Selection

Our devices and interactions in a world where physical and digital realities are more and more blended, generate a continuum of multimedia data that needs to be stored, shared and processed to provide services that enrich our daily lives. Cloud computing plays a key role in these tasks, dissolving resource allocation and computational boundaries, but it also requires advanced security mechanisms to protect the data and provide privacy guarantees. Therefore, security assurance must be evaluated before offloading tasks to a cloud provider, a process which is currently manual, complex and inadequate for dynamic scenarios. However, though there are many tools for evaluating cloud providers according to quality of service criteria, automated categorization and selection based on risk metrics is still challenging. To address this gap, we present FRiCS, a Framework for Risk-driven Cloud Selection, which contributes with: 1) a set of cloud security metrics and risk-based weighting policies, 2) distributed components for metric extraction and aggregation, and 3) decision-making plugins for ranking and selection. We have implemented the whole system and conducted a case-study validation based on public cloud providers' security data, showing the benefits of the proposed approach.

[1]  M. Brunelli Introduction to the Analytic Hierarchy Process , 2014 .

[2]  Xiaowei Yang,et al.  CloudCmp: comparing public cloud providers , 2010, IMC '10.

[3]  Neeraj Suri,et al.  Quantitative Reasoning about Cloud Security Using Service Level Agreements , 2017, IEEE Transactions on Cloud Computing.

[4]  Victor I. Chang,et al.  A cybersecurity framework to identify malicious edge device in fog computing and cloud-of-things environments , 2018, Comput. Secur..

[5]  Andrés Marín López,et al.  A Metric-Based Approach to Assess Risk for “On Cloud” Federated Identity Management , 2012, Journal of Network and Systems Management.

[6]  Rajkumar Buyya,et al.  2011 Fourth IEEE International Conference on Utility and Cloud Computing SMICloud: A Framework for Comparing and Ranking Cloud Services , 2022 .

[7]  Wayne A. Jansen,et al.  Directions in Security Metrics Research , 2009 .

[8]  Frank Teuteberg,et al.  Decision-making in cloud computing environments: A cost and risk based approach , 2011, Information Systems Frontiers.

[9]  Christian Esposito,et al.  Smart Cloud Storage Service Selection Based on Fuzzy Logic, Theory of Evidence and Game Theory , 2016, IEEE Transactions on Computers.

[10]  Jolene Galegher,et al.  The Health Insurance Portability and Accountability Act Privacy Rule: A Practical Guide for Researchers , 2004, Medical care.

[11]  Raja Lavanya,et al.  Fog Computing and Its Role in the Internet of Things , 2019, Advances in Computer and Electrical Engineering.

[12]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[13]  Neeraj Suri,et al.  Novel efficient techniques for real-time cloud security assessment , 2016, Comput. Secur..

[14]  Yod Samuel Martín García,et al.  Quantitative assessment and comparison of cloud service providers' privacy practices , 2015 .

[15]  R. L. Keeney,et al.  Decisions with Multiple Objectives: Preferences and Value Trade-Offs , 1977, IEEE Transactions on Systems, Man, and Cybernetics.

[16]  Cesare Pautasso,et al.  RESTful web services: principles, patterns, emerging technologies , 2010, WWW '10.

[17]  Thomas L. Saaty,et al.  How to Make a Decision: The Analytic Hierarchy Process , 1990 .

[18]  Cesare Pautasso,et al.  RESTful Web Services: Principles, Patterns and Emerging Technologies , 2013 .

[19]  Eva Ocelíková,et al.  Multi-criteria decision making methods , 2005 .

[20]  Elizabeth Chang,et al.  Cloud service selection: State-of-the-art and future research directions , 2014, J. Netw. Comput. Appl..

[21]  Samson W. Tu,et al.  Protégé-2000: An Open-Source Ontology-Development and Knowledge-Acquisition Environment: AMIA 2003 Open Source Expo , 2003, AMIA.

[22]  Muthu Ramachandran,et al.  Cloud Computing Adoption Framework – a security framework for business clouds , 2015 .

[23]  Neeraj Suri,et al.  AHP-Based Quantitative Approach for Assessing and Comparing Cloud Security , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[24]  Evangelos Triantaphyllou,et al.  Multi-criteria Decision Making Methods: A Comparative Study , 2000 .

[25]  Jose Romero-Mariona,et al.  An Approach to Organizational Cybersecurity , 2015, ES.

[26]  Alessio Ishizaka,et al.  Multi-criteria Decision Analysis: Methods and Software , 2013 .

[27]  Gang Sun,et al.  The framework and algorithm for preserving user trajectory while using location-based services in IoT-cloud systems , 2017, Cluster Computing.