nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

A Predictive Model for Risk and Trust Assessment in Cloud Computing: Taxonomy and Analysis for Attack Pattern Detection

verfasst von : Alexandros Chrysikos, Stephen McGuire

Erschienen in: Guide to Vulnerability Analysis for Computer Networks and Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Cloud computing environments consist of many entities that have different roles, such as provider and customer, and multiple interactions amongst them. Trust is an essential element to develop confidence-based relationships amongst the various components in such a diverse environment. The current chapter presents the taxonomy of trust models and classification of information sources for trust assessment. Furthermore, it presents the taxonomy of risk factors in cloud computing environment. It analyses further the existing approaches and portrays the potential of enhancing trust development by merging trust assessment and risk assessment methodologies. The aim of the proposed solution is to combine information sources collected from various trust and risk assessment systems deployed in cloud services, with data related to attack patterns. Specifically, the approach suggests a new qualitative solution that could analyse each symptom, indicator, and vulnerability in order to detect the impact and likelihood of attacks directed at cloud computing environments. Therefore, possible implementation of the proposed framework might help to minimise false positive alarms, as well as to improve performance and security, in the cloud computing environment.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Vulnerability Assessment of Cyber Security for SCADA Systems

Nächstes Kapitel AI- and Metrics-Based Vulnerability-Centric Cyber Security Assessment and Countermeasure Selection

Dillon T, Wu C, Chang E (2010) Cloud computing: issues and challenges. In: 2010 24th IEEE international conference on advanced information networking and applications (AINA). Ieee, pp C27–33

Noor, T.H., Sheng, Q.Z., Zeadally, S., Yu, J.: Trust management of services in cloud environments: obstacles and solutions. ACM Comput Surv (CSUR) 46(1), 12 (2013)CrossRef

Abbadi IM, Martin A (2011) Trust in the cloud. information security technical report 16(3–4):108–114

Habib SM, Ries S, Muhlhauser M (2010) Cloud computing landscape and research challenges regarding trust and reputation. In: 2010 7th international conference on ubiquitous intelligence & computing and 7th international conference on autonomic & trusted computing (UIC/ATC). IEEE, pp 410–415

Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. IEEE Secur Priv 9(2), 50–57 (2011)CrossRef

Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. J Syst Softw 86(9), 2276–2293 (2013)CrossRef

Heydari, A., Tavakoli, M.A., Riazi, M.: An overview of public cloud security issues. Int J Manag Excell 3(2), 440–445 (2014)CrossRef

Catteddu D (2010) Cloud computing: benefits, risks and recommendations for information security. In: Web application security. Springer, pp 17–17

Islam, S., Fenz, S., Weippl, E., Kalloniatis, C.: Migration goals and risk management in cloud computing: a review of state of the art and survey results on practitioners. Int J Secur Softw Eng (IJSSE) 7(3), 44–73 (2016)CrossRef

10.

Trappey, A.J., Trappey, C.V., Govindarajan, U.H., Sun, J.J., Chuang, A.C.: A review of technology standards and patent portfolios for enabling cyber-physical systems in advanced manufacturing. IEEE Access 4, 7356–7382 (2016)CrossRef

11.

ISO: ISO/IEC 27000:2016 the overview of information security management systems. https://www.iso.org/standard/66435.html. Accessed 01 Feb 2016

12.

Kreger H, Estefan J (2009) Navigating the soa open standards landscape around architecture. Joint Paper, The Open Group, OASIS, and OMG

13.

Lemoudden M, Bouazza N, El Ouahidi B, Bourget D (2013) A survey of cloud computing security overview of attack vectors and defense mechanisms. J Theor Appl Inf Technol 54(2)

14.

Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M., Inácio, P.R.: Security issues in cloud environments: a survey. Int J Inf Secur 13(2), 113–170 (2014)CrossRef

15.

Takabi, H., Joshi, J.B., Ahn, G.-J.: Security and privacy challenges in cloud computing environments. IEEE Secur Priv 8(6), 24–31 (2010)CrossRef

16.

Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl. 34(1), 1–11 (2011)CrossRef

17.

Moyano F, Fernandez-Gago C, Lopez J (2012) A conceptual framework for trust models. In: International conference on trust, privacy and security in digital business. Springer, pp 93–104

18.

Rimal BP, Choi E, Lumb I (2009) A taxonomy and survey of cloud computing systems. In: 2009. NCM’09. fifth international joint conference on INC, IMS and IDC. Ieee, pp 44–51

19.

Huang, J., Nicol, D.M.: Trust mechanisms for cloud computing. J Cloud Comput Adv Syst Appl 2(1), 9 (2013)CrossRef

20.

Pearson S (2013) Privacy, security and trust in cloud computing. In: Privacy and security for cloud computing. Springer, pp 3–42

21.

Habib SM, Ries S, Muhlhauser M (2011) Towards a trust management system for cloud computing. In: 2011 ieee 10th international conference on trust, security and privacy in computing and communications (TrustCom). IEEE, pp 933–939

22.

Wang C, Wang Q, Ren K, Lou W (2010) Privacy-preserving public auditing for data storage security in cloud computing. In: 2010 Proceedings Ieee Infocom. Ieee, pp 1–9

23.

Mell P, Grance T et al (2011) The nist definition of cloud computing

24.

Noor, T.H., Sheng, Q.Z., Yao, L., Dustdar, S., Ngu, A.H.: Cloudarmor: supporting reputation-based trust management for cloud services. IEEE Trans Parallel Distrib Syst 27(2), 367–380 (2016)CrossRef

25.

Ghosh, N., Ghosh, S.K., Das, S.K.: Selcsp: a framework to facilitate selection of cloud service providers. IEEE Trans Cloud Comput 3(1), 66–79 (2015)CrossRef

26.

Qu C, Buyya R (2014) A cloud trust evaluation system using hierarchical fuzzy inference system for service selection. In: 2014 Ieee 28th international conference on advanced information networking and applications (aina). IEEE, pp 850–857

27.

Pawar PS, Rajarajan M, Nair SK, Zisman A (2012) Trust model for optimized cloud services. In: IFIP international conference on trust management. Springer, pp 97–112

28.

Alhamad M, Dillon T, Chang E (2010) Sla-based trust model for cloud computing. In: 2010 13th international conference on network-based information systems (NBiS). Ieee, pp 321–324

29.

Hansman, S., Hunt, R.: A taxonomy of network and computer attacks. Comput Secur 24(1), 31–43 (2005)CrossRef

30.

Hafez Amer S, Hamilton Jr, JA (2010) Intrusion detection systems (ids) taxonomy-a short review. This is a paid advertisement. STN 13-2 June 2010: Defensive Cyber Security: Policies and Procedures 2, 23

31.

Patel, A., Taghavi, M., Bakhtiyari, K., JúNior, J.C.: An intrusion detection and prevention system in cloud computing: a systematic review. J Netw Comput Appl 36(1), 25–41 (2013)CrossRef

32.

Howard JD, Longstaff TA (1998) A common language for computer security incidents. Technical report, Sandia National Labs., Albuquerque, NM (US); Sandia National Labs., Livermore, CA (US)

33.

Ficco M, Tasquier L, Aversa R (2013) Intrusion detection in cloud computing. In: 2013 eighth international conference on P2P, parallel, grid, cloud and internet computing (3PGCIC). IEEE, pp 276–283

34.

Bace R, Mell P (2001) Nist special publication on intrusion detection systems. Technical report, BOOZ-ALLEN AND HAMILTON INC MCLEAN VA

35.

Humphreys, E.: Information security management standards: compliance, governance and risk management. Inf Secur Tech Rep 13(4), 247–255 (2008)CrossRef

36.

Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: Comprehensive approach to intrusion detection alert correlation. IEEE Trans Dependable Secure Comput 1(3), 146–169 (2004)CrossRef

37.

Shin J, Son H, Heo G (2013) Cyber security risk analysis model composed with activity-quality and architecture model. In: International conference on computer, networks and communication engineering, pp 609–612

38.

Bolognini, L., Bistolfi, C.: Pseudonymization and impacts of big (personal/anonymous) data processing in the transition from the directive 95/46/ec to the new eu general data protection regulation. Comput Law Secur Rev 33(2), 171–181 (2017)CrossRef

Titel: A Predictive Model for Risk and Trust Assessment in Cloud Computing: Taxonomy and Analysis for Attack Pattern Detection
verfasst von: Alexandros Chrysikos
Stephen McGuire
Verlag: Springer International Publishing
Buch: Guide to Vulnerability Analysis for Computer Networks and Systems
Print ISBN: 978-3-319-92623-0

Electronic ISBN: 978-3-319-92624-7

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-92624-7_4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"