Top

Published in:

2017 | OriginalPaper | Chapter

ARA-Assessor: Application-Aware Runtime Risk Assessment for Cloud-Based Business Continuity

Authors : Min Fu, Shiping Chen, Jian Yang, Surya Nepal, Liming Zhu

Published in: Service-Oriented Computing

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Cloud-based systems are prone to be attacked because they share the same cloud infrastructure, where there may exist hackers and malicious users. As a result, cloud system owners need an on-going security risk assessment mechanism to monitor the risk of their systems so that they can be mitigated in a timely manner to ensure the business continuity. Existing methods of cloud system risk assessment usually do not fully consider the dependencies of the system’s cloud resources or the conflictions of the threats on the system. In this paper we propose an application-aware cloud system risk assessment method, called ARA-Assessor, for performing security risk assessment for cloud systems. ARA-Assessor includes a cloud system model used to specify the significance value of each system component and their dependencies. With this application-aware model, the cloud system owners are able to continuously assess the risk of their systems. We evaluate ARA-Assessor with three typical cloud systems on AWS. The experimental results show that our method is capable of continuously assessing the runtime risk for multiple types of cloud systems.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Improving Web Services Design Quality Using Dimensionality Reduction Techniques

next chapter Personalized Quality Centric Service Recommendation

Dahbur, K., et al.: A survey of risks, threats and vulnerabilities in cloud computing. In: Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications (ISWSA 2011), vol. 12, April 2011

NIST: Resource Security. http://csrc.nist.gov/groups/SNS/cloud-computing/

Gartner: Why private clouds fail. Network world official website. http://www.networkworld.com/article/2881794/cloud-computing/gartner-why-private-clouds-fail.html

Cloud Security Alliance (CSA): State of Security 2016. CSA Global Enterprise Advisory Board. https://downloads.cloudsecurityalliance.org/assets/board/CSA-GEAB-State-of-Cloud-Security-2016.pdf

Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: 3rd IEEE International Conference on Cloud Computing (CLOUD 2010), July 2010

Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing. Gartner Research Report 2008, ID no. G00157782, June 2008

Djemame, K., et al.: A risk assessment framework for cloud computing. IEEE Trans. Cloud Comput. 4(3), 265–278 (2016). ISSN: 2168-7161CrossRef

Lippmann, R.P., Riordan, J.F.: Threat-based risk assessment for enterprise networks. Lincoln Lab. J. 22(1), 33–45 (2016)

10.

Kholidy, H.A., et al.: Online risk assessment and prediction models for autonomic cloud intrusion prevention systems. In: AICCSA 2014, November 2014

11.

Rahimi, M.R., et al.: MAPCloud: mobile applications on an elastic and scalable 2-tier cloud architecture. In: 5th IEEE International Conference on Utility and Cloud Computing (2012)

12.

Alert Logic: The Changing State of Cloud Security. Cloud Security Report 2015 (2015)

13.

Nenvani, G., Gupta, H.: A survey on attack detection on cloud using supervised learning techniques. In: IEEE Symposium on Colossal Data Analysis and Networking (CDAN 2016), March 2016

14.

Lo, C., Huang, C., Ku, J.: A cooperative intrusion detection system framework for cloud computing networks. In: 39th International Conference on Parallel Processing Workshops (ICPPW 2010), September 2010

15.

Zhang, T., et al.: CloudRadar: A Real-time Side-channel Attack Detection System in Clouds. Princeton University publications, Department of Electrical Engineering (2016)

16.

Krutz, R.L., Vines, R.D.: Cloud security: a comprehensive guide to secure cloud computing. In: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley Publishing (2010). ISBN: 0470589876, 9780470589878

17.

AWS Cloud Documentation Official Website. http://aws.amazon.com/documentation/. Last access time: 6 Aug 2017, 17:50

18.

ENISA: Cloud Computing: Benefits, risks and recommendations for information security (2010)

19.

CSA: Top Threats to cloud computing. v1.0 (2010)

20.

Chou, T.: Security threats on cloud computing vulnerabilities. Int. J. Comput. Sci. Inf. Technol. (IJCSIT) 5, 79–88 (2013)

21.

AWS official Website. http://aws.amazon.com/. Last access time: 6 Aug 2017, 17:55

22.

Symantec ISTR: Internet Security Threat Report 2016. Symantec Website, vol. 21, April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf

23.

Jouini, M., Rabai, L.B.A.: Mean failure cost extension model towards security threats assessment: a cloud computing case study. J. Comput. 10, 184–194 (2015). doi:10.17706/jcp.10.3.184-194 CrossRef

24.

CloudWatch Website. https://aws.amazon.com/cloudwatch/. Last access time: 6 Aug 2017, 18:40

25.

Httpref Website. https://linux.die.net/man/1/httperf. Last access time: 6 Aug 2017, 18:50

26.

Fu, M., et al.: Runtime recovery actions selection for sporadic operations on cloud. In: ASWEC 2015, Adelaide, Australia, pp. 185–194, September 2015

27.

Sabahi, F.: Cloud computing security threats and responses. In: 3rd IEEE International Conference on Communication Software and Networks (ICCSN 2011), May 2011

28.

Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)CrossRef

29.

Misra, K.: Risk analysis and management: an introduction. In: Misra, K. (ed.) Handbook of Performability Engineering, pp. 667–681. Springer, London (2008)CrossRef

Title: ARA-Assessor: Application-Aware Runtime Risk Assessment for Cloud-Based Business Continuity
Authors: Min Fu
Shiping Chen
Jian Yang
Surya Nepal
Liming Zhu
Publisher: Springer International Publishing
Book: Service-Oriented Computing
Print ISBN: 978-3-319-69034-6

Electronic ISBN: 978-3-319-69035-3

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-3-319-69035-3_38

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner