Title :
Security risk analysis as a service
Author :
Alhomidi, Mohammed A. ; Reed, Martin J.
Author_Institution :
Sch. of Comput. Sci. & Electron. Eng., Univ. of Essex, Colchester, UK
Abstract :
New features proposed in emerging cloud computing, such as multi-tenancy, raises many security challenges against the full adoption of the new paradigm. A critical aspect of the security issues in cloud computing is the limited knowledge of cloud users regarding technical security mechanism for identifying and protecting services from potential risks. In this paper, we propose a framework for security risk analysis that is capable of analyzing the security of virtual machines(VMs), finding the critical vulnerabilities and then producing a set of security recommendations for use by the cloud deployer. Our framework reduces the need for users to possess technical knowledge in handling possible security risk and allows analysis to be charged as a service. This paper develops a Security Risk Analysis as a Service (SRAaaS) framework that assesses all VMs and cloud services against possible attacks using attack graphs to represent and analyze the system.
Keywords :
cloud computing; operating systems (computers); risk analysis; security of data; virtual machines; SRAaaS framework; VM; cloud computing; cloud deployer; cloud users; security issues; security recommendations; security risk analysis; security risk analysis as a service; service protection; technical knowledge; technical security mechanism; virtual machines; Analytical models; Cloud computing; Computational modeling; Genetic algorithms; Risk analysis; Security; Virtual machining; Cloud security; attack graph; cloud risk analysis; cloud security recommendation; infrastructure as a service; security as a service;
Conference_Titel :
Internet Technology and Secured Transactions (ICITST), 2013 8th International Conference for
Conference_Location :
London
DOI :
10.1109/ICITST.2013.6750182
