A New Shared and Comprehensive Tool of Cloud Computing Security Risk Assessment

  • Saadia DrissiEmail author
  • Siham Benhadou
  • Hicham Medromi
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 366)


The cloud computing is a new trending paradigm that presents several benefits in achieving rapid and scalable resource provisioning capabilities to their users. Despite the fact that cloud computing offers many cost benefits for their cloud users, number of security risk are emerging in association with cloud usage that need to be assessed. Assessing risk in Cloud computing environment remains an open research issue. This paper presents a comprehensive and shared risk assessment method for cloud computing that will add a great help and assistance to both cloud consumers and cloud providers, which is also in compliance with all the specific characteristics of the Cloud Computing. An experimental result will be showed at the end to demonstrate the effectiveness of this new risk assessment model.


Cloud computing Security risk Comprehensive and shared risk assessment method Cloud consumers Cloud providers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cloud Security Alliance (CSA): Top threats to cloud computing, version 1.0, March 2010.
  2. 2.
    Kaliski Jr., B.S., Pauley, W.: Toward Risk Assessment as a Service in Cloud Environment. EMC Corporation, Hopkinton (2010)Google Scholar
  3. 3.
    EBIOS, Central Directorate for Information Systems Security, Version 2010 website.
  4. 4.
    Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE), Carnegie Mellon - Software Engineering Institute (1999)Google Scholar
  5. 5.
    Method Harmonized Risk Analysis (MEHARI) Principles and mechanisms CLUSIF, issue 3, October 2004Google Scholar
  6. 6.
    Mell, P., Grance, T.: Perspectives on cloud computing and standards. National Institute of Standards and Technology (NIST). Information Technology Laboratory (2009)Google Scholar
  7. 7.
    CSS, White paper on software and service architectures, Infrastructures and Engineering – Action Paper on the area for the future EU competitiveness: Background information, Version 1.3, vol. 2 (retrieved: 15.08.2010).
  8. 8.
    Miller, M.: Cloud computing: Web-based applications that change the way you work and collaborate online. Indianapolis (2008)Google Scholar
  9. 9.
    Van Scoy, R.L.: Software Development Risk: Opportunity, Not ProblemGoogle Scholar
  10. 10.
    Farrell, R.: Securing the cloud-governance, risk and compliance issues reign supreme. Information Security Journal: A Global Perspective (2010)Google Scholar
  11. 11.
    Sayouti, A., Medromi, H.: Les Systèmes Multi-Agents: Application au Contrôle sur Internet, Auteurs Éditions universitaires européennes, Août 2012Google Scholar
  12. 12.
    Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: The Proceedings of the IEEE 3rd International Conference on Cloud Computing, pp. 280–288 (2010)Google Scholar
  13. 13.
    Peiyu, L., Dong, L.: The New Risk Assessment Model for Information System in Cloud Computing Environment. Procedia Engineering 15, 3200–3204 (2011)CrossRefGoogle Scholar
  14. 14.
    Xuan, Z., Wuwong, N., et al.: Information security risk management framework for the cloud computing environments. In: 2010 IEEE 10th International Conference on Computer and Information Technology (CIT) (2010)Google Scholar
  15. 15.
    Sangroya, A., Kumar, S., Dhok, J., Varma, V.: Towards analyzing data security risks in cloud computing environments. In: International Conference on Information Systems, Technology, and Management (ICISTM), Bangkok, Thailand (2010)Google Scholar
  16. 16.
    Drissi, S., Houmani, H., Medromi, H.: Survey: risk assessment for cloud computing. International Journal of Advanced Computer Science and Applications, pp. 143–148 (2013)Google Scholar
  17. 17.
    Altuzarra, A., Moreno-Jimnez, J.M., Salvador, M.: A Bayesian prioritization procedure for AHP-group decision making. European Journal of Operational Research 182(1), 367–382 (2007)CrossRefGoogle Scholar
  18. 18.
    Ramanathan, R., Ganesh, L.S.: Group preference aggregation methods employed in AHP: An evaluation and an intrinsic process for deriving members’ weightages. European Journal of Operational Research 79(2), 249–265 (1994)CrossRefGoogle Scholar
  19. 19.
    Dyer, R.F., Forman, E.H.: Group decision support with the analytic hierarchy process. Decision Support Systems 8(2), 99–124 (1992)CrossRefGoogle Scholar
  20. 20.
    Lichtenstein, S.: Factors in the selection of a risk assessment method. Information Management & Computer Security 4(4), 20–25 (1996)CrossRefGoogle Scholar
  21. 21.
    Drissi, S., Medromi, H.: A new risk assessment approach for cloud consumer. Journal of Communication and Computer 11, 52–58 (2014)Google Scholar
  22. 22.
    Free Security Assessment by Trend Micro, Security Assessment ToolGoogle Scholar
  23. 23.
    Onwudebelu, U., Chukuka, B.: Will adoption of cloud computing put the enterprise at risk? In: 2012 IEEE 4th International Conference on Adaptive Science & Technology (ICAST), October 25–27, pp. 82–85 (2012)Google Scholar
  24. 24.
    Security Risk Assessment for Cloud and Web. Cenzic CloudGoogle Scholar
  25. 25.
    SecaaS Category 5 Security Assessments Implementation Guidance. Cloud Security Alliance, September 2012Google Scholar
  26. 26.
    Fito, J.O., Macias, M., Guitart, J.: Toward business-driven risk management for cloud computing. In: 2010 International Conference on Network and Service Management (CNSM), October 25–29, pp. 238–241 (2010)Google Scholar
  27. 27.
    Djemame, K., et al.: A risk assessment framework and software toolkit for cloud service ecosystems. In: Cloud Computing 2011, The Second International Conference on Cloud Computing, GRIDs, and Virtualization (2011)Google Scholar
  28. 28.
    Tanimoto, S., Hiramoto, M., Iwashita, M., Sato, H., Kanai, A.: Risk management on the security problem in cloud computing. In: 2011 First ACIS/JNU International Conference on Computers Networks, Systems and Industrial Engineering (CNSI), May 23–25, pp. 147–152 (2011)Google Scholar
  29. 29.
    Leitold, F., Hadarics, K.: Measuring security risk in the cloud-enabled enterprise. In: 2012 7th International Conference on Malicious and Unwanted Software (MALWARE), October 16–18, pp. 62–66 (2012)Google Scholar
  30. 30.
    Zhang, J., Sun, D., Zhai, D.: A research on the indicator system of cloud computing security risk assessment. In: 2012 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (ICQR2MSE), June 15–18, pp. 121–123 (2012)Google Scholar
  31. 31.
    Chandran, S., Angepat, M.: Cloud computing: analyzing the risk involved in cloud computing environments. In: Proceedings of Natural Sciences and Engineering, Sweden, pp. 2–4 (2010)Google Scholar
  32. 32.
    Cloud Security Alliance, Cloud Control Matri, September 26, 2013Google Scholar
  33. 33.
    Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, risks and recommendations or information security. ENISA (2009)Google Scholar

Copyright information

© Springer Science+Business Media Singapore 2016

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  1. 1.National High School of Electricity and MechanicsENSEMCasablancaMorocco

Personalised recommendations