Abstract
Although the technology for cloud services has been maturing for more than a decade, many potential users still have some concerns about the security and especially privacy. Users need to analyze the risks to face prior to embracing the cloud concept. Recently, many organizations and researchers assessed the cloud risks. There are also both quantitative and qualitative models developed for this purpose. Our tutorial first introduces the definitions and then provides a survey on the results from cloud risk assessment efforts and risk models developed for cloud.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
ENISA, Cloud Computing; Benefits, Risks and Recommendations for Information Security, 2009 Edition, June 2014. http://www.enisa.europe.eu
CSA, The Notorious Nine Cloud Computing Top Threats in 2013, June 2014. https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
EU, Opinion 05/2012 on Cloud Computing (2012). http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp196_en.pdf
CSA, Security, Trust & Assurance Registry (STAR), June 2014. https://cloudsecurityalliance.org/star/#_registry
Kaplan, S., Garrick, B.J.: On the quantitative definition of risk. Risk Anal. 1(1), 11–27 (1981)
Cayirci, E.: Joint trust and risk model for MSaaS mashups. In: Pasupathy, R., Kim, S.-H., Tolk, A., Hill, R., Kuhl, M.E. (eds.) Proceedings of the 2013 Winter Simulation Conference, pp. 1347–1358. Institute of Electrical and Electronics Engineers, Inc., Piscataway (2013)
Cayirci, E., Garaga, A., Oliveira, A.S., Roudier, Y.: Cloud adopted risk assessment model. In: International Workshop on Advances in Cloud Computing Legislation, Accountability, Security and Privacy (CLASP) (2014)
Jansen, W., Grance, T.: Guidelines on security & Privacy, Draft Special Publication 800-144 NIST, US Department of Commerce (2011)
Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 131–144. Springer, Heidelberg (2009)
DHS, DHS Risk Lexicon. Department of Homeland Security (2008)
Ezell, B.C., Bennet, S.P., Von Winterfeldt, D., Sokolowski, J., Collins, A.J.: Probabilistic risk analysis and terrorism risk. Risk Anal. 30(4), 575–589 (2010)
Cayirci, E.: Modelling and Simulation as a Service: A Survey. In: Pasupathy, R., Kim, S.-H., Tolk, A., Hill, R., Kuhl, M.E. (eds.) Proceedings of the 2013 Winter Simulation Conference, pp. 389–400. Institute of Electrical and Electronics Engineers Inc, Piscataway (2013)
Rousseau, D., Sitkin, S., Burt, R., Camerer, C.: Not so different after all: a cross-discipline view of trust. Acad. Manag. Rev. 23(3), 393–404 (1998)
Pearson, S.: Privacy, security and trust in cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computting, Computer Communications and Networks, pp. 3–42. Springer-Verlag, New York (2012)
Rashidi, A., Movahhedinia, N.: A model for user trust in cloud computing. Int. J. Cloud Comput. Serv. Archit. (IJCCSA) 2(2), 1–8 (2012)
Li, W., Ping, L.: Trust model to enhance security and interoperability of cloud environment. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 69–79. Springer, Heidelberg (2009)
Marsh, S.: Formalising Trust as a Computational Concept. Doctoral dissertation, University of Stirling (1994)
Banerjee, S., Mattmann, C., Medvidovic, N., Golubchik, L.: Leveraging architectural models to inject trust into software systems. In: Proceedings of the SESS 2005, pp. 1–7. ACM, New York (2005)
Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Acad. Manag. Rev. 20(3), 709–734 (1995)
Wang, Y., Lin, K.-J.: Reputation-oriented trustworthy computing in e-commerce environments. Internet Comput. 12(4), 55–59 (2008)
Osterwalder, D.: Trust through evaluation and certification. Soc. Sci. Comput. Rev. 19(1), 32–46 (2001). Sage Publications, Inc.
Singh, S., Morley, C.: Young australians’ privacy, security and trust in internet banking. In: Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group: Design: Open 24/7 (2009)
Ko, R.K.L., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., Lee, B.S.: TrustCloud: a framework for accountability and trust in cloud computing. In: 2nd IEEE Cloud Forum for Practitioners (ICFP) (2011)
Kandukuri, B.R., Paturi, R., Rakshit, V.A.: Cloud security issues. In: IEEE International Conference on Services Computing (2009)
Khan, K., Malluhi, Q.: Trust in cloud services: providing more controls to clients. IEEE Comput. 46(7), 94–96 (2013)
Singhal, M., Chandrasekhar, S., Tingjian, G., Sandhu, R., Krishnan, R., Gail-Joon, A., Bertino, E.: Collaboration in multicloud computing environments: framework and security issues. IEEE Comput. Mag. 46(2), 76–84 (2013)
Simmonds, P., Rezek, C., Reed, A.: Security Guidance for Critical Areas of Focus in Cloud Computing V3.0 (No. 3.0) (p. 177). Cloud Security Alliance (2011). http://www.cloudsecurityalliance.org/guidance/
ISACA, COBIT 5: A Business Framework for the Governence and Management of Enterprise IT, June 2014. http://www.isaca.org/cobit/pages/default.aspx
ISO/IEC 31010, Risk Management-Risk Assesment Techniques (2009 Edition), June 2014. https://www.iso.org/obp/ui/#iso:std:iso-iec:31010:ed-1:v1:en
CSA, Consensus Assessment Initiative Questionnaire, June 2014. https://cloudsecurityalliance.org/research/cai/
CNIL, Methodology for Privacy Risk Management: How to Implement the Data Protection Act, 2012 Edition, June 2014. http://www.cnil.fr/english/publications/guidelines/
WEKA: Data Mining Software in Java, June 2014. http://www.cs.waikato.ac.nz/ml/weka/
Acknowledgments
This work was supported by EU FP7 Accountability for Cloud and Other Future Internet Services (A4Cloud) Project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Cayirci, E. (2015). Models for Cloud Risk Assessment: A Tutorial. In: Felici, M., Fernández-Gago, C. (eds) Accountability and Security in the Cloud. A4Cloud 2014. Lecture Notes in Computer Science(), vol 8937. Springer, Cham. https://doi.org/10.1007/978-3-319-17199-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-17199-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17198-2
Online ISBN: 978-3-319-17199-9
eBook Packages: Computer ScienceComputer Science (R0)