Abstract
Cloud Computing represents a new computing way that increases dynamically capabilities without investing new infrastructure. It become much adopted today thanks to many advantages like distributed computing, scalability and performance, multi-tenancy and pay per use services. However, it poses many serious security issues at all cloud delivery models. Software, Platform, and Infrastructure as a Service are the three main service delivery models for Cloud Computing. Infrastructure as a Service (IaaS) serves as the basis layer for the other delivery models, and a lack of security in this layer will affect the other delivery models. This paper presents a detailed study of IaaS components’ security and determines vulnerabilities and security solutions. Finally, to combat security repose, we present a security risk management framework for Cloud system to threats and vulnerabilities reduction security risks mitigation. The proposed security risk management framework is based on a quantitative security risk assessment model to evaluate risks for this system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barry, B., LiGuo, H.: Value-based software engineering: a case study. IEEE Comput. 36, 33–41 (2003)
Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: The Proceedings of the IEEE 3rd International Conference on Cloud Computing, pp. 280–288 (2009)
An, M., Chen, Y., Baker, C.J.: A fuzzy reasoning and fuzzy-analytical hierarchy process based approach to the process of railway risk information: a railway risk management system. Inf. Sci. 181, 3946–3966 (2011)
Wang, J.A., Xia, M., Zhang, F.: Metrics for information security vulnerabilities. In: Proceedings of Intellect base International Consortium, vol. 1, pp. 284–294 (2009)
Yuri, D., Leon, G., Cees, L.: Web services and grid security vulnerabilities and threats analysis and model, Bas Oudenaarde, Advanced Internet Research Group, University of Amsterdam, Kruislaan 403, NL-1098 SJ Amsterdam, The Netherlands (2000)
ISO/IEC 27005: Information Technology—Security Techniques—Information Security Risk Management, International Organization for Standardization (2007)
Emam, A.H.M.: Additional authentication and authorization using registered email-ID for cloud computing. Int. J. Soft Comput. Eng. 3, 110–113 (2013)
ISO. BS ISO 31000: Risk management. Principles and guidelines (2009)
ISO. BS ISO/IEC 27005: Information technology. Security techniques. Information security risk management (2011)
Gary, S., Alice, G., Alexis, F.: Risk Management Guide for Information Technology Systems Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-30 (2002)
Xuan, Z., Nattapong, W., Hao, L., Xuejie, Z.: Information security risk management framework for the cloud computing environments. In: 10th IEEE International Conference on Computer and Information Technology (CIT 2010) (2010)
Padhy, R.P., Patra, M.R., Satapathy, S.C.: Cloud computing: security issues and research challenges. Int. J. Comput. Sci. Inf. Technol. Secur. 1(2), 136–146 (2011)
Sangroya, A., Kumar, S., Dhok, J., Varma, V.: Towards analyzing data security risks in cloud computing environments. In: Prasad, S.K., Vin, H.M., Sahni, S., Jaiswal, M.P., Thipakorn, B. (eds.) ICISTM 2010. CCIS, vol. 54, pp. 255–265. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12035-0_25
Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the OCTAVE approach. Software Engineering Institute (2003)
Kevin, S.: Virtualisation as a Blackhat Tool. In: Network Security, pp. 4–7. Elsevier, New York (2007)
SLA Management Team: SLA Management Handbook, 4th edn. Enterprise Perspective (2004)
Frankova, G.: Service level agreements: web services and security. In: Baresi, L., Fraternali, P., Houben, G.-J. (eds.) ICWE 2007. LNCS, vol. 4607, pp. 556–562. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73597-7_54
Patel, P., Ranabahu, A., Sheth, A.: Service level agreement in cloud computing. In: Cloud Workshops at OOPSLA 2009 (2009)
Bineet, K.J., Mohit, K.S., Bansidhar, J.: Security threats and their mitigation in infrastructure as a service. Perspect. Sci. 8, 462–464 (2016)
Wesam, D., Ibrahim, T.: Infrastructure as a service security: challenges and solutions (2008)
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34, 1–11 (2011)
Intel IT Center: Planning Guide: Virtualization and Cloud Computing, White paper (2013)
Mouna, J., Latifa, B.R.: A multi-dimensional mean failure cost model to enhance security of cloud computing systems. Int. J. Embed. Real Time Commun. Syst. (IJERTCS) 7(2), 1–14 (2016)
Mouna, J., Latifa, B.R.: Mean failure cost extension model towards a security threats assessment: a cloud computing case study. J. Comput. 10, 184–194 (2015)
Mouna, J., Latifa, B.R., Anis, B.A., Ali, M.: A cyber security model in cloud computing environments. J. King Saud Univ. Comput. Inf. Sci. 25, 63–75 (2013)
Mouna, J., Latifa, B.R., Ridha, K.: A multidimensional approach towards a quantitative assessment of security threats. In: ANT/SEIT 2015, vol. 52, pp. 507–514 (2015)
Mouna, J., Latifa, B.R.: Surveying and analyzing security problems in cloud computing environments. In: CIS 2014, pp. 689–693 (2014)
Lawal, B.O., Ogude, C., Abdullah, K.K.A.: Security management of infrastructure as a service in cloud computing. Afr. J. Comput. ICT Ref. Format 6, 137–146 (2013)
Ibrahim, A.S., Hamlyn-Harris, J., Grundy, J.: Emerging security challenges of cloud virtual infrastructure. In: The Asia Pacific Software Engineering Conference 2010 Cloud Workshop (2010)
Jaiswal, P.R., Rohankar, A.W.: Infrastructure as a service: security issues in cloud computing. IJCSMC 3, 707–711 (2014)
Jenson, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: Ontechnical security issues in cloud computing. IEEE (2009)
Krutz, R.L., Vines, R.D.: Cloud Security. Wiley Publication, Indianapolis (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Jouini, M., Rabai, L.B.A. (2017). A Security Risk Management Model for Cloud Computing Systems: Infrastructure as a Service. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_47
Download citation
DOI: https://doi.org/10.1007/978-3-319-72389-1_47
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72388-4
Online ISBN: 978-3-319-72389-1
eBook Packages: Computer ScienceComputer Science (R0)