Skip to main content
SpringerLink
Log in

A Security Risk Management Model for Cloud Computing Systems: Infrastructure as a Service

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10656))

Abstract

Cloud Computing represents a new computing way that increases dynamically capabilities without investing new infrastructure. It become much adopted today thanks to many advantages like distributed computing, scalability and performance, multi-tenancy and pay per use services. However, it poses many serious security issues at all cloud delivery models. Software, Platform, and Infrastructure as a Service are the three main service delivery models for Cloud Computing. Infrastructure as a Service (IaaS) serves as the basis layer for the other delivery models, and a lack of security in this layer will affect the other delivery models. This paper presents a detailed study of IaaS components’ security and determines vulnerabilities and security solutions. Finally, to combat security repose, we present a security risk management framework for Cloud system to threats and vulnerabilities reduction security risks mitigation. The proposed security risk management framework is based on a quantitative security risk assessment model to evaluate risks for this system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Barry, B., LiGuo, H.: Value-based software engineering: a case study. IEEE Comput. 36, 33–41 (2003)

    Article  Google Scholar 

  2. Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: The Proceedings of the IEEE 3rd International Conference on Cloud Computing, pp. 280–288 (2009)

    Google Scholar 

  3. An, M., Chen, Y., Baker, C.J.: A fuzzy reasoning and fuzzy-analytical hierarchy process based approach to the process of railway risk information: a railway risk management system. Inf. Sci. 181, 3946–3966 (2011)

    Article  Google Scholar 

  4. Wang, J.A., Xia, M., Zhang, F.: Metrics for information security vulnerabilities. In: Proceedings of Intellect base International Consortium, vol. 1, pp. 284–294 (2009)

    Google Scholar 

  5. Yuri, D., Leon, G., Cees, L.: Web services and grid security vulnerabilities and threats analysis and model, Bas Oudenaarde, Advanced Internet Research Group, University of Amsterdam, Kruislaan 403, NL-1098 SJ Amsterdam, The Netherlands (2000)

    Google Scholar 

  6. ISO/IEC 27005: Information Technology—Security Techniques—Information Security Risk Management, International Organization for Standardization (2007)

    Google Scholar 

  7. Emam, A.H.M.: Additional authentication and authorization using registered email-ID for cloud computing. Int. J. Soft Comput. Eng. 3, 110–113 (2013)

    Google Scholar 

  8. ISO. BS ISO 31000: Risk management. Principles and guidelines (2009)

    Google Scholar 

  9. ISO. BS ISO/IEC 27005: Information technology. Security techniques. Information security risk management (2011)

    Google Scholar 

  10. Gary, S., Alice, G., Alexis, F.: Risk Management Guide for Information Technology Systems Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-30 (2002)

    Google Scholar 

  11. Xuan, Z., Nattapong, W., Hao, L., Xuejie, Z.: Information security risk management framework for the cloud computing environments. In: 10th IEEE International Conference on Computer and Information Technology (CIT 2010) (2010)

    Google Scholar 

  12. Padhy, R.P., Patra, M.R., Satapathy, S.C.: Cloud computing: security issues and research challenges. Int. J. Comput. Sci. Inf. Technol. Secur. 1(2), 136–146 (2011)

    Google Scholar 

  13. Sangroya, A., Kumar, S., Dhok, J., Varma, V.: Towards analyzing data security risks in cloud computing environments. In: Prasad, S.K., Vin, H.M., Sahni, S., Jaiswal, M.P., Thipakorn, B. (eds.) ICISTM 2010. CCIS, vol. 54, pp. 255–265. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12035-0_25

    Chapter  Google Scholar 

  14. Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the OCTAVE approach. Software Engineering Institute (2003)

    Google Scholar 

  15. Kevin, S.: Virtualisation as a Blackhat Tool. In: Network Security, pp. 4–7. Elsevier, New York (2007)

    Google Scholar 

  16. SLA Management Team: SLA Management Handbook, 4th edn. Enterprise Perspective (2004)

    Google Scholar 

  17. Frankova, G.: Service level agreements: web services and security. In: Baresi, L., Fraternali, P., Houben, G.-J. (eds.) ICWE 2007. LNCS, vol. 4607, pp. 556–562. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73597-7_54

    Chapter  Google Scholar 

  18. Patel, P., Ranabahu, A., Sheth, A.: Service level agreement in cloud computing. In: Cloud Workshops at OOPSLA 2009 (2009)

    Google Scholar 

  19. Bineet, K.J., Mohit, K.S., Bansidhar, J.: Security threats and their mitigation in infrastructure as a service. Perspect. Sci. 8, 462–464 (2016)

    Article  Google Scholar 

  20. Wesam, D., Ibrahim, T.: Infrastructure as a service security: challenges and solutions (2008)

    Google Scholar 

  21. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34, 1–11 (2011)

    Article  Google Scholar 

  22. Intel IT Center: Planning Guide: Virtualization and Cloud Computing, White paper (2013)

    Google Scholar 

  23. Mouna, J., Latifa, B.R.: A multi-dimensional mean failure cost model to enhance security of cloud computing systems. Int. J. Embed. Real Time Commun. Syst. (IJERTCS) 7(2), 1–14 (2016)

    Article  Google Scholar 

  24. Mouna, J., Latifa, B.R.: Mean failure cost extension model towards a security threats assessment: a cloud computing case study. J. Comput. 10, 184–194 (2015)

    Article  Google Scholar 

  25. Mouna, J., Latifa, B.R., Anis, B.A., Ali, M.: A cyber security model in cloud computing environments. J. King Saud Univ. Comput. Inf. Sci. 25, 63–75 (2013)

    Article  Google Scholar 

  26. Mouna, J., Latifa, B.R., Ridha, K.: A multidimensional approach towards a quantitative assessment of security threats. In: ANT/SEIT 2015, vol. 52, pp. 507–514 (2015)

    Google Scholar 

  27. Mouna, J., Latifa, B.R.: Surveying and analyzing security problems in cloud computing environments. In: CIS 2014, pp. 689–693 (2014)

    Google Scholar 

  28. Lawal, B.O., Ogude, C., Abdullah, K.K.A.: Security management of infrastructure as a service in cloud computing. Afr. J. Comput. ICT Ref. Format 6, 137–146 (2013)

    Google Scholar 

  29. Ibrahim, A.S., Hamlyn-Harris, J., Grundy, J.: Emerging security challenges of cloud virtual infrastructure. In: The Asia Pacific Software Engineering Conference 2010 Cloud Workshop (2010)

    Google Scholar 

  30. Jaiswal, P.R., Rohankar, A.W.: Infrastructure as a service: security issues in cloud computing. IJCSMC 3, 707–711 (2014)

    Google Scholar 

  31. Jenson, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: Ontechnical security issues in cloud computing. IEEE (2009)

    Google Scholar 

  32. Krutz, R.L., Vines, R.D.: Cloud Security. Wiley Publication, Indianapolis (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratoire SMART, Institut Supérieur de Gestion, Université de Tunis, Tunis, Tunisie

    Mouna Jouini & Latifa Ben Arfa Rabai

Authors
  1. Mouna Jouini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Latifa Ben Arfa Rabai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mouna Jouini .

Editor information

Editors and Affiliations

  1. Guangzhou University , Guangzhou, China

    Guojun Wang

  2. Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA

    Mohammed Atiquzzaman

  3. Aalto University, Espoo, Finland

    Zheng Yan

  4. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jouini, M., Rabai, L.B.A. (2017). A Security Risk Management Model for Cloud Computing Systems: Infrastructure as a Service. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_47

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72389-1_47

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72388-4

  • Online ISBN: 978-3-319-72389-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation