CSCCRA: A Novel Quantitative Risk Assessment Model for Cloud Service Providers

Akinrolabu, Olusola; New, Steve; Martin, Andrew P.

doi:10.1007/978-3-030-11395-7_16

Cited by 5 publications

(11 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We developed the CSCCRA model [11] to address the gap in cloud supply chain transparency, particularly how the lack of visibility of supplier's security controls has contributed to the inadequate level of cloud risk assessment. It aims to present the CSP's cloud risk in a format that is consistent, repeatable, traceable and understandable, allowing for the proactive mitigation of cloud risks.…”

Section: A the Csccra Modelmentioning

confidence: 99%

“…This approach requires us to analyse the interdependencies of a cloud service while making use of modelling and simulation techniques to draw the result of the assessment [24]. The CSCCRA model is made up of three components and builds on existing risk standards and guidance documents such as ISO 27005:2011, ISO 31000:2009, NIST 800-30v1 and FAIR risk assessment [11]. The components are:…”

Section: A the Csccra Modelmentioning

confidence: 99%

“…The CSC-CRA model is a supply chain-inclusive risk assessment model that aims to structurally analyse the interdependence between the components of a cloud service, assess the cybersecurity posture of its suppliers, and comprehensively identify and analyse cloud risks. It presents CSP's cloud risk in a format that is consistent, repeatable, traceable and understandable, one which encourages proactive mitigation of cloud risks [11].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Akinrolabu

New

Martin

2019

2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference

Self Cite

View full text Add to dashboard Cite

Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chaininclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain.

show abstract

Section: A the Csccra Modelmentioning

confidence: 99%

Section: A the Csccra Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Akinrolabu

New

Martin

2019

2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference

Self Cite

View full text Add to dashboard Cite

show abstract

“…Our decision to address security risk assessment from a cloud provider perspective was influenced by the scarcity of studies in this area, and on the practical need for cloud providers to assess security risks to assure secure cloud delivery to customers. As such, we also describe our novel quantitative model for cloud providers: Cyber Supply Chain Cloud Risk Assessment (CSCCRA) [17]. Here we highlight its strengths, which include its systematic analysis of cloud risks, the visual representation of the cloud supply chain, and the assessment of the cybersecurity posture of cloud suppliers.…”

Section: Introductionmentioning

confidence: 99%

“…The contributions of this paper are the identification of gaps in cloud risk assessment, an analysis of current models, and a more detailed presentation of the proposed CSCCRA model we introduced in [17] which is meant to address some of the identified gaps. Furthermore, we present directions for future research by outlining areas where the theory and practice of cloud provisioning risk assessment can be improved including the application of dynamic modelling based on defined boundaries and the development of automated models for the proactive mitigation of cloud risks.…”

Section: Introductionmentioning

confidence: 99%

Cyber risk assessment in cloud provider environments: Current models and future needs

Akinrolabu

Nurse

Martin

et al. 2019

Computers & Security

Self Cite

View full text Add to dashboard Cite

show abstract

Ensuring privacy and confidentiality of data on the cloud using an enhanced homomorphism scheme

Dawson

Twum²,

Acquah³

et al. 2022

IJCAI

View full text Add to dashboard Cite

Cloud computing is one of the widest phenomena embraced in information technology. This result from numerous advantages associated with it making many organizations and individuals offload their data to the cloud. Encryption schemes restrict access to data from unauthorized clients, helping attain confidentiality and privacy. The modification of the ciphertext of clients' data on the cloud demand downloading, deciphering, editing, and finally uploading back to the cloud by sharing their private key with the cloud service provider making it tedious. The application of homomorphism, allows computation to be performed on ciphertext with no decipher activity which helps to avoid the surfacing of sensitive client data stored on the cloud. In this paper, an Enhanced Homomorphism Scheme (EHS) is proposed based on Good Prime Numbers (GPN), Linear Congruential Generator (LCG), Fixed Sliding Window Algorithm (FSWA), and Gentry's homomorphism scheme. A dataset from the Kaggle database was used to test the proposed algorithm. A variety of tests were conducted using the proposed algorithm such as the Uniqueness of ciphertext, addition and multiplication property of full homomorphism, and the execution times using 2 𝑛 (𝑛 ∈ 2,3,4,5) data sizes. A comparison of the execution time of the proposed EHS was conducted with the New Fully Homomorphism Scheme (NFHS), and the Enhanced Homomorphism Encryption Scheme (EHES). From the comparison, the proposed EHS algorithm had the lowest encryption time when a data size of 24kb was executed but with a higher decryption time of 567.6667 ± 96.38911when a data size of 8kb was used. On the other hand, with a data size of 32kb, EHES had the highest decryption time of 1274ms with the proposed EHS having the lowest decryption time of 551.2222 ± 82.68746 indicating a decryption percentage decrease of 56.73%. This confirms that execution times are dependent on the size of the encryption key but not on data size.Povzetek: Nov kriptografski algoritem z imenom EHS se je izkazal z izboljšanimi časi izvajanja na nekaj standardnih testnih domenah.

show abstract

CSCCRA: A Novel Quantitative Risk Assessment Model for Cloud Service Providers

Cited by 5 publications

References 10 publications

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study

Cyber risk assessment in cloud provider environments: Current models and future needs

Ensuring privacy and confidentiality of data on the cloud using an enhanced homomorphism scheme

Contact Info

Product

Resources

About