Off-Line Risk Assessment of Cloud Service Provider

Sen, Amartya; Madria, Sanjay

doi:10.1109/services.2014.20

Cited by 9 publications

(6 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Nevertheless, these authors fail to consider that the vulnerabilities, normally varying with each application, have a strong influence on the effectiveness of applied security countermeasures. Sen and Madria propose an off-line risk assessment framework in [5] to evaluate the security level of an application for a specific CSP. They first identify the threats for a given application and estimate how much risk can be mitigated with the CSP's infrastructures.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces

Zhang

Taal

Cushing

et al. 2021

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Security is a top concern in digital infrastructure and there is a basic need to assess the level of security ensured for any given application. To accommodate this requirement, we propose a new risk assessment system. Our system identifies threats of an application workflow, computes the severity weights with the modified Microsoft STRIDE/DREAD model and estimates the final risk exposure after applying security countermeasures in the available digital infrastructures. This allows potential customers to rank these infrastructures in terms of security for their own specific use cases. We additionally present a method to validate the stability and resolution of our ranking system with respect to subjective choices of the DREAD model threat rating parameters. Our results show that our system is stable against unavoidable subjective choices of the DREAD model parameters for a specific use case, with a rank correlation higher than 0.93 and normalised mean square error lower than 0.05.

show abstract

Section: Related Workmentioning

confidence: 99%

“…There are studies proposing methodologies to assess the security levels provided by digital infrastructures, e.g. clouds [3][4][5]. These works only estimate the total security strength provided by the infrastructures according to the applied security countermeasures.…”

Section: Introductionmentioning

confidence: 99%

A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces

Zhang

Taal

Cushing

et al. 2021

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…This concept is coined as Security Coverage and has been formally established in Section 2.3. For detailed information on modules 1 and 2 of the offline risk assessment framework, readers are kindly referred to Reference .…”

Section: Cloud Migration Scenarios and Algorithm Designmentioning

confidence: 99%

Analysis of a cloud migration framework for offline risk assessment of cloud service providers

Sen

Madria

2020

Softw Pract Exp

Self Cite

View full text Add to dashboard Cite

Generic notions of security on cloud platforms make clients apprehensive about fully migrating their applications on these platforms. The challenge lies in the capability of personalizing the security assessments of different cloud service providers from the perspective of the security requirements of the client applications to be hosted on them. This challenge was addressed by the previously proposed offline risk assessment framework for cloud service providers. This article presents a comprehensive analysis of a cloud migration framework that has been designed by adapting the novel security assessment principles of the offline risk assessment framework. The migration strategy has been modeled as a multiobjective optimization problem to further study the performance of numerous evolutionary algorithms in designing various cloud migration scenarios. The overall effectiveness of the proposed framework has been examined using a use-case application scenario and semisynthetic cloud service providers. K E Y W O R D Scloud migration, cloud security, genetic algorithm, multiobjective optimization, risk assessment, sensitivity analysis 1 998

show abstract

“…A cloud user does not manage or control the underlying cloud infrastructure , but providers install and operate the application software. Example providers for this service include Salesforce, Facebook, and Google Apps .…”

Section: Problem Definitionmentioning

confidence: 99%

Failover strategy for fault tolerance in cloud computing environment

et al. 2017

View full text Add to dashboard Cite

Summary Cloud fault tolerance is an important issue in cloud computing platforms and applications. In the event of an unexpected system failure or malfunction, a robust fault‐tolerant design may allow the cloud to continue functioning correctly possibly at a reduced level instead of failing completely. To ensure high availability of critical cloud services, the application execution, and hardware performance, various fault‐tolerant techniques exist for building self‐autonomous cloud systems. In comparison with current approaches, this paper proposes a more robust and reliable architecture using optimal checkpointing strategy to ensure high system availability and reduced system task service finish time. Using pass rates and virtualized mechanisms, the proposed smart failover strategy (SFS) scheme uses components such as cloud fault manager, cloud controller, cloud load balancer, and a selection mechanism, providing fault tolerance via redundancy, optimized selection, and checkpointing. In our approach, the cloud fault manager repairs faults generated before the task time deadline is reached, blocking unrecoverable faulty nodes as well as their virtual nodes. This scheme is also able to remove temporary software faults from recoverable faulty nodes, thereby making them available for future request. We argue that the proposed SFS algorithm makes the system highly fault tolerant by considering forward and backward recovery using diverse software tools. Compared with existing approaches, preliminary experiment of the SFS algorithm indicates an increase in pass rates and a consequent decrease in failure rates, showing an overall good performance in task allocations. We present these results using experimental validation tools with comparison with other techniques, laying a foundation for a fully fault‐tolerant infrastructure as a service cloud environment. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

Off-Line Risk Assessment of Cloud Service Provider

Cited by 9 publications

References 4 publications

A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces

A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces

Analysis of a cloud migration framework for offline risk assessment of cloud service providers

Failover strategy for fault tolerance in cloud computing environment

Contact Info

Product

Resources

About