Risk Management on the Security Problem in Cloud Computing

Tanimoto, Shigeaki; Hiramoto, Manami; Iwashita, Motoi; Satō, Hiroyuki; Kanai, Atsushi

doi:10.1109/cnsi.2011.82

Cited by 38 publications

(13 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Analyst firm Gartner published a 2008 report on cloud computing where it warned customers to select their cloud computing provider very carefully and to consider seven specific security issues: privileged user access , regulatory compliance , data location , data segregation , recovery , investigative support , and long‐term viability . On the basis of previous studies , 32 risks were identified, some new and some pre‐existing . Some studies on cloud computing saw risks from the clients' perspective and identified 23 risks.…”

Section: Security Risk Assessment In Cloud Computingmentioning

confidence: 99%

“…Surveys conducted by the International Data Corporation (IDC) Enterprise Panel in 2008 and 2009 showed that Chief Information Officers (CIOs) consider confidentiality, availability, and reliability as primary concerns . Similarly, 70% of the respondents in a survey from Japan conferred their concerns on the security in cloud computing . In addition, the European Network and Information Security Agency conducted a survey of small and medium‐sized businesses, which confirmed that their major concern on cloud computing included data confidentiality and liability for incidents that involved the infrastructure .…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security risk assessment framework for cloud computing environments

Albakri

Shanmugam

Samy

et al. 2014

Security Comm Networks

View full text Add to dashboard Cite

Cloud computing has become today's most common technology buzzword. Despite the promises of cloud computing to decrease computing implementation costs and deliver computing as a service, which allows clients to pay only for what they need and use, cloud computing also raises many security concerns. Most popular risk assessment standards, such as ISO27005, NIST SP800‐30, and AS/NZS 4360, assume that an organization's assets are fully managed by the organization itself and that all security management processes are imposed by the organization. These assumptions, however, do not apply to cloud computing environments. Hence, this paper proposes a security risk assessment framework that can enable cloud service providers to assess security risks in the cloud computing environment and allow cloud clients to contribute in risk assessment. The proposed framework provides a more realistic and accurate risk assessment outcome by considering the cloud clients' evaluation of security risk factors and avoiding the complexity that can result from the involvement of clients in whole risk assessment process. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Section: Security Risk Assessment In Cloud Computingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Security risk assessment framework for cloud computing environments

Albakri

Shanmugam

Samy

et al. 2014

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…The model is built by representing communications as a directed graph and then established a matrix to discover the risk. Furthermore, in [23] a hybrid risk-analysis method based on decision tree analysis (quantities) and risk matrix (qualitative) is proposed for risk assessment. In this method, risk factor from a user's viewpoint is systematically extracted with the Risk Breakdown Structure (RBS) method then analyzed and evaluated.…”

Section: ) Risk Assessment As a Servicementioning

confidence: 99%

“…However, a simple method for qualitative or quantitative analysis will lead to the inaccuracy and one-sidedness of the evaluation results. Therefore, several studies used an integrated method of qualitative and quantitative analysis to assess risk in cloud environment [4], [20], [23], [30]. 3) Graphs analysis assessment: Graphs and mathematical models can be used to address and calculate security risk in clouds by simulating attacker possibilities.…”

Section: ) Risk Assessment As a Servicementioning

confidence: 99%

A Review of Security Risk Assessment Methods in Cloud Computing

Alturkistani

Emam

2014

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Abstract. The Cloud computing is a major technological trend that continues to evolve and flourish. It has potential benefits in achieving rapid and scalable resource provisioning capabilities as well as resource sharing. However, a number of security risk are emerging in association with cloud usage that need to be assessed before cloud computing is adopted. This paper presents a review of the security risk assessment methods in cloud computing. The paper aims to summarize, organize and classify the information available in the literature to identify any gaps in current research then suggest areas for further investigation. At the end, the paper suggests to have a collaborative security risk assessment method that will add great assistance to both service providers and consumers.

show abstract

“…Most of the information is processed and stored electronically and transmitted across company's network or internet. This is risky because of an attacker or business competitor can break security parameters in order to get access to the information [6], [7]. Vulnerability always exists in a system or application updates, and it may cause a security breach in the private information [8].…”

mentioning

confidence: 99%

Performance measurement of secure TFTP protocol for smart embedded devices

Pauzi

Isa

Hashim

et al. 2014

2014 IEEE Asia Pacific Conference on Wireless and Mobile

View full text Add to dashboard Cite

Trivial File Transfer Protocol (TFTP) is a client server protocol for transferring files between networked devices. A TFTP client can upload or download files to or from a remote server using the UDP transport protocol. Although it is simple to implement and is largely used in network booting, the TFTP provides no security features and it lacks most of the features of regular File Transfer Protocol (FTP). It does not support authentication or encryption process and allows public files to be accessible to all users on the network. In this work we propose to incorporate security into TFTP by the use of lightweight symmetric encryption for data encryption and asymmetric encryption for secret key exchange protocol that can be implemented in smart embedded devices. The performance of the secure TFTP in transferring files was measured as the packet size of encrypted data was varied from 32 bytes to 4096 bytes. A modification of packet header in the TFTP packet was required in order to implement encryption algorithms such as El-Gamal encryption scheme. The outcome of our experiment in ARM Embedded RaspberryPi shows that by adding encryption scheme or attestation in the TFTP protocol, it will not render the TFTP performance due to having an implementation of security protocol.

show abstract

Risk Management on the Security Problem in Cloud Computing

Cited by 38 publications

References 1 publication

Security risk assessment framework for cloud computing environments

Security risk assessment framework for cloud computing environments

A Review of Security Risk Assessment Methods in Cloud Computing

Performance measurement of secure TFTP protocol for smart embedded devices

Contact Info

Product

Resources

About