Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms

Fall, Doudou; Okuda, Takashi; Kadobayashi, Youki; Yamaguchi, Suguru

doi:10.2197/ipsjjip.23.465

Cited by 4 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the operation record Y′ will not always equal the operation plan X′ due to incidents from risks. Mutual information for security can be defined in the same way as (9), (10) and can be used to evaluate an operation. H Security (X′), defined in (7) or (8), is the entropy inside the operation plan, and H Security (X′|Y ′) is the entropy due to the uncertainty in the actual operation, independent from the operation plan.…”

Section: Comprehending An Operation In the Formalized Syntax On Securmentioning

confidence: 99%

“…Although quantitative evaluation methods on security have been proposed for specific domains such as information infrastructure [8][9][10][11], building crime prevention [12,13], energy supplies [14,15], and food security [16], these conditional quantitative evaluation metrics are domain-limited and are not suitable for a holistic evaluation of security. In addition, although various metrics for safety [17], such as STAMP or STPA, have been developed in the field of safety engineering, they assume that the main objective of these metrics is safety.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Comprehending Security through Shannon’s Communication Model

Amari

2020

IJAE

View full text Add to dashboard Cite

Security in almost every field has often been implemented in a haphazard manner because a systematic approach has not yet been developed. To address this problem, we propose a context insensitive definition of security from a phenomenological perspective as well as its mathematical model through which we can understand the essence of security. Formalized syntax on security can be viewed as maintaining smooth operations even in the face of disturbances. Applying information theory to this syntax, we derive a mathematical model applicable to any situation where the term "security" appears and can understand what security is. Syntactic similarity between communication and security allows us to understand the essence of security and also to quantify security. These understandings free security from ad-hoc ways or best practices, limited to a single domain and not well-defined, depending on the Kansei, or intuition of the person in charge.

show abstract

Section: Comprehending An Operation In the Formalized Syntax On Securmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Comprehending Security through Shannon’s Communication Model

Amari

2020

IJAE

View full text Add to dashboard Cite

show abstract

“…We also excluded papers whose major contributions were centered on security risk management in the cloud, namely, "Something-as-a-Service". Examples include the following works: "A security as a service solution for the application in the cloud computing environment," by Chen et al [63], "Security in the cloud: understanding the risks of cloud as a service," by Peake [64], "On cloud security attacks: a taxonomy and intrusion detection and prevention as a service" by Iqbal et al [65], "Security risk quantification mechanism for infrastructure as a service in cloud computing platforms," by Fall et al [66]. Others include: Tang and Liu [9], Hussain and Abdul Salam [67], Senk [68], Al-Qurishi [69], Duan [70], Karadsheh [71], Elsayed and Zulkernine [72], and Benlian and Hess [73].…”

mentioning

confidence: 99%

Cloud-Based Business Process Security Risk Management: A Systematic Review, Taxonomy, and Future Directions

et al. 2021

View full text Add to dashboard Cite

Despite the attractive benefits of cloud-based business processes, security issues, cloud attacks, and privacy are some of the challenges that prevent many organizations from using this technology. This review seeks to know the level of integration of security risk management process at each phase of the Business Process Life Cycle (BPLC) for securing cloud-based business processes; usage of an existing risk analysis technique as the basis of risk assessment model, usage of security risk standard, and the classification of cloud security risks in a cloud-based business process. In light of these objectives, this study presented an exhaustive review of the current state-of-the-art methodology for managing cloud-based business process security risk. Eleven electronic databases (ACM, IEEE, Science Direct, Google Scholar, Springer, Wiley, Taylor and Francis, IEEE cloud computing Conference, ICSE conference, COMPSAC conference, ICCSA conference, Computer Standards and Interfaces Journal) were used for the selected publications. A total of 1243 articles were found. After using the selection criteria, 93 articles were selected, while 17 articles were found eligible for in-depth evaluation. For the results of the business process lifecycle evaluation, 17% of the approaches integrated security risk management into one of the phases of the business process, while others did not. For the influence of the results of the domain assessment of risk management, three key indicators (domain applicability, use of existing risk management techniques, and integration of risk standards) were used to substantiate our findings. The evaluation result of domain applicability showed that 53% of the approaches had been testing run in real-time, thereby making these works reusable. The result of the usage of existing risk analysis showed that 52.9% of the authors implemented their work using existing risk analysis techniques while 29.4% of the authors partially integrated security risk standards into their work. Based on these findings and results, security risk management, the usage of existing security risk management techniques, and security risk standards should be integrated with business process phases to protect against security issues in cloud services.

show abstract

Simple and compact flow fingerprinting robust to transit through low-latency anonymous networks

Yang

Vasserman

2016

2016 13th IEEE Annual Consumer Communications &Amp; Networking Conference (CCNC)

View full text Add to dashboard Cite

Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms

Cited by 4 publications

References 21 publications

Comprehending Security through Shannon’s Communication Model

Comprehending Security through Shannon’s Communication Model

Cloud-Based Business Process Security Risk Management: A Systematic Review, Taxonomy, and Future Directions

Simple and compact flow fingerprinting robust to transit through low-latency anonymous networks

Contact Info

Product

Resources

About