Threat assessment in the cloud environment - A quantitative approach for security pattern selection

Priya Anand, Jungwoo Ryoo, Hyoungshick Kim, Eunhyun Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Cloud computing has emerged as a fast-growing technology in the past few years. It provides a great flexibility for storing, sharing and delivering data over the Internet without investing on new technology or resources. In spite of the development and wide array of cloud usage, security perspective of cloud computing still remains its infancy. Security challenges faced by cloud environment becomes more complicated when we include various stakeholders' perspectives. In a cloud environment, security perspectives and requirements are usually designed by software engineers or security experts. Sometimes clients' requirements are either ignored or given a very high importance. In order to implement cloud security by providing equal importance to client organizations, software engineers and security experts, we propose a new methodology in this paper. We use Microsoft's STRIDE-DREAD model to assess threats existing in the cloud environment and also to measure its consequences. Our aim is to rank the threats based on the nature of its severity, and also giving a significant importance for clients' requirements on security perspective. Our methodology would act as a guiding tool for security experts and software engineers to proceed with securing process especially for a private or a hybrid cloud. Once threats are ranked, we provide a link to a well-known security pattern classification. Although we have some security pattern classification schemes in the literature, we need a methodology to select a particular category of patterns. In this paper, we provide a novel methodology to select a set of security patterns for securing a cloud software. This methodology could aid a security expert or a software professional to assess the current vulnerability condition and prioritize by also including client's security requirements in a cloud environment.

Original languageEnglish (US)
Title of host publicationACM IMCOM 2016
Subtitle of host publicationProceedings of the 10th International Conference on Ubiquitous Information Management and Communication
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450341424
DOIs
StatePublished - Jan 4 2016
Event10th International Conference on Ubiquitous Information Management and Communication, IMCOM 2016 - Danang, Viet Nam
Duration: Jan 4 2016Jan 6 2016

Publication series

NameACM IMCOM 2016: Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication

Other

Other10th International Conference on Ubiquitous Information Management and Communication, IMCOM 2016
CountryViet Nam
CityDanang
Period1/4/161/6/16

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems

Cite this

Anand, P., Ryoo, J., Kim, H., & Kim, E. (2016). Threat assessment in the cloud environment - A quantitative approach for security pattern selection. In ACM IMCOM 2016: Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication [a5] (ACM IMCOM 2016: Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication). Association for Computing Machinery, Inc. https://doi.org/10.1145/2857546.2857552