Skip to main content
SpringerLink
Log in

Models for Cloud Risk Assessment: A Tutorial

  • Chapter
  • First Online:
Accountability and Security in the Cloud (A4Cloud 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8937))

Included in the following conference series:

Abstract

Although the technology for cloud services has been maturing for more than a decade, many potential users still have some concerns about the security and especially privacy. Users need to analyze the risks to face prior to embracing the cloud concept. Recently, many organizations and researchers assessed the cloud risks. There are also both quantitative and qualitative models developed for this purpose. Our tutorial first introduces the definitions and then provides a survey on the results from cloud risk assessment efforts and risk models developed for cloud.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ENISA, Cloud Computing; Benefits, Risks and Recommendations for Information Security, 2009 Edition, June 2014. http://www.enisa.europe.eu

  2. CSA, The Notorious Nine Cloud Computing Top Threats in 2013, June 2014. https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf

  3. EU, Opinion 05/2012 on Cloud Computing (2012). http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp196_en.pdf

  4. CSA, Security, Trust & Assurance Registry (STAR), June 2014. https://cloudsecurityalliance.org/star/#_registry

  5. Kaplan, S., Garrick, B.J.: On the quantitative definition of risk. Risk Anal. 1(1), 11–27 (1981)

    Article  Google Scholar 

  6. Cayirci, E.: Joint trust and risk model for MSaaS mashups. In: Pasupathy, R., Kim, S.-H., Tolk, A., Hill, R., Kuhl, M.E. (eds.) Proceedings of the 2013 Winter Simulation Conference, pp. 1347–1358. Institute of Electrical and Electronics Engineers, Inc., Piscataway (2013)

    Chapter  Google Scholar 

  7. Cayirci, E., Garaga, A., Oliveira, A.S., Roudier, Y.: Cloud adopted risk assessment model. In: International Workshop on Advances in Cloud Computing Legislation, Accountability, Security and Privacy (CLASP) (2014)

    Google Scholar 

  8. Jansen, W., Grance, T.: Guidelines on security & Privacy, Draft Special Publication 800-144 NIST, US Department of Commerce (2011)

    Google Scholar 

  9. Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 131–144. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. DHS, DHS Risk Lexicon. Department of Homeland Security (2008)

    Google Scholar 

  11. Ezell, B.C., Bennet, S.P., Von Winterfeldt, D., Sokolowski, J., Collins, A.J.: Probabilistic risk analysis and terrorism risk. Risk Anal. 30(4), 575–589 (2010)

    Article  Google Scholar 

  12. Cayirci, E.: Modelling and Simulation as a Service: A Survey. In: Pasupathy, R., Kim, S.-H., Tolk, A., Hill, R., Kuhl, M.E. (eds.) Proceedings of the 2013 Winter Simulation Conference, pp. 389–400. Institute of Electrical and Electronics Engineers Inc, Piscataway (2013)

    Chapter  Google Scholar 

  13. Rousseau, D., Sitkin, S., Burt, R., Camerer, C.: Not so different after all: a cross-discipline view of trust. Acad. Manag. Rev. 23(3), 393–404 (1998)

    Article  Google Scholar 

  14. Pearson, S.: Privacy, security and trust in cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computting, Computer Communications and Networks, pp. 3–42. Springer-Verlag, New York (2012)

    Google Scholar 

  15. Rashidi, A., Movahhedinia, N.: A model for user trust in cloud computing. Int. J. Cloud Comput. Serv. Archit. (IJCCSA) 2(2), 1–8 (2012)

    Google Scholar 

  16. Li, W., Ping, L.: Trust model to enhance security and interoperability of cloud environment. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 69–79. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  17. Marsh, S.: Formalising Trust as a Computational Concept. Doctoral dissertation, University of Stirling (1994)

    Google Scholar 

  18. Banerjee, S., Mattmann, C., Medvidovic, N., Golubchik, L.: Leveraging architectural models to inject trust into software systems. In: Proceedings of the SESS 2005, pp. 1–7. ACM, New York (2005)

    Google Scholar 

  19. Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Acad. Manag. Rev. 20(3), 709–734 (1995)

    Google Scholar 

  20. Wang, Y., Lin, K.-J.: Reputation-oriented trustworthy computing in e-commerce environments. Internet Comput. 12(4), 55–59 (2008)

    Article  Google Scholar 

  21. Osterwalder, D.: Trust through evaluation and certification. Soc. Sci. Comput. Rev. 19(1), 32–46 (2001). Sage Publications, Inc.

    Article  Google Scholar 

  22. Singh, S., Morley, C.: Young australians’ privacy, security and trust in internet banking. In: Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group: Design: Open 24/7 (2009)

    Google Scholar 

  23. Ko, R.K.L., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., Lee, B.S.: TrustCloud: a framework for accountability and trust in cloud computing. In: 2nd IEEE Cloud Forum for Practitioners (ICFP) (2011)

    Google Scholar 

  24. Kandukuri, B.R., Paturi, R., Rakshit, V.A.: Cloud security issues. In: IEEE International Conference on Services Computing (2009)

    Google Scholar 

  25. Khan, K., Malluhi, Q.: Trust in cloud services: providing more controls to clients. IEEE Comput. 46(7), 94–96 (2013)

    Article  Google Scholar 

  26. Singhal, M., Chandrasekhar, S., Tingjian, G., Sandhu, R., Krishnan, R., Gail-Joon, A., Bertino, E.: Collaboration in multicloud computing environments: framework and security issues. IEEE Comput. Mag. 46(2), 76–84 (2013)

    Article  Google Scholar 

  27. Simmonds, P., Rezek, C., Reed, A.: Security Guidance for Critical Areas of Focus in Cloud Computing V3.0 (No. 3.0) (p. 177). Cloud Security Alliance (2011). http://www.cloudsecurityalliance.org/guidance/

  28. ISACA, COBIT 5: A Business Framework for the Governence and Management of Enterprise IT, June 2014. http://www.isaca.org/cobit/pages/default.aspx

  29. ISO/IEC 31010, Risk Management-Risk Assesment Techniques (2009 Edition), June 2014. https://www.iso.org/obp/ui/#iso:std:iso-iec:31010:ed-1:v1:en

  30. CSA, Consensus Assessment Initiative Questionnaire, June 2014. https://cloudsecurityalliance.org/research/cai/

  31. CNIL, Methodology for Privacy Risk Management: How to Implement the Data Protection Act, 2012 Edition, June 2014. http://www.cnil.fr/english/publications/guidelines/

  32. WEKA: Data Mining Software in Java, June 2014. http://www.cs.waikato.ac.nz/ml/weka/

Download references

Acknowledgments

This work was supported by EU FP7 Accountability for Cloud and Other Future Internet Services (A4Cloud) Project.

Author information

Authors and Affiliations

  1. Electrical and Computer Engineering Department, University of Stavanger, 4026, Stavanger, Norway

    Erdal Cayirci

Authors
  1. Erdal Cayirci
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Erdal Cayirci .

Editor information

Editors and Affiliations

  1. HP Labs, Bristol, United Kingdom

    Massimo Felici

  2. University of Malaga, Malaga, Spain

    Carmen Fernández-Gago

Appendix

Appendix

Table 1. ENISA’s list of risk scenarios and their categories.
Full size table
Table 2. ENISA’s list of vulnerabilities.
Full size table
Table 3. ENISA’s list of assets.
Full size table
Table 5. The mapping of CAIQ questions to ENISA vulnerabilities.
Full size table
Table 6. Mapping ENISA scenarios as privacy, security and service incidents.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Cayirci, E. (2015). Models for Cloud Risk Assessment: A Tutorial. In: Felici, M., Fernández-Gago, C. (eds) Accountability and Security in the Cloud. A4Cloud 2014. Lecture Notes in Computer Science(), vol 8937. Springer, Cham. https://doi.org/10.1007/978-3-319-17199-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17199-9_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17198-2

  • Online ISBN: 978-3-319-17199-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation