TY - GEN
T1 - Threat assessment in the cloud environment - A quantitative approach for security pattern selection
AU - Anand, Priya
AU - Ryoo, Jungwoo
AU - Kim, Hyoungshick
AU - Kim, Eunhyun
N1 - Funding Information:
The Authors would like to thank William Aiken for his reviews and helpful comments. This material is based upon work supported by the National Science Foundation under Grant No. (1514568). This work was also supported in part by the National Research Foundation of Korea (No. 2014R1A1A1003707), the ITRC (IITP-2015-H8501-15-1008), and the NIPA (NIPA-2014-H0301-14-1010). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the aforementioned agencies.
Publisher Copyright:
Copyright 2016 ACM.
PY - 2016/1/4
Y1 - 2016/1/4
N2 - Cloud computing has emerged as a fast-growing technology in the past few years. It provides a great flexibility for storing, sharing and delivering data over the Internet without investing on new technology or resources. In spite of the development and wide array of cloud usage, security perspective of cloud computing still remains its infancy. Security challenges faced by cloud environment becomes more complicated when we include various stakeholders' perspectives. In a cloud environment, security perspectives and requirements are usually designed by software engineers or security experts. Sometimes clients' requirements are either ignored or given a very high importance. In order to implement cloud security by providing equal importance to client organizations, software engineers and security experts, we propose a new methodology in this paper. We use Microsoft's STRIDE-DREAD model to assess threats existing in the cloud environment and also to measure its consequences. Our aim is to rank the threats based on the nature of its severity, and also giving a significant importance for clients' requirements on security perspective. Our methodology would act as a guiding tool for security experts and software engineers to proceed with securing process especially for a private or a hybrid cloud. Once threats are ranked, we provide a link to a well-known security pattern classification. Although we have some security pattern classification schemes in the literature, we need a methodology to select a particular category of patterns. In this paper, we provide a novel methodology to select a set of security patterns for securing a cloud software. This methodology could aid a security expert or a software professional to assess the current vulnerability condition and prioritize by also including client's security requirements in a cloud environment.
AB - Cloud computing has emerged as a fast-growing technology in the past few years. It provides a great flexibility for storing, sharing and delivering data over the Internet without investing on new technology or resources. In spite of the development and wide array of cloud usage, security perspective of cloud computing still remains its infancy. Security challenges faced by cloud environment becomes more complicated when we include various stakeholders' perspectives. In a cloud environment, security perspectives and requirements are usually designed by software engineers or security experts. Sometimes clients' requirements are either ignored or given a very high importance. In order to implement cloud security by providing equal importance to client organizations, software engineers and security experts, we propose a new methodology in this paper. We use Microsoft's STRIDE-DREAD model to assess threats existing in the cloud environment and also to measure its consequences. Our aim is to rank the threats based on the nature of its severity, and also giving a significant importance for clients' requirements on security perspective. Our methodology would act as a guiding tool for security experts and software engineers to proceed with securing process especially for a private or a hybrid cloud. Once threats are ranked, we provide a link to a well-known security pattern classification. Although we have some security pattern classification schemes in the literature, we need a methodology to select a particular category of patterns. In this paper, we provide a novel methodology to select a set of security patterns for securing a cloud software. This methodology could aid a security expert or a software professional to assess the current vulnerability condition and prioritize by also including client's security requirements in a cloud environment.
UR - http://www.scopus.com/inward/record.url?scp=84965047405&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84965047405&partnerID=8YFLogxK
U2 - 10.1145/2857546.2857552
DO - 10.1145/2857546.2857552
M3 - Conference contribution
AN - SCOPUS:84965047405
T3 - ACM IMCOM 2016: Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication
BT - ACM IMCOM 2016
PB - Association for Computing Machinery, Inc
T2 - 10th International Conference on Ubiquitous Information Management and Communication, IMCOM 2016
Y2 - 4 January 2016 through 6 January 2016
ER -