Previous Page  24 / 36 Next Page
Information
Show Menu
Previous Page 24 / 36 Next Page
Page Background

Abstract

: Cyber security attacks are critical threats to cloud computing, which is

one of the biggest concerns for businesses to integrate and adopt cloud computing. In

order to ensure the security of cloud computing, the first step is to assess and

understand the effectiveness of existing cloud security controls and architectures. A

major issue in the development of resilient and secure cloud computing is the lack of

well-established security metrics, attack models, and security risk assessment

methodologies which are necessary to determine the effectiveness of security

mechanisms and protocols, assess the impact of combined vulnerabilities, and to

enhance the security based on these analyses. Many existing security risk assessment

techniques for cloud computing use a checklist manually, but the procedure is error

prone, and does not scale for larger dynamic networked system like cloud computing.

Most of the existing attack and defense metrics measure the security of static networked

systems. Hence, existing metrics may not be able to reflect and capture the essence of

dynamic nature of cloud computing. A cloud computing system can dynamically

allocate and change resources (e.g., migration of virtual machines), which is not well

studied in the existing security models. As a result, security posture of cloud computing

cannot be assessed accurately without taking into account dynamic changes. These

problems can be resolved by adopting new attack and defense modeling methodologies

coupled with security metrics in cloud computing, which can provide automated

security risk assessments. The overall objective of this research is to address

aforementioned challenges by developing novel attack and defense modeling methods,

security metrics, and ultimately incorporate these methods, models and metrics together

in a security risk assessment framework and tool. (i.e., how to assess the changes in

security risk of the cloud computing systems in a scalable and adaptable way). The

framework and tool will enable security decision makers of organizations to assess the

security risk of cloud computing in a scalable and adaptive manner more efficiently and

effectively to the existing methods.

Team:

Lead PI: Dr. Khaled Khan

PI: Dr. Noora Fetais,

PI: Dr. DongSeong Kim.

Security Risk Modeling and Assessment of Cloud Computing

Department Research

24

1 19 20 21 22 23 24 25 26 27 28 29 30 36  FlippingBook