Cloud-Trust—a Security Assessment Model for Infrastructure as a Service (IaaS) Clouds
Open Access
- 30 March 2015
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Cloud Computing
- Vol. 5 (3), 523-536
- https://doi.org/10.1109/tcc.2015.2415794
Abstract
The vulnerability of cloud computing systems (CCSs) to advanced persistent threats (APTs) is a significant concern to government and industry. We present a cloud architecture reference model that incorporates a wide range of security controls and best practices, and a cloud security assessment model-Cloud-Trust-that estimates high level security metrics to quantify the degree of confidentiality and integrity offered by a CCS or cloud service provider (CSP). Cloud-Trust is used to assess the security level of four multi-tenant IaaS cloud architectures equipped with alternative cloud security controls. Results show the probability of CCS penetration (high value data compromise) is high if a minimal set of security controls are implemented. CCS penetration probability drops substantially if a cloud defense in depth security architecture is adopted that protects virtual machine (VM) images at rest, strengthens CSP and cloud tenant system administrator access controls, and which employs other network security controls to minimize cloud network surveillance and discovery of live VMs.Keywords
Funding Information
- Institute of information and infrastructure protection (I3P)
- Department of Homeland Security (DHS)
- National Cyber Security Division
- RAND Corporation
- DHS (2006-CS-001-000001)
- Johns Hopkins University
- Dartmouth University
- Binghamton University (SUNY)
This publication has 17 references indexed in Scilit:
- Cloud Migration Research: A Systematic ReviewIEEE Transactions on Cloud Computing, 2013
- All your clouds are belong to usPublished by Association for Computing Machinery (ACM) ,2011
- SPARCPublished by Association for Computing Machinery (ACM) ,2011
- Security risk analysis of enterprise networks using probabilistic attack graphsPublished by National Institute of Standards and Technology (NIST) ,2011
- Locking the sky: a survey on IaaS cloud securityComputing, 2010
- Hey, you, get off of my cloudPublished by Association for Computing Machinery (ACM) ,2009
- Virtualization securityPublished by Association for Computing Machinery (ACM) ,2009
- Measuring network security using dynamic bayesian networkPublished by Association for Computing Machinery (ACM) ,2008
- Bayesian NetworksPublished by Wiley ,2007
- Automated generation and analysis of attack graphsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005