Skip to main content
Article
Assessing Data Breach Risk in Cloud Systems
Proceedings of the IEEE 7th International Conference on Cloud Computing Technology and Science (2015, Vancouver, Canada)
  • Yogachandran Rahulamathavan
  • Muttukrishnan Rajarajan
  • Omer F. Rana
  • Malik S. Awan
  • Pete Burnap
  • Sajal K. Das, Missouri University of Science and Technology
Abstract

The emerging cloud market introduces a multitude of cloud service providers, making it difficult for consumers to select providers who are likely to be a low risk from a security perspective. Recently, significant emphasis has arisen on the need to specify Service Level Agreements that address security concerns of consumers (referred to as SecSLAs) - these are intended to clarify security support in addition to Quality of Service characteristics associated with services. It has been found that such SecSLAs are not consistent among providers, even though they offer services with similar functionality. However, measuring security service levels and the associated risk plays an important role when choosing a cloud provider. Data breaches have been identified as a high priority threat influencing the adoption of cloud computing. This paper proposes a general analysis framework which can compute risk associated with data breaches based on pre-agreed SecSLAs for different cloud providers. The framework exploits a tree based structure to identify possible attack scenarios that can lead to data breaches in the cloud and a means of assessing the use of potential mitigation strategies to reduce such breaches.

Meeting Name
IEEE 7th International Conference on Cloud Computing Technology and Science, CloudCom 2015 (2015: Nov. 30-Dec. 3, Vancouver, Canada)
Department(s)
Computer Science
Keywords and Phrases
  • Cloud computing,
  • Quality of service,
  • Trees (mathematics),
  • Analysis frameworks,
  • Attack scenarios,
  • Cloud service providers,
  • Mitigation strategy,
  • Security services,
  • Security support,
  • Service Level Agreements,
  • Tree-based structures,
  • Risk assessment
International Standard Book Number (ISBN)
978-1-4673-9560-1
Document Type
Article - Conference proceedings
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2015 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.
Publication Date
11-1-2015
Disciplines
Citation Information
Yogachandran Rahulamathavan, Muttukrishnan Rajarajan, Omer F. Rana, Malik S. Awan, et al.. "Assessing Data Breach Risk in Cloud Systems" Proceedings of the IEEE 7th International Conference on Cloud Computing Technology and Science (2015, Vancouver, Canada) (2015) p. 363 - 370
Available at: http://works.bepress.com/sajal-das/27/