### Metric model for cloud computing security risk assessment

RUAN Shu-hua1,2, WENG Jun-hao2*, MAO Hui2, CHEN Xue-lian2

1. 1. Cybersecurity Research Institute, Sichuan University, Chengdu 610065, Sichuan, China;
2. College of Computer Science, Sichuan University, Chengdu 610065, Sichuan, China
• Received:2017-08-28 Online:2018-03-20 Published:2018-03-13

Abstract: From three aspects related to cloud computing of policies, management and technologies, an indicator system of cloud security risk assessment is established for the security risk assessment problem in cloud computing environment. A metric model of security risk in cloud computing environment is established by fusing Delphi method, fuzzy analytical hierarchy process and fuzzy comprehensive evaluation method. Measurement results of risk instances show that the metric model could provide effective quantitative evaluation for the security risk assessment in cloud computing environment.

CLC Number:

• TP309
 [1] 付沙,杨波,李博. 基于灰色模糊理论的信息系统安全风险评估研究[J]. 现代情报,2013,33(7): 34-37. FU Sha, YANG Bo, LI Bo. Information system security risk assessment based on grey fuzzy theory[J]. Journal of Modem Information, 2013, 33(7): 34-37.[2] 李鑫,李京春,郑雪峰,等. 一种基于层次分析法的信息系统漏洞量化评估方法[J].计算机科学,2012,39(7): 58-63. LI Xin, LI Jingchun, ZHENG Xuefeng, et al. Analytic hierarchy process(AHP)-based vulnerability quantitative assessment method for information systems[J]. Computer Science, 2012, 39(7): 58-63.[3] 龚德忠.云计算安全风险评估的模型分析[J].湖北警官学院学报,2011(6): 85-86. GONG Dezhong. Model analysis of cloud computing security risk assessment[J]. Journal of Hubei University of Police, 2011(6): 85-86. [4] 汪兆成. 基于云计算模式的信息安全风险评估研究[J]. 信息网络安全,2011(9): 56-60. WANG Zhaocheng. Research on information security risk assessment based on cloud computing model[J]. Netinfo Security, 2011(9): 56-60.[5] 姜政伟,赵文瑞.基于等级保护的云计算安全评估模型[J].计算机科学,2013,40(8): 151-156. JIANG Zhengwei, ZHAO Wenrui. Model for cloud computing security assessment based on classified protection[J]. Computer Science, 2013, 40(8): 151-156.[6] 姜茸,马自飞,李彤,等.云计算技术安全风险评估研究[J]. 电子技术应用,2015,41(3): 111-115. JIANG Rong, MA Zifei, LI Tong, et al. Study on security risk assessment for technology of cloud computing[J]. Application of Electronic Technique, 2015, 41(3): 111-115.[7] 付钰,吴晓平, 叶清,等. 基于模糊集与熵权理论的信息系统安全风险评估研究[J]. 电子学报,2010,38(7): 1489-1494. FU Yu, WU Xiaoping, YE Qing, et al. An approach for information systems security risk assessment on fuzzy set and Entropy-Weight[J]. Chinese Journal of Electronics, 2010, 38(7):1489-1494.[8] 全国信息安全标准化技术委员会. GB/T 31509-2015 信息安全技术 信息安全风险评估实施指南[S]. 北京:中国标准出版社,2015. National Information Security Standardization Technical Committee. GB/T 31509-2015 Information Security Technology Information Security Risk Assessment Implementation Guide[S]. Beijing: China Standard Press, 2015.[9] 全国信息安全标准化技术委员会. GB/T 31167-2014 信息安全技术 云计算服务安全指南[S]. 北京:中国标准出版社,2014. National Information Security Standardization Technical Committee. GB/T 31167-2014 Information Security Technology Cloud Computing Services Security Guide[S]. Beijing: China Standard Press, 2014.[10] 全国信息安全标准化技术委员会.GB/T 31168-2014信息安全技术 云计算服务安全能力要求[S]. 北京:中国标准出版社, 2014. National Information Security Standardization Technical Committee. GB/T 31168-2014 Information Security Technology Cloud Computing Services Security Capability Requirements[S]. Beijing: China Standard Press, 2014.[11] CSA.The notorious nine: cloud computing top threats in 2013[R]. CSA, 2013.[12] ENISA.Cloud computing: benefits, risks and recommendations for information security[R]. ENISA, December, 2012.
 [1] YANG Shu-mian, WANG Lian-hai, ZHANG Shu-hui, XU Shu-jiang, LIU Guang-qi. A real-time monitoring and forensics method under the IaaS model [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 84-91. [2] WU Di, WANG Li-na, YU Rong-wei, ZHANG Xin, XU Lai. Multidimensional data visualization in cloud platform security monitoring [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 56-63. [3] SUN Xiao-chuan, WANG De-liang, WANG Yuan-lan, ZHAN Hui-ying. Research into the accumulative levels about Cd,Pb in Channa argus and Siniperca chuatsi from the East Dongting Lake [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(7): 137-142.
Viewed
Full text

Abstract

Cited

Shared
Discussed