Loughborough University
Browse

Assessing data breach risk in cloud systems

Download (182.14 kB)
conference contribution
posted on 2016-06-02, 09:05 authored by Yogachandran RahulamathavanYogachandran Rahulamathavan, Muttukrishnan Rajarajan, Omer F. Rana, Malik S. Awan, Peter Burnap, Sajal K. Das
The emerging cloud market introduces a multitude of cloud service providers, making it difficult for consumers to select providers who are likely to be a low risk from a security perspective. Recently, significant emphasis has arisen on the need to specify Service Level Agreements that address security concerns of consumers (referred to as SecSLAs) - these are intended to clarify security support in addition to Quality of Service characteristics associated with services. It has been found that such SecSLAs are not consistent among providers, even though they offer services with similar functionality. However, measuring security service levels and the associated risk plays an important role when choosing a cloud provider. Data breaches have been identified as a high priority threat influencing the adoption of cloud computing. This paper proposes a general analysis framework which can compute risk associated with data breaches based on pre-agreed SecSLAs for different cloud providers. The framework exploits a tree based structure to identify possible attack scenarios that can lead to data breaches in the cloud and a means of assessing the use of potential mitigation strategies to reduce such breaches.

History

School

  • Loughborough University London

Published in

Proceedings - IEEE 7th International Conference on Cloud Computing Technology and Science, CloudCom 2015

Pages

363 - 370

Citation

RAHULAMATHAVAN, Y. ... et al., 2016. Assessing data breach risk in cloud systems. IN: Proceedings of 2015 7th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2015), Vancouver, Canada, 30 November-3 December 2015, pp.363-370.

Publisher

© IEEE

Version

  • AM (Accepted Manuscript)

Publisher statement

This work is made available according to the conditions of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) licence. Full details of this licence are available at: https://creativecommons.org/licenses/by-nc-nd/4.0/

Publication date

2016

Notes

© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

DOI

ISBN

9781467395601

Publisher version

Language

  • en

Administrator link

Usage metrics

    Loughborough Publications

    Categories

    No categories selected

    Keywords

    Cloud computingSecurity

    Licence

    CC BY-NC-ND 4.0

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC