Full metadata record
DC FieldValueLanguage
dc.contributor.authorChih, Chi-Anen_US
dc.contributor.authorHuang, Yu-Lunen_US
dc.date.accessioned2017-04-21T06:48:18Z-
dc.date.available2017-04-21T06:48:18Z-
dc.date.issued2015en_US
dc.identifier.isbn978-1-4673-9598-4en_US
dc.identifier.urihttp://dx.doi.org/10.1109/QRS-C.2015.27en_US
dc.identifier.urihttp://hdl.handle.net/11536/136031-
dc.description.abstractAlthough cloud computing technologies provide many advantages for organizations, security is still a barrier for wide-spread adoption to the public. Many cloud systems suffer from various attacks, including unauthorized data modification, denial of service, etc. The existing researches use risk assessments to evaluate the security of a cloud environment either from a CSP\'s viewpoint or from a user\'s point of view. The results of these works may not be precise enough, nor can they satisfy both CSP\'s and user\'s security requirements. We propose an Adjustable Cloud Risk Assessment systeM (ACRAM) for Cloud Service Providers (CSPs) and users to assess the cloud security. ACRAM consists of a risk assessment module running at two modes (Offline or Online mode) with the help of Security Service Level Agreement (SecSLA) signed by the CSP and the cloud user. The Offline mode is used for assessing the risk of a cloud based on the historical software vulnerabilities, while the Online mode is for assessing the risk of a cloud system at RUNTIME. To explain how ACRAM works for altering the potential threats in a cloud system, we conduct an experiment using different weights in Confidentiality (C), Integrity (I) and Availability (A). The results show that 1) CSP can protect future users from being co-located with a possible attacker; 2) CSP can take some risk mitigation to meet a user\'s requirements and keep the user from being attacked.en_US
dc.language.isoen_USen_US
dc.titleAn Adjustable Risk Assessment Method for a Cloud Systemen_US
dc.typeProceedings Paperen_US
dc.identifier.doi10.1109/QRS-C.2015.27en_US
dc.identifier.journal2015 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY - COMPANION (QRS-C 2015)en_US
dc.citation.spage115en_US
dc.citation.epage120en_US
dc.contributor.department電控工程研究所zh_TW
dc.contributor.departmentInstitute of Electrical and Control Engineeringen_US
dc.identifier.wosnumberWOS:000380444500014en_US
dc.citation.woscount0en_US
Appears in Collections:Conferences Paper