Spiral^SRA: A Threat-Specific Security Risk Assessment Framework for the Cloud

Armstrong Nhlabatsi, Jin Bum Hong, Dong Seong Kim, Rachael Fernandez, Noora Fetais, Khaled M.D. Khan

Research output: Chapter in Book/Conference paperConference paper

Abstract

Conventional security risk assessment approaches for cloud infrastructures do not explicitly consider risk with respect to specific threats. This is a challenge for a cloud provider because it may apply the same risk assessment approach in assessing the risk of all of its clients. In practice, the threats faced by each client may vary depending on their security requirements. The cloud provider may also apply generic mitigation strategies that are not guaranteed to be effective in thwarting specific threats for different clients. This paper proposes a threat-specific risk assessment framework which evaluates the risk with respect to specific threats by considering only those threats that are relevant to a particular cloud client. The risk assessment process is divided into three phases which have inter-related activities arranged in a spiral. Application of the framework to a cloud deployment case study shows that considering risk with respect to specific threats leads to a more accurate quantification of security risk. Although our framework is motivated by risk assessment challenges in the cloud it can be applied in any network environment.
Original languageEnglish
Title of host publicationIEEE International Conference on Software Quality, Reliability and Security (QRS)
Place of PublicationPortugal
PublisherWiley-IEEE Press
ISBN (Electronic)9781538677575
ISBN (Print)9781538677582
DOIs
Publication statusPublished - 2018
Event2018 IEEE International Conference on Software Quality, Reliability and Security - Lisbon, Portugal
Duration: 16 Jul 201820 Jul 2018

Conference

Conference2018 IEEE International Conference on Software Quality, Reliability and Security
Abbreviated titleQRS2018
CountryPortugal
CityLisbon
Period16/07/1820/07/18

Fingerprint

Risk assessment

Cite this

Nhlabatsi, A., Hong, J. B., Kim, D. S., Fernandez, R., Fetais, N., & Khan, K. M. D. (2018). Spiral^SRA: A Threat-Specific Security Risk Assessment Framework for the Cloud. In IEEE International Conference on Software Quality, Reliability and Security (QRS) Portugal: Wiley-IEEE Press. https://doi.org/10.1109/QRS.2018.00049
Nhlabatsi, Armstrong ; Hong, Jin Bum ; Kim, Dong Seong ; Fernandez, Rachael ; Fetais, Noora ; Khan, Khaled M.D. / Spiral^SRA: A Threat-Specific Security Risk Assessment Framework for the Cloud. IEEE International Conference on Software Quality, Reliability and Security (QRS). Portugal : Wiley-IEEE Press, 2018.
@inproceedings{d177a12570db406ca5bce9c49312ea43,
title = "Spiral^SRA: A Threat-Specific Security Risk Assessment Framework for the Cloud",
abstract = "Conventional security risk assessment approaches for cloud infrastructures do not explicitly consider risk with respect to specific threats. This is a challenge for a cloud provider because it may apply the same risk assessment approach in assessing the risk of all of its clients. In practice, the threats faced by each client may vary depending on their security requirements. The cloud provider may also apply generic mitigation strategies that are not guaranteed to be effective in thwarting specific threats for different clients. This paper proposes a threat-specific risk assessment framework which evaluates the risk with respect to specific threats by considering only those threats that are relevant to a particular cloud client. The risk assessment process is divided into three phases which have inter-related activities arranged in a spiral. Application of the framework to a cloud deployment case study shows that considering risk with respect to specific threats leads to a more accurate quantification of security risk. Although our framework is motivated by risk assessment challenges in the cloud it can be applied in any network environment.",
author = "Armstrong Nhlabatsi and Hong, {Jin Bum} and Kim, {Dong Seong} and Rachael Fernandez and Noora Fetais and Khan, {Khaled M.D.}",
year = "2018",
doi = "10.1109/QRS.2018.00049",
language = "English",
isbn = "9781538677582",
booktitle = "IEEE International Conference on Software Quality, Reliability and Security (QRS)",
publisher = "Wiley-IEEE Press",

}

Nhlabatsi, A, Hong, JB, Kim, DS, Fernandez, R, Fetais, N & Khan, KMD 2018, Spiral^SRA: A Threat-Specific Security Risk Assessment Framework for the Cloud. in IEEE International Conference on Software Quality, Reliability and Security (QRS). Wiley-IEEE Press, Portugal, 2018 IEEE International Conference on Software Quality, Reliability and Security, Lisbon, Portugal, 16/07/18. https://doi.org/10.1109/QRS.2018.00049

Spiral^SRA: A Threat-Specific Security Risk Assessment Framework for the Cloud. / Nhlabatsi, Armstrong; Hong, Jin Bum; Kim, Dong Seong; Fernandez, Rachael; Fetais, Noora; Khan, Khaled M.D.

IEEE International Conference on Software Quality, Reliability and Security (QRS). Portugal : Wiley-IEEE Press, 2018.

Research output: Chapter in Book/Conference paperConference paper

TY - GEN

T1 - Spiral^SRA: A Threat-Specific Security Risk Assessment Framework for the Cloud

AU - Nhlabatsi, Armstrong

AU - Hong, Jin Bum

AU - Kim, Dong Seong

AU - Fernandez, Rachael

AU - Fetais, Noora

AU - Khan, Khaled M.D.

PY - 2018

Y1 - 2018

N2 - Conventional security risk assessment approaches for cloud infrastructures do not explicitly consider risk with respect to specific threats. This is a challenge for a cloud provider because it may apply the same risk assessment approach in assessing the risk of all of its clients. In practice, the threats faced by each client may vary depending on their security requirements. The cloud provider may also apply generic mitigation strategies that are not guaranteed to be effective in thwarting specific threats for different clients. This paper proposes a threat-specific risk assessment framework which evaluates the risk with respect to specific threats by considering only those threats that are relevant to a particular cloud client. The risk assessment process is divided into three phases which have inter-related activities arranged in a spiral. Application of the framework to a cloud deployment case study shows that considering risk with respect to specific threats leads to a more accurate quantification of security risk. Although our framework is motivated by risk assessment challenges in the cloud it can be applied in any network environment.

AB - Conventional security risk assessment approaches for cloud infrastructures do not explicitly consider risk with respect to specific threats. This is a challenge for a cloud provider because it may apply the same risk assessment approach in assessing the risk of all of its clients. In practice, the threats faced by each client may vary depending on their security requirements. The cloud provider may also apply generic mitigation strategies that are not guaranteed to be effective in thwarting specific threats for different clients. This paper proposes a threat-specific risk assessment framework which evaluates the risk with respect to specific threats by considering only those threats that are relevant to a particular cloud client. The risk assessment process is divided into three phases which have inter-related activities arranged in a spiral. Application of the framework to a cloud deployment case study shows that considering risk with respect to specific threats leads to a more accurate quantification of security risk. Although our framework is motivated by risk assessment challenges in the cloud it can be applied in any network environment.

UR - http://www.wikicfp.com/cfp/servlet/event.showcfp?eventid=73170&copyownerid=73378

U2 - 10.1109/QRS.2018.00049

DO - 10.1109/QRS.2018.00049

M3 - Conference paper

SN - 9781538677582

BT - IEEE International Conference on Software Quality, Reliability and Security (QRS)

PB - Wiley-IEEE Press

CY - Portugal

ER -

Nhlabatsi A, Hong JB, Kim DS, Fernandez R, Fetais N, Khan KMD. Spiral^SRA: A Threat-Specific Security Risk Assessment Framework for the Cloud. In IEEE International Conference on Software Quality, Reliability and Security (QRS). Portugal: Wiley-IEEE Press. 2018 https://doi.org/10.1109/QRS.2018.00049