|
|
|
|
A Risk Model For Cloud Processes
|
|
|
|
|
|
|
|
نویسنده
|
Damiani Ernesto ,Cimato Stelvio ,Gianini Gabriele
|
|
منبع
|
The Isc International Journal Of Information Security - 2014 - دوره : 6 - شماره : 2 - صفحه:99 -123
|
|
|
|
|
چکیده
|
Traditionally, risk assessment consists of evaluating the probability of fearedevents, corresponding to known threats and attacks, as well as these events'severity, corresponding to their impact on one or more stakeholders. assessingrisks of cloud-based processes is particularly difficult due to lack of historicaldata on attacks, which has prevented frequency-based identification oftypical threats and attack vectors. also, the dynamic, multi-party natureof cloud-based processes makes severity assessment very dependent on theparticular set of stakeholders involved in each process execution. in this paper,we tackle these problems by presenting a novel, process-oriented quantitativerisk assessment methodology aimed at disclosure risks on cloud computingplatforms. key advantages of our methodology include (i) a fully quantitativeand iterative approach, which enables stakeholders to compare alternativeversions of cloud-based processes (e.g., with and without security controls)(ii) non-frequency-based probability estimates, which allow analyzing threatsfor which a detailed history is not available (iii) support for quick visualcomparisons of risk profiles of alternative processes even when impact cannotbe exactly quantified.
|
|
کلیدواژه
|
Cloud Computing ,Value Of Information ,Risk Assessment ,Secure Computation.
|
|
آدرس
|
University Of Milan (Universita Degli Studi Di Milano), Department Of Computer Science, Italy, University Of Milan (Universita Degli Studi Di Milano), Department Of Computer Science, Italy, University Of Milan (Universita Degli Studi Di Milano), Department Of Computer Science, Italy
|
|
پست الکترونیکی
|
gabriele.gianini@unimi.it
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|