Multilevel classification of security concerns in cloud computing

详细信息    查看全文

• 作者：Syed Asad Hussain^a ; ^{asadhussain@ciitlahore.edu.pk} ; Mehwish Fatima^a ; ^{mehwish.fatima@ciitlahore.edu.pk} ; Atif Saeed^b ; ^{a.saeed2@lancs.ac.uk} ; Imran Raza^a ; ^{iraza@ciitlahore.edu.pk} ; Raja Khurram Shahzad^c ; ^{khurram.shahzad@bth.se}
• 关键词：Cloud computing ; Security ; Virtualization ; SaaS ; PaaS ; IaaS
• 刊名：Applied Computing and Informatics
• 出版年：2017
• 出版时间：January 2017
• 年：2017
• 卷：13
• 期：1
• 页码：57-65
• 全文大小：811 K
• 卷排序：13

文摘

Threats jeopardize some basic security requirements in a cloud. These threats generally constitute privacy breach, data leakage and unauthorized data access at different cloud layers. This paper presents a novel multilevel classification model of different security attacks across different cloud services at each layer. It also identifies attack types and risk levels associated with different cloud services at these layers. The risks are ranked as low, medium and high. The intensity of these risk levels depends upon the position of cloud layers. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services. The multilevel classification model leads to the provision of dynamic security contract for each cloud layer that dynamically decides about security requirements for cloud consumer and provider.