توضیحات
Risk Assessment on Cloud environments
Abstract
The cloud computing environment is an innovative scheme which presents various ways in technology that have caused a new way for cloud providers to transfer their services to cloud consumers in case of security risk assessment, so, taking into account of a current risk assessment tools to cloud computing is a very difficult task because of its various properties which challenge the effectiveness of risk assessment approaches. For this reason, there is a need of risk assessment models adapted to cloud computing and investigation of the frameworks of it. In the present work, we have investigated the papers about the risk assessment and models of risk assessment as well as aspects of deploying risk assessment in the cloud.
Furthermore, application of some common risk assessment frameworks for cloud computing have been presented.
ترجمه ماشینی چکیده:
محیط رایانش ابری طرحی نوآورانه است که روشهای مختلفی را در فناوری ارائه می دهد که باعث شده است ارائه دهندگان ابر خدمات جدیدی را در صورت ارزیابی ریسک امنیتی به مصرف کنندگان ابر منتقل کنند ، بنابراین ، با در نظر گرفتن ابزارهای ارزیابی ریسک فعلی ابر محاسبات به دلیل خواص مختلف آن که تأثیر روشهای ارزیابی ریسک را به چالش می کشد ، کار بسیار دشواری است. به همین دلیل ، نیاز به مدلهای ارزیابی ریسک متناسب با رایانش ابری و بررسی چارچوبهای آن وجود دارد. در کار حاضر ، ما مقالات مربوط به ارزیابی ریسک و مدل های ارزیابی ریسک و همچنین جنبه های استقرار ارزیابی ریسک در ابر را بررسی کرده ایم.
علاوه بر این ، استفاده از برخی از چارچوب های معمول ارزیابی ریسک برای محاسبات ابری ارائه شده است.
Contents
1- Introduction. 1
2- Risk assessment 3
3- Some aspects of deploying risk assessment in the cloud and models. 4
3-1- Risk-based access control 4
3-2- Security guaranty assessment model for a cloud environment 5
3-3- Information security risk assessment models in the cloud. 6
4- Risk assessment frameworks for cloud computing. 9
5- Conclusion. 14
6- References. 15
Cloud computing is known as a computing scheme that has changed the information and communications technology services development outlook. There are different applications that can be achieved by it. It is utilized to offer scalable, highly available, on-demand, and ubiquitous services, that develop between administrative boundaries. various interests like the ability to quickly extend a service, pay for resources for each utilization, and scale them on request, have achieved many to extend their services in the cloud. However, there are essential services such as financial, electricity, water, transportation, and health sectors that have precise security and resilience stipulations which have not considered wide-scale extension in the cloud. It should be noted that the outage of services like these may cause considerable damages in the fields of societal and economic losses. To host important infrastructure services in the cloud computing area, a cloud provider requires to offer guarantees that would be confident, in the areas of security, etc. Nevertheless, there are best practices for security evidence and auditing process only a snapshot of conditions. In environments with springy cloud, services have considered to continuous refinements and unpredictable variations that would alter the security posture of a service and override certificates. In this term, re-certification can be needed. However, it has heavy costs and critical infrastructure service providers are reluctant to immigrate essential services to the cloud environment [1]. To improve transparency and process guaranties that actions should be placed to ensure security, novel approaches to security evaluation are required. To investigate the security of services which are expended in the cloud needs an evaluation of complex multi-layered systems and services especially their dependences. This is an encouraging task that considers remarkable effort, in the cases of resources in both computational and human. There are different quantitative risk assessment methods. For example, in the Ref. [2] a SAEM method that is a cost-benefit assessment method for investigating security design decisions related on the comparison of a “threat index”, but it is based on some impractical assumptions. In the Ref. [3], a risk assessment method in the cloud has been suggested. Cloud computing environment defines several properties, which concern the effectiveness of current assessment approaches and the autonomic risk assessment is far away from the light because of the fact that the risk assessment is hard task to do [3]. In the Ref. [4], a framework that named SecAgreement has been presented. The framework provides cloud service providers to involve security in their SLA offerings that enhancing the likelihood that their services will be used. They have introduced and exemplified an algorithm with cloud service matchmaking to investigate this method facilities organizations to quantify risk, identify any policy compliance gaps that might exist, and as a result select the cloud services that best meet their security needs. In the Ref. [5], a methodology for doing security risk assessment for cloud computing architectures in deferent stages has been proposed in term of rules of Bayesian dependencies and the main purpose of this paper was to demonstrate how to compute the relative risk
(RR) after cloud adoption.
پروژه تحقیقی با موضوع ارزیابی ریسک در محیط های ابری و متدولوژی های آن به زبان انگلیسی توسط کارشناسان گروه ۱.۲.۳ پروژه پیاده سازی گردیده.
فایلهای پروژه به صورت کامل پس از خرید فایل بلافاصله در اختیار شما قرار خواهد گرفت.
دیدگاهها
هیچ دیدگاهی برای این محصول نوشته نشده است.