A QUANTITATIVE METHODOLOGY TO ASSESS THE IMPORTANCE OF SECURITY VULNERABILITY OF CLOUD SERVICES

Published 29 FEB 2020 •  vol 13  •  no 2  • 


Authors:

 

Kwang-Kyu Seo, Department of Management Engineering, Sangmyung University, Republic of Korea

Abstract:

 

Cloud services continue to change the business paradigm to use computing resources, such as infrastructure, platforms and applications using the network access. However, they have created new security threats and challenges. Security in cloud services is becoming increasingly important, and it is necessary to assess the importance of security vulnerabilities. Thus, analysis and evaluation of security vulnerabilities should be conducted with protection plans that provide objective data and information required to establish measures for information protection for each business and consider the impact on their respective responsibilities. This paper presents a quantitative methodology to assess the importance of security vulnerabilities of cloud services. The proposed methodology can calculate weakness scores of vulnerabilities that reflect the business impacts. With this methodology, it is possible to evaluate vulnerability items of cloud services quantitatively. Eventually, the proposed methodology is expected to help establish security policies for both cloud service providers and users.

Keywords:

 

Quantitative Framework, Importance, Vulnerability, Security, Threat, Business Impact, Cloud Service

References:

 

[1] Faragher, John Mack. "Bungalow and Ranch House: The Architectural Backwash of California." Western Historical Quarterly 32.2 (2001): 149-173.
[2] Park, Chan-Kyu, Kim, Hyong-Shik, Lee, Tae Jin and Ryou, Jae-Cheol. "Function partitioning methods for malware variant similarity comparison." Journal of The Korea Institute of information Security & Cryptology 25.2 (2015): 321-330.
[3] Park, Jinseok, Kang, Heesoo and Kim, Seungjoo. "How to Combine Secure Software Development Lifecycle into Common Criteria." Journal of The Korea Institute of information Security & Cryptology 24.1 (2014): 171-182.
[4] Common Weakness Enumeration (CWE), http://cwe.mitre.org/
[5] Common Vulnerabilities and Exposures (CVE), http://cve.mitre.org
[6] National Vulnerability Database (NVD), http://nvd.nist.gov
[7] CWE/SANS Top 25 Most Dangerous Software Errors, http://cwe.mitre.org/top25/
[8] OWASP, Top 10 - 2017, The Ten Most Critical Web Application Security Risks. https://www.owasp.org, 2017.
[9] Bounty program for new SW vulnerabilities, Korea Internet & Security Agency Korea Internet Security Center (KISC), https://www.krcert.or.kr/kor/consult/consult_04.jsp.
[10] Common Weakness Scoring System (CWSS), http://cwe.mitre.org/cwss/.
[11] Common Vulnerability Scoring System (CVSS-SIG), http://www.first.org/cvss.
[12] Ahn, Joonseon, Chang, Byeong-Mo and Lee, Eunyoung. "Quantitative Scoring System on the Importance of Software Vulnerabilities." Journal of the Korea Institute of Information Security and Cryptology 25.4 (2015): 921-932.
[13] Grobauer, Bernd, Walloschek, Tobias and Stocker, Elmar. "Understanding Cloud Computing Vulnerabilities." IEEE Security & Privacy 9.2 (2010): 50-57.
[14] Li, Huan-Chung, Liang, Po-Huei, Yang, Jiann-Min and Chen, Shiang-Jiun. "Analysis on Cloud-Based Security Vulnerability Assessment." International Conference on E-Business Engineering, Shanghai, China, 10-12 November 2010. IEEE Computer Society, 2010, pp. 490-494. IEEE Xplore, ieeexplore.ieee.org/document/5704304.
[15] Kamongi, Patrick, Kotikela, Srujan, Kavi, Krishna, Gomathisankaran, Mahadevan and Singhal, Anoop. "VULCAN: Vulnerability Assessment Framework for Cloud Computing." International Conference on Software Security and Reliability, Gaithersburg, MD, USA, 18-20 June 2013. IEEE Computer Society, 2013, pp. 218-226. IEEE Xplore, https://ieeexplore.ieee.org/document/6571712.
[16] Seo, Kwang-Kyu. "A Methodology for Assessing Security Vulnerability of Cloud Services." International Journal of Reliable Information and Assurance 7.2 (2019): 1-6.
[17] Bhavana, V. "Data Security in Cloud environments." Asia-pacific Journal of Convergent Research Interchange 1.4 (2015): 25-31.
[18] Paruchuri, Vijaya Lakshmi. "Data Confidentiality in Cloud using Encryption Algorithms." International Journal of Cloud-Computing and Super-Computing 3.2 (2016): 7-18.
[19] Wu, Xu. "A New Trust Model in Cloud Computing Environments." International Journal of Hybrid Information Technology 8.3 (2015): 177-184.
[20] Bamwal, Anil and Dwivedi, Asit. "Effective Management of Security of Risk in Cloud Computing Environment." International Journal of Private Cloud Computing Environment and Management 3.1 (2016): 1-10.
[21] Arora, Nitin, Martolia, Mamta and Banerjee, Aparajita. "Analysis of Security Mechanism in Cloud using Identity-Based Encryption." International Journal of Security Technology for Smart Device 2.1 (2015): 27-36. [22] KISA. Domestic cloud service security vulnerability check. Seoul. 2012.

Citations:

 

APA:
Seo, K.-K. (2020). A Quantitative Methodology to Assess the Importance of Security Vulnerability of Cloud Services. International Journal of Control and Automation (IJCA), ISSN: 2005-4297 (Print); 2207-6387 (Online), NADIA, 13(2), 1-12. doi: 10.33832/ijca.2020.13.2.01.

MLA:
Seo, Kwang-Kyu “A Quantitative Methodology to Assess the Importance of Security Vulnerability of Cloud Services.” International Journal of Control and Automation, ISSN: 2005-4297 (Print); 2207-6387 (Online), NADIA, vol. 13, no. 2, 2020, pp. 1-12. IJCA, http://article.nadiapub.com/IJCA/vol13_no2/1.html.

IEEE:
[1] K.-K. Seo, "A Quantitative Methodology to Assess the Importance of Security Vulnerability of Cloud Services." International Journal of Control and Automation (IJCA), ISSN: 2005-4297 (Print); 2207-6387 (Online), NADIA, vol. 13, no. 2, pp. 1-12, Feb 2020.