|FALL DOUDOU||1151133: M, 2回目発表||山口 英, 藤川 和利, 関 浩之, 門林 雄基|
title: Probabilistic Security Quantification of Infrastructure as a Service Cloud Computing
Cloud Computing promotes a data off premise model that provides scalability, resilience, flexibility, efficiency and economic benefits for its customers. However despite all its benefits, cloud computing has many security issues that constitute the main hurdle for its adoption. In our research, we propose a probabilistic security quantification method for Infrastructure as a Service Cloud Computing, which allows both customers and Cloud Service Providers to measure the security of a given cloud environment. To achieve our goal we propose a Vulnerability Tree Analysis ? VTA ? for IaaS environment. The VTA allows us to have a Boolean picturesque representation of the IaaS system with the potential vulnerabilities. And from the VTA we derive a formula that specifies the security level of the system. Each of the vulnerabilities has an exploitability value that we obtain by slightly modifying the exploitability sub-?‐formula of the Common Vulnerability Scoring System. With that method we were able to quantify different scenarios of security vulnerability in IaaS Cloud Computing.
language of the presentation: English