A DESIGN OF AN ECONOMETRIC MODEL FOR EVALUATING THE SECURITY IN CLOUD COMPUTING ENVIRONMENT

  • Type: Project
  • Department: Computer Science
  • Project ID: CPU1745
  • Access Fee: ₦5,000 ($14)
  • Pages: 184 Pages
  • Format: Microsoft Word
  • Views: 484
  • Report This work

For more Info, call us on
+234 8130 686 500
or
+234 8093 423 853

ABSTRACT Cloud computing offers an innovative business model for all cloud enterprises to serve IT services with no need to have technical details. The extreme growth of cloud usage increases the probability of threats occurrence, which in turn leads to financial and other losses. So there is a need to use appropriate metrics to assess the failure cost among cloud stakeholders according to their different needs; we propose a measure called “Mean Failure Cost” (MFC) which quantifies the impact of failure (per unit of time) by representing the losses for each stakeholder as a result of possible security failure. This study investigates this MFC measure which has been adapted to cloud computing by proposing four innovative models: The main model is “The Abstract Representation Model” which is used as a generic model, and then the MFC metric is enriched by proposing three expanded models which are used to refine the MFC cyber-security measure, these new expanded models are: “Multi-dimensional MFC model” (M2FC), “Service Based MFC Model (SBMFCM)” and “The Hybrid Model”, these models are used to serve different cloud sectors. The MFC matrices are filled by empirical data with analytical reasoning, these data is used as a “Default Data” which leads to gain reasonable, accurate and precise results that are compliant with a disciplined “Probability Disruption Rule”, cloud experts can re-adjust these default data. Some of Verification and Validation (V&V) measures are used to reduce the failure cost; these models can be evaluated using an innovative cost/benefit analysis model by matching the deployment cost of these V&V measures against the benefit. These new expansions on MFC give us a clear refinement, accurate estimation and useful interpretation for security related decision-making. Moreover, all proposed models of the MFC provide a unified model of security concepts because security lacks a clear taxonomy of all MFC parameters which leads to the improvement of the system’s software quality. The overall aim of this study is to refine, investigate and adapt the MFC model with cloud computing systems by using cloud-specific knowledge. These aspects are supported by an automated tool which aim to fill all MFC matrices based on empirical data and analytical reasoning then evaluate the obtained results using economical based approaches that help the decision makers to decide whether the measure is worthwhile or not and expected results are achieved.

TABLE OF CONTENTS

DEDICATION ..........................................................................................................................ii

ACKNOWLEDGMENTS .......................................................................................................iii

PUBLICATION BASED ON THIS THESIS .........................................................................iv

ABSTRACT.............................................................................................................................. v

vi ............................................................................................................................... المستخلـــــــص

TABLE OF CONTENTS........................................................................................................vii

LIST OF TABLES.................................................................................................................... x

LIST OF FIGURES................................................................................................................xii

ABBREVIATION..................................................................................................................xiii

CHAPTER ONE....................................................................................................................... 1

CLOUD COMPUTING ISSUES.............................................................................................. 1

1.1. Introduction................................................................................................................ 2

1.2. Problem statement and it’s significance................................................................... 3

1.3. Research Scope........................................................................................................... 4

1.4. Research Question/Hypothesis/Philosophy ............................................................... 4

1.4.1. Research Question .................................................................................................................... 5

1.4.2. Research hypothesis.................................................................................................................. 5

1.4.3. Research Philosophy................................................................................................................. 6

1.5. Research aims and objectives .................................................................................... 6

.1.6 Data collection............................................................................................................ 7

1.7. Open Issues................................................................................................................. 7

1.8. Proposed Solution....................................................................................................... 8

1.9. Evaluation Technique ................................................................................................ 9

1.10. Expected outcomes................................................................................................... 10

1.11. Concept of Cloud Computing .................................................................................. 10

1.11.1. Essential Characteristics .........................................................................................................13

1.11.2. Cloud Service Models..............................................................................................................13

1. Software as a Service (SaaS) .......................................................................................................................................14

2. Platform as a Service (PaaS).......................................................................................................................................14

3. Infrastructure as a Service (IaaS)...............................................................................................................................14

1.11.3. Cloud Computing Security Challenges...................................................................................15

1.11.4. CSA Threat Model (CSA 2016)...............................................................................................16

1.11.5. Number of Incidents in some Cloud Companies.....................................................................17

1.11.6. Related Failure “Cost” in some companies.............................................................................22

1.11.7. Ponemon Institute Survey of Data Center Outages (January 2016) ......................................23

1.11.8. Cloud Failures “Cost and Impact” in a some cloud companies (From 2013 to 2016) ...........25

Summary................................................................................................................................. 29

CHAPTER TWO.................................................................................................................... 30

RISK ESTIMATION METRICS........................................................................................... 30

2.1. Introduction.............................................................................................................. 31

2.2. Cybersecurity Metrics: ............................................................................................ 31

2.2.1. Security risk management framework for cloud computing..................................................33

2.2.2. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) .................34

2.2.3. CCTA Risk Analysis and Management Method (CRAMM)..................................................35

2.2.4. Single Loss Expectancy (SLE) and Annual Loss Expectancy (ALE):....................................36

2.2.5. CORAS ....................................................................................................................................38

2.2.6. Mean Time To x (MTTx).........................................................................................................39

viii

2.3. Mean Failure Cost (MFC)........................................................................................ 42

2.4. The MFC advantages:.............................................................................................. 43

2.5. Comparisons of security measures, methods and metrics:..................................... 43

Summary................................................................................................................................. 47

CHAPTER THREE................................................................................................................ 48

MFC AS AN ECONOMETRIC APPROACH ...................................................................... 48

3.1. Introduction.............................................................................................................. 49

3.2. MFC Metrics............................................................................................................ 49

3.3. MFC Metrics “Algebra Point of View”:.................................................................. 52

3.4. Generate and Fill Matrices Using Abstract MFC Model ....................................... 56

3.5. Rationale for Systematic Literature Review (SLR):............................................... 61

3.6. Summary of the MFC Metrics................................................................................. 61

3.7. MFC Features........................................................................................................... 62

3.8. Framework for Measurement of Cloud Security Risk by MFC............................. 62

3.9. Enhancement and Controlling Measures:............................................................... 64

3.10. Economic Approach................................................................................................. 64

3.10.1. Return On Investment (ROI) History:....................................................................................65

3.10.2. Net Present Value (NPV):........................................................................................................67

3.10.3. ROI Over Time with Enhancement Measures........................................................................68

3.10.4. Calculate Benefits in term of MFC Gain................................................................................69

3.10.5. Dispatching The Investment Cost Using Economical Based Approach:................................71

Summary................................................................................................................................. 78

CHAPTER FOUR .................................................................................................................. 79

ADAPTING MFC PARAMETERS WITH CLOUD COMPUTING ASPECTS................. 79

4.1. Introduction.............................................................................................................. 80

4.2. MFC Parameters...................................................................................................... 80

4.3. MFC Dimensions on Cloud Computing .................................................................. 80

4.3.1. Cloud Stakeholders.................................................................................................. 81

4.3.2. Cloud Security requirements (NIST 2013): ............................................................ 82

4.3.3. Cloud Component/Architecture of Cloud Computing (SATW, 2012).................. 85

4.3.4. Top Threats on Cloud Computing (CSA 2016)....................................................... 87

4.4. The Extraction of MFC Parameters with Cloud Computing Aspects ................... 96

Summary................................................................................................................................. 98

CHAPTER FIVE .................................................................................................................. 100

ADAPTING MFC PARAMETERS ON ALL CLOUD SERVICE MODELS................... 100

5.1. Introduction............................................................................................................ 101

5.2. Cloud Service Models............................................................................................. 101

5.2.1. Stakeholders on each Cloud Service Model:.........................................................................102

5.2.1.1. IaaS stakeholders............................................................................................................................................102

5.2.1.2. PaaS stakeholders ...........................................................................................................................................103

5.2.1.3. SaaS stakeholders............................................................................................................................................103

5.2.2. Security Requirement on Each Cloud Service Model...........................................................104

5.2.2.1. IaaS Security Requirement............................................................................................................................. 105

5.2.2.2. PaaS Security Requirement ............................................................................................................................ 105

5.2.2.3. SaaS Security Requirement ............................................................................................................................ 106

5.2.3. Components on each Cloud Service Model...........................................................................108

5.2.3.1. IaaS Components............................................................................................................................................108

5.2.3.2. PaaS Components ...........................................................................................................................................109

5.2.3.3. SaaS Components............................................................................................................................................109

5.2.4. Top Threats on each Cloud Service Model in 2016.............................................................................................. 111

5.2.4.1. IaaS Threat .....................................................................................................................................................112

5.2.4.2. PaaS Threat.....................................................................................................................................................112

ix

5.2.4.3. SaaS Threat.....................................................................................................................................................113

5.2.5. Structuring the MFC Metrics................................................................................................118

5.2.6. Advantages of Structuring and Re-structuring The MFC Matrices....................................119

5.2.7. Generate and Fill MFC Matrices using Service Base Model................................................120

5.2.7.1. Generate and Fill the MFC Matrices based on the “Position of Failure” aspect............................................121

5.2.7.2. Generate and Fill the MFC Matrices based on the “Scope of Control” Classification..................................124

5.2.8. Flowchart for adapting the MFC with Cloud Computing....................................................126

Summary............................................................................................................................... 128

CHAPTER SIX ...................................................................................................................... 129

MFC APPLICATION ON CLOUD COMPUTING, RESULTS, EVALUATION AND

RECOMMENDATION........................................................................................................ 129

6.1. Introduction............................................................................................................ 130

6.2. MFC Parameters On Cloud Computing ............................................................... 130

6.3. Result Generated Using the Proposed Filling Approach...................................... 131

6.3.1. Filling all MFC Matrices (ST, DP, TIM and TV).................................................................133

6.3.2. Compute Of MFC..................................................................................................................138

6.3.3. Estimating the effectiveness rate and decline rate of measurements ...................................139

6.3.4. Reflecting the enhanced values of measure to associate matrix ...........................................140

6.3.5. Recalculating the MFC in term of benefits...........................................................................141

6.3.6. Dispatching the Investment Cost C(w)..................................................................................141

6.3.7. MFC Results with NPV and ROI options.............................................................................142

6.3.8. Deploying Another Measure..................................................................................................144

6.4. MFC and ROI Model Premises and results with V&V aspects............................ 145

6.4.1. ROI and MFC Benchmark....................................................................................................146

6.5. Automated Tool...................................................................................................... 154

6.6. Generating and Filling MFC Matrices using Service Base Model ....................... 155

6.6.1. Option 1: Position of Security Failure...................................................................................155

6.6.2. Option 2: Scope of Control....................................................................................................156

6.7. Recommendations for acquiring Better Results for MFC and ROI .................... 157

Conclusion............................................................................................................................. 161

REFERENCES ......................................................................................................................... I

Appendix A ….……………………………………………………………………………….....A-1

Appendix B ………..…………………………………………………………………………....B-1



A DESIGN OF AN ECONOMETRIC MODEL FOR EVALUATING THE SECURITY IN CLOUD COMPUTING ENVIRONMENT
For more Info, call us on
+234 8130 686 500
or
+234 8093 423 853

Share This
  • Type: Project
  • Department: Computer Science
  • Project ID: CPU1745
  • Access Fee: ₦5,000 ($14)
  • Pages: 184 Pages
  • Format: Microsoft Word
  • Views: 484
Payment Instruction
Bank payment for Nigerians, Make a payment of ₦ 5,000 to

Bank GTBANK
gtbank
Account Name Obiaks Business Venture
Account Number 0211074565

Bitcoin: Make a payment of 0.0005 to

Bitcoin(Btc)

btc wallet
Copy to clipboard Copy text

500
Leave a comment...

    Details

    Type Project
    Department Computer Science
    Project ID CPU1745
    Fee ₦5,000 ($14)
    No of Pages 184 Pages
    Format Microsoft Word

    Related Works

    CHAPTER ONE INTRODUCTION 1.1        Introduction Cloud Computing is a new paradigm of computing which has evolved in recent times, it’s a platform where hardware and software are delivered to users in a manner that resembles the way utilities such as electricity are delivered to households today... Continue Reading
    Cloud Computing trend is rapidly increasing that has a technology link with Grid Computing, Utility Computing, Distributed Computing. Cloud service providers such as Amazon IBM, Google’s Application, Microsoft Azure etc., provide the users to developing applications in cloud environment and to access them from anywhere. Cloud sever provider’s... Continue Reading
    INTRODUCTION Cloud computing is a model for enabling ubiguitions, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage applications and services) that can be rapidly provisioned and released with minimal management effort or... Continue Reading
    Cloud Computing trend is rapidly increasing that has a technology link with Grid Computing, Utility Computing, Distributed Computing. Cloud service providers such as Amazon IBM, Google’s Application, Microsoft Azure etc., provide the users to developing applications in cloud environment and to access them from anywhere. Cloud sever provider’s... Continue Reading
    Cloud Computing trend is rapidly increasing that has a technology link with Grid Computing, Utility Computing, Distributed Computing. Cloud service providers such as Amazon IBM, Google’s Application, Microsoft Azure etc., provide the users to developing applications in cloud environment and to access them from anywhere. Cloud sever provider’s... Continue Reading
    ABSTRACT Cloud Computing is a new type of service which provides large scale computing resource to each customer. Cloud Computing systems can be easily threatened by various cyber-attacks, because most of Cloud Computing systems provide services to so many people who are not proven to be trustworthy.Therefore, a Cloud Computing system needs to... Continue Reading
    CHAPTER ONE 1.0     Introduction The importance of Cloud Computing is increasing and it is receiving a growing attention in the scientific and industrial communities. A study by Gartner [2011] considered Cloud Computing as the first among the top 10 most important technologies and with a better prospect in... Continue Reading
    Small and Medium Enterprises (SMEs) face numerous challenges in identification, setting up and making use of Information Technology (IT) as an enabler for business. Cloud computing could solve this problem by offering ready, low cost of entry IT solutions. Adoption of cloud computing among the SMEs in developing countries is however low due to a... Continue Reading
    ABSTRACT Academic Enterprise Resource Planning (ERP) systems are meant to integrate the separate activities, processes, and functions within a higher institution to help streamline the process and to provide real-time, on-demand information needs. The volume of data produced by academic institutions grows every day. Due to the increasing numbers... Continue Reading
    Abstract Industrial accidents are on the rise. This fact is even more prevalent in developing countries where the countries lack the safety standards required to ensure workplace safety in the pursuit of economic development. As land in prime locations becomes increasingly scarce, there is an argument for building skyscrapers. But this just... Continue Reading
    Call Us
    whatsappWhatsApp Us