Uncertainty based approach of modelling for security metrics in cloud computing

Buyonje, Vicent

View/Open

Masters Dissertation (1.467Mb)

Date

2018-04

Author

Buyonje, Vicent

Metadata

Show full item record

Abstract

Cloud computing has emerged as a powerful model for managing and delivering services over the Internet. It is swiftly transforming the information technology delivery view and fundamentally realizing the commitment of utility computing. Cloud computing provides for scalable and mobile hardware and software provisions that decrease operational costs among other advantages. However even with its many advantages cloud computing is still marred by security issues ranging from Distributed-Denial-of-Service attacks to system-device vulnerabilities, mainly because private data is entrusted to another party. Various procedures have been proposed to address the security issues of cloud including; co-residency detection, provable data possession and cryptographic protocols. However security still remains as the number one hindrance to cloud computing adoption. Therefore before mitigating the security vulnerabilities of cloud system it is important to define the weakness boundaries for proper benchmarking by measuring the security of the system basing on the threats and vulnerabilities. With this perspective various research has been done to address the issue of security measurement. However the security metrics proposed do not address the issue of uncertainty in their algorithms. Given that the attack vector of the adversary is random and undefined it is necessary to quantify the randomness of the attacker’s path and vulnerability exploited. In this dissertation we investigate how the security of a cloud infrastructure can be measured with respect to attacker uncertainty. We investigate how security based cloud system infrastructures can be modeled with further focus on threat and vulnerability modeling. We further propose a probabilistic information theory based metric using Shannon entropy and combined with a Bayesian networks based metric for this purpose. For metric testing we construct a security based cloud system for which further model the attack paths using attack trees and analyzed with entropy and the vulnerabilities modeled with attack paths are analyst with Bayesian networks. For systems comparisons we vary the implemented devices and service for which we obtain the scores. Through this research we provide an uncertainty based approach for security met- rics in cloud computing. For the provided metric a demonstration of its quantitative application is performed and analyzed on constructed threat models using attack trees and attack graphs. Therefore with the metric we provide a procedure for quantitative evaluation of cloud security to enable: security issues identification, assigning cloud security level scores and comparison between cloud infrastructures.

URI

http://hdl.handle.net/10570/7450

Collections

School of Computing and Informatics Technology (CIT) Collection