Home > Research > Publications & Outputs > A security metrics framework for the Cloud
View graph of relations

A security metrics framework for the Cloud

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Publication date18/07/2011
Host publicationProceedings of the International Conference on Security and Cryptography 2011
Number of pages6
<mark>Original language</mark>English


Cloud computing is redefining the on-demand usage of remotely-located, and highly available computing resources to the user. Unfortunately, while the many economic and technological advantages are apparent, the migration of key sector applications to the Cloud has been limited due to a major show-stopper: the paucity of quantifiable metrics to evaluate the tradeoffs (features, problems and the economics) of security. Despite the obvious value ofmetrics in different scenarios to evaluate such tradeoffs, a formal and standard-based approach for the addressing of security metrics in the Cloud is a much harder and very much an open issue. This paper presents our views on the importance and challenges for developing a security metrics framework for the Cloud, also taking into account our ongoing research with organizations like the Cloud Security Alliance and European projects like ABC4Trust, CoMiFin and INSPIRE. This paper also introduces the basic building blocks of a proposed security metrics framework for elements such as a Cloud provider's security assessment, taking into account the different service and deployment models of the Cloud.