Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Multi-criteria Decision Making Model for Vulnerabilities Assessment in Cloud Computing regarding Common Vulnerability Scoring System
AU - Bolivar, H.
AU - Jaimes Parada, H.D.
AU - Roa, O.
AU - Velandia, J.
PY - 2020/1/16
Y1 - 2020/1/16
N2 - Vulnerability is associated with the probability of resistance of actions of a threat. A vulnerability exists when a force of threat exceeds the capacity of resistance. Virtualization and its exclusive architecture have numerous features and advantages over non-conventional virtual machines. However, this new uniqueness creates new vulnerabilities and attacks on a cloud system. Assessing the security of software services on Cloud is complex because the security depends on the vulnerability of infrastructure, platform and software services. In 2017, over 14,000 new vulnerabilities were disclosed, so, a key question for administrators is which vulnerabilities to prioritize. The Common Vulnerability Scoring System (CVSS) is often used to decide which vulnerabilities pose the greatest risk. CVSS V3 creates a metric for each vulnerability and establishes a very broad definition of vulnerabilities, therefore, multi-criteria decision making (MCDM) is necessary to making a choice of the best alternative from among a finite set of decision alternatives in terms of multiple criteria. We propose a model for the evaluation and prioritization of vulnerabilities in cloud architectures based on the Common Vulnerability Scoring System and multi-criteria decision making.
AB - Vulnerability is associated with the probability of resistance of actions of a threat. A vulnerability exists when a force of threat exceeds the capacity of resistance. Virtualization and its exclusive architecture have numerous features and advantages over non-conventional virtual machines. However, this new uniqueness creates new vulnerabilities and attacks on a cloud system. Assessing the security of software services on Cloud is complex because the security depends on the vulnerability of infrastructure, platform and software services. In 2017, over 14,000 new vulnerabilities were disclosed, so, a key question for administrators is which vulnerabilities to prioritize. The Common Vulnerability Scoring System (CVSS) is often used to decide which vulnerabilities pose the greatest risk. CVSS V3 creates a metric for each vulnerability and establishes a very broad definition of vulnerabilities, therefore, multi-criteria decision making (MCDM) is necessary to making a choice of the best alternative from among a finite set of decision alternatives in terms of multiple criteria. We propose a model for the evaluation and prioritization of vulnerabilities in cloud architectures based on the Common Vulnerability Scoring System and multi-criteria decision making.
U2 - 10.1109/CONIITI48476.2019.8960909
DO - 10.1109/CONIITI48476.2019.8960909
M3 - Conference contribution/Paper
SN - 9781728147475
BT - 2019 Congreso Internacional de Innovacion y Tendencias en Ingenieria, CONIITI 2019 - Conference Proceedings
PB - IEEE
ER -