Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Multilevel classification of security concerns in cloud computing
AU - Hussain, Syed Asad
AU - Fatima, Mehwish
AU - Saeed, Atif
AU - Raza, Imran
AU - Shahzad, Raja Khurram
PY - 2017/1
Y1 - 2017/1
N2 - Threats jeopardize some basic security requirements in a cloud. These threats generally constitute privacy breach, data leakage and unauthorized data access at different cloud layers. This paper presents a novel multilevel classification model of different security attacks across different cloud services at each layer. It also identifies attack types and risk levels associated with different cloud services at these layers. The risks are ranked as low, medium and high. The intensity of these risk levels depends upon the position of cloud layers. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services. The multilevel classification model leads to the provision of dynamic security contract for each cloud layer that dynamically decides about security requirements for cloud consumer and provider.
AB - Threats jeopardize some basic security requirements in a cloud. These threats generally constitute privacy breach, data leakage and unauthorized data access at different cloud layers. This paper presents a novel multilevel classification model of different security attacks across different cloud services at each layer. It also identifies attack types and risk levels associated with different cloud services at these layers. The risks are ranked as low, medium and high. The intensity of these risk levels depends upon the position of cloud layers. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services. The multilevel classification model leads to the provision of dynamic security contract for each cloud layer that dynamically decides about security requirements for cloud consumer and provider.
KW - Cloud computing
KW - Security
KW - Virtualization
KW - SaaS
KW - PaaS
KW - IaaS
U2 - 10.1016/j.aci.2016.03.001
DO - 10.1016/j.aci.2016.03.001
M3 - Journal article
VL - 13
SP - 57
EP - 65
JO - Applied Computing and Informatics
JF - Applied Computing and Informatics
SN - 2210-8327
IS - 1
ER -