{"title":"基于风险和依赖性的云服务安全评估标准规范","authors":"Sarah Maroc, J. Zhang","doi":"10.1109/ICCSN.2019.8905370","DOIUrl":null,"url":null,"abstract":"A key problem with much of the literature on cloud services evaluation is that it fails to consider the context and the dependencies between the evaluation criteria spanning different services and the various, and often conflicting, customers' requirements. Different aspects are important for different applications, and the choice of evaluation criteria needs to reflect this. This paper proposes a method for selecting the core security evaluation criteria based on the cause-effect relationships between the services, threats, vulnerabilities, and security controls using multiple evaluation factors including the importance, likelihood, and impact. The Analytic Network Process (ANP) is used to estimate the direct influence between the attributes, and the Decision Making Trial and Evaluation Laboratory (DEMATEL) is used to obtain the total influences (direct and indirect) between those attributes. The goal is not to blindly use all the criteria that exist in the literature, but instead to identify those that are most relevant to the context of the evaluation considering the characteristics of cloud service models, deployment models, and the overall evaluation context. This allows to focus on the situation and eliminate unnecessary tasks.","PeriodicalId":330766,"journal":{"name":"2019 IEEE 11th International Conference on Communication Software and Networks (ICCSN)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Risk-Based and Dependency-Aware Criteria Specification for Cloud Services Security Evaluation\",\"authors\":\"Sarah Maroc, J. Zhang\",\"doi\":\"10.1109/ICCSN.2019.8905370\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A key problem with much of the literature on cloud services evaluation is that it fails to consider the context and the dependencies between the evaluation criteria spanning different services and the various, and often conflicting, customers' requirements. Different aspects are important for different applications, and the choice of evaluation criteria needs to reflect this. This paper proposes a method for selecting the core security evaluation criteria based on the cause-effect relationships between the services, threats, vulnerabilities, and security controls using multiple evaluation factors including the importance, likelihood, and impact. The Analytic Network Process (ANP) is used to estimate the direct influence between the attributes, and the Decision Making Trial and Evaluation Laboratory (DEMATEL) is used to obtain the total influences (direct and indirect) between those attributes. The goal is not to blindly use all the criteria that exist in the literature, but instead to identify those that are most relevant to the context of the evaluation considering the characteristics of cloud service models, deployment models, and the overall evaluation context. This allows to focus on the situation and eliminate unnecessary tasks.\",\"PeriodicalId\":330766,\"journal\":{\"name\":\"2019 IEEE 11th International Conference on Communication Software and Networks (ICCSN)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 11th International Conference on Communication Software and Networks (ICCSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCSN.2019.8905370\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 11th International Conference on Communication Software and Networks (ICCSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCSN.2019.8905370","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Risk-Based and Dependency-Aware Criteria Specification for Cloud Services Security Evaluation
A key problem with much of the literature on cloud services evaluation is that it fails to consider the context and the dependencies between the evaluation criteria spanning different services and the various, and often conflicting, customers' requirements. Different aspects are important for different applications, and the choice of evaluation criteria needs to reflect this. This paper proposes a method for selecting the core security evaluation criteria based on the cause-effect relationships between the services, threats, vulnerabilities, and security controls using multiple evaluation factors including the importance, likelihood, and impact. The Analytic Network Process (ANP) is used to estimate the direct influence between the attributes, and the Decision Making Trial and Evaluation Laboratory (DEMATEL) is used to obtain the total influences (direct and indirect) between those attributes. The goal is not to blindly use all the criteria that exist in the literature, but instead to identify those that are most relevant to the context of the evaluation considering the characteristics of cloud service models, deployment models, and the overall evaluation context. This allows to focus on the situation and eliminate unnecessary tasks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
