Cloud-Trust - A Security Assessment Model for Infrastructure as a Service (IaaS) Clouds
Penn collection
Degree type
Discipline
Subject
servers
computer architecture
cryptography
monitoring
firewalls
cyber security
advanced persistent threats
security metrics
virtual machine (VM) isolation
Other Electrical and Computer Engineering
Funder
Grant number
License
Copyright date
Distributor
Related resources
Author
Contributor
Abstract
The vulnerability of Cloud Computing Systems (CCSs) to Advanced Persistent Threats (APTs) is a significant concern to government and industry. We present a cloud architecture reference model that incorporates a wide range of security controls and best practices, and a cloud security assessment model – Cloud-Trust – that estimates high level security metrics to quantify the degree of confidentiality and integrity offered by a CCS or cloud service provider (CSP). Cloud-Trust is used to assess the security level of four multi-tenant IaaS cloud architectures equipped with alternative cloud security controls and to show the probability of CCS penetration (high value data compromise) is high if a minimal set of security controls are implemented. CCS penetration probability drops substantially if a cloud defense in depth security architecture is adopted that protects virtual machine (VM) images at rest, strengthens CSP and cloud tenant system administrator access controls, and which employs other network security controls to minimize cloud network surveillance and discovery of live VMs.