Health Care Management Papers
Document Type
Technical Report
Date of this Version
3-2015
Publication Source
IEEE Transactions on Cloud Computing
Volume
PP
Issue
99
DOI
10.1109/TCC.2015.2415794
Abstract
The vulnerability of Cloud Computing Systems (CCSs) to Advanced Persistent Threats (APTs) is a significant concern to government and industry. We present a cloud architecture reference model that incorporates a wide range of security controls and best practices, and a cloud security assessment model – Cloud-Trust – that estimates high level security metrics to quantify the degree of confidentiality and integrity offered by a CCS or cloud service provider (CSP). Cloud-Trust is used to assess the security level of four multi-tenant IaaS cloud architectures equipped with alternative cloud security controls and to show the probability of CCS penetration (high value data compromise) is high if a minimal set of security controls are implemented. CCS penetration probability drops substantially if a cloud defense in depth security architecture is adopted that protects virtual machine (VM) images at rest, strengthens CSP and cloud tenant system administrator access controls, and which employs other network security controls to minimize cloud network surveillance and discovery of live VMs.
Copyright/Permission Statement
© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Keywords
cloud computing, servers, computer architecture, cryptography, monitoring, firewalls, cyber security, advanced persistent threats, security metrics, virtual machine (VM) isolation
Recommended Citation
Gonzales, D., Kaplan, J., Saltzman, E., Winkelman, Z., & Woods, D. (2015). Cloud-Trust - A Security Assessment Model for Infrastructure as a Service (IaaS) Clouds. IEEE Transactions on Cloud Computing, PP (99), http://dx.doi.org/10.1109/TCC.2015.2415794
Date Posted: 27 November 2017
This document has been peer reviewed.
Comments
At the time of this publication, Mr. Saltzman was affiliated with the RAND Corporation, but he is now associated with the Department of Healthcare Management within the Wharton School, University of Pennsylvania.