Health Care Management Papers

Document Type

Technical Report

Date of this Version


Publication Source

IEEE Transactions on Cloud Computing








The vulnerability of Cloud Computing Systems (CCSs) to Advanced Persistent Threats (APTs) is a significant concern to government and industry. We present a cloud architecture reference model that incorporates a wide range of security controls and best practices, and a cloud security assessment model – Cloud-Trust – that estimates high level security metrics to quantify the degree of confidentiality and integrity offered by a CCS or cloud service provider (CSP). Cloud-Trust is used to assess the security level of four multi-tenant IaaS cloud architectures equipped with alternative cloud security controls and to show the probability of CCS penetration (high value data compromise) is high if a minimal set of security controls are implemented. CCS penetration probability drops substantially if a cloud defense in depth security architecture is adopted that protects virtual machine (VM) images at rest, strengthens CSP and cloud tenant system administrator access controls, and which employs other network security controls to minimize cloud network surveillance and discovery of live VMs.

Copyright/Permission Statement

© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.


At the time of this publication, Mr. Saltzman was affiliated with the RAND Corporation, but he is now associated with the Department of Healthcare Management within the Wharton School, University of Pennsylvania.


cloud computing, servers, computer architecture, cryptography, monitoring, firewalls, cyber security, advanced persistent threats, security metrics, virtual machine (VM) isolation



Date Posted: 27 November 2017

This document has been peer reviewed.