A Methodology for Assessing Security Vulnerability of Cloud Services

AUTHORS

Kwang-Kyu Seo,Dept. of Management Engineering, Sangmyung University, Korea

ABSTRACT

Cloud services continue to change the business paradigm to use computing resources such as infrastructure, platform and application using the network access. They have created new security threats and challenges. When large amounts of data are saved in the cloud, the cloud is naturally exposed to attack. In cloud services, analysis and evaluation of security vulnerability should be made with protection plans that provide the objective data and information necessary to establish measures for information protection for each business of firms and take into account the impact on their respective responsibilities. This paper presents a framework to evaluate security vulnerability that reflects the business impacts. Through this framework, it is possible to evaluate vulnerability items of cloud services. Eventually, the proposed methodology will help establish security policies for both cloud service providers and users.

 

KEYWORDS

Evaluation framework, Vulnerability, Security, Threat, Cloud service

REFERENCES

[1]    C. K. Park, H. S. Kim, T. J. Lee, and J. C. Ryou, “Function partitioning methods for malware variant similarity comparison,” J. of The Korea Institute of information Security & Cryptology, vol.25, no.2, pp.321-330, (2015)
[2]    J. Park, H. Kang, and S. Kim, “How to combine secure software development lifecycle into common criteria,” J. of The Korea Institute of information Security & Cryptology, vol.24, no.1, pp.171-182, (2014)
[3]    Common Weakness Enumeration (CWE), http://cwe.mitre.org/, (2018)
[4]    Common Vulnerabilities and Exposures (CVE), http://cve.mitre.org, (2019)
[5]    National Vulnerability Database (NVD), http://nvd.nist.gov, (2019)
[6]    2011 CWE/SANS Top 25 Most Dangerous Software Errors, http://cwe.mitre.org/top25/, (2011)
[7]    OWASP, Top 10 - 2017, “The ten most critical web application security risks,” https://www.owasp.org, (2017)
[8]    Korea Internet & Security Agency Korea Internet Security Center (KISC), “Bounty program for new SW vulnerabilities,” https://www.krcert.or.kr/kor/consult/consult_04.jsp
[9]    KISA, “Domestic cloud service security vulnerability check,” Seoul, (2012)

CITATION

  • APA:
    Seo,K.K.(2019). A Methodology for Assessing Security Vulnerability of Cloud Services. International Journal of Reliable Information and Assurance, 7(2), 1-6. 10.21742/IJRIA.2019.7.2.01
  • Harvard:
    Seo,K.K.(2019). "A Methodology for Assessing Security Vulnerability of Cloud Services". International Journal of Reliable Information and Assurance, 7(2), pp.1-6. doi:10.21742/IJRIA.2019.7.2.01
  • IEEE:
    [1] K.K.Seo, "A Methodology for Assessing Security Vulnerability of Cloud Services". International Journal of Reliable Information and Assurance, vol.7, no.2, pp.1-6, Dec. 2019
  • MLA:
    Seo Kwang-Kyu. "A Methodology for Assessing Security Vulnerability of Cloud Services". International Journal of Reliable Information and Assurance, vol.7, no.2, Dec. 2019, pp.1-6, doi:10.21742/IJRIA.2019.7.2.01

ISSUE INFO

  • Volume 7, No. 2, 2019
  • ISSN(p):2288-8950
  • ISSN(e):2207-5143
  • Published:Dec. 2019

DOWNLOAD