Security Risk Assessment of Cloud Carrier

Cloud computing based delivery model has been adopted by end-users and enterprises to reduce IT costs and complexities. The ability to offload user software and data to cloud data centers has raised many security and privacy concerns over the cloud computing model. Significant research efforts have focused on hyper visor security and low-layer operating system implementations in cloud data centers. Unfortunately, the role of cloud carrier in the security and privacy of user software and data has not been well studied. Cloud carrier represents the wide area network that provides the connectivity and transport of cloud services between cloud consumers and cloud providers. In this paper, we present a risk assessment framework to study the security risk of the cloud carrier between cloud consumers and cloud providers. The risk assessment framework leverages the National Vulnerability Database (NVD) to examine the security vulnerabilities of operating systems of routers within the cloud carrier. This framework provides quantifiable security metrics for cloud carrier, which enables cloud consumers to establish the quality of security services among cloud providers. Such security metric information is very useful in the Service Level Agreement (SLA) negotiation between a cloud consumer and a cloud provider. It can be also be used to build a tool to verify SLA compliance. Furthermore, we implement this framework for the cloud carriers of Amazon Web Services and Windows Azure Platform. Our experiments show that the security risks of cloud carriers on these two commercial clouds are significantly different. This finding provides guidance for a network provider to improve the security of cloud carriers.