Title :
A Hierarchical Security-Auditing Methodology for Cloud Computing
Author :
Zhuobing Han ; Xiaohong Li ; Stroulia, Eleni
Author_Institution :
Dept. of Comput. Sci. & Technol., Tianjin Univ., Tianjin, China
Abstract :
Security concerns are frequently mentioned among the reasons why organizations hesitate to adopt cloud computing. Given the numerous choices of cloud-resource providers, clients often find it difficult to assess their relative advantages and shortcomings with respect to security, which may prevent them from making any choice. In this paper, we describe our methodology for a hierarchical security-audit method for cloud-computing services. Our method examines the overall security of the cloud offering, based on the examination of a comprehensive set of security concerns at the IaaS, PaaS, and SaaS layers. For each layer, relevant evidence regarding its security is collected and subsequently synthesized into an overall security score. We illustrate our method through a case study, examining the relative security merits of the Google Cloud and the Microsoft Azure Cloud.
Keywords :
auditing; cloud computing; security of data; Google cloud; IaaS; Microsoft Azure cloud; PaaS; SaaS layers; cloud-computing services; cloud-resource providers; hierarchical security-auditing methodology; security score; Access control; Data security; Servers; Software as a service; Analytic Hierarchical Process (AHP); Cloud Computing; Multi-level Fuzzy Comprehensive Evaluation (MFCE); security evaluation;
Conference_Titel :
Services Computing (SCC), 2015 IEEE International Conference on
Conference_Location :
New York, NY
Print_ISBN :
978-1-4673-7280-0
DOI :
10.1109/SCC.2015.36
