Date of Award
Doctor of Philosophy
The cloud computing (CC) paradigm has been adopted by many organizations in various fields because of its low cost, high availability and scalability features. Healthcare, education, business, and many other domains look to CC as an attempt to solve the continuous shortage in volume, infrastructure, accessibility, and monitoring. However, moving data to the cloud implies shifting control of the customer’s data to the cloud service provider indefinitely. Additionally, the CC model has different stakeholders namely, cloud consumers, as well as the cloud service provider (CSP), cloud broker, cloud auditor, and cloud carrier. Each stakeholder has security and privacy (S&P) expectations and capabilities, along with independent and shared responsibilities. Hence, the S&P of the cloud computing model becomes an important issue. One of the biggest challenges that consumers encounter is that there is no concrete and transparent way to determine what essential security features meet their requirements. Moreover, there is not a well-established approach to quantify security in cloud services.This dissertation presents an approach to assist cloud stakeholders in recognizing their S&P challenges, addressing those issues, and measuring their protection capabilities with respect to cloud stakeholder type. The novelty of this approach lies in defining security of cloud services from a stakeholder perspective. Unlike the data and infrastructure perspectives, this approach aims to address S&P issues that result from stakeholders’ conflicts of interests more broadly and thoroughly. A prototype framework of tools was designed and developed based on the new approach. This framework supports cloud stakeholders in the initial screening of necessary S&P attributes. It also supports cloud stakeholders in evaluating the protection and deterrence of cloud services. The framework is designed using a rule-based classification system (i.e., taxonomy) and Goal-Question-Metric (GQM) method to recommend necessary S&P attributes. The framework also uses a multi-criteria decision making (MCDM) method to measure the degree of protection in the recommended attributes and to enable benchmarking. The presented framework is structurable, expandable, detailed, and conforms to standards in the CC field. The evaluation results confirm the presented solutions’ effectiveness in recommending and measuring security features appropriately and consistently. This work aims to relieve consumers’ fears of using this emerging technology. It also aims to fill the gap between consumers and CSPs and encourage CSPs to compete transparently.
dissertation or thesis originally submitted to the local University of Memphis Electronic Theses & dissertation (ETD) Repository.
Abu Hussein, Abdullah Eid, "Pragmatic Framework for Cloud Security Assessment: A Stakeholder-Oriented and Taxonomical Approach" (2017). Electronic Theses and Dissertations. 1720.