Electronic Theses and Dissertations





Document Type


Degree Name

Doctor of Philosophy


Computer Science

Committee Chair

Sajjan Shiva

Committee Member

Dipankar Dasgupta

Committee Member

Lan Wang

Committee Member

Scott Fleming


The cloud computing (CC) paradigm has been adopted by many organizations in various fields because of its low cost, high availability and scalability features. Healthcare, education, business, and many other domains look to CC as an attempt to solve the continuous shortage in volume, infrastructure, accessibility, and monitoring. However, moving data to the cloud implies shifting control of the customer’s data to the cloud service provider indefinitely. Additionally, the CC model has different stakeholders namely, cloud consumers, as well as the cloud service provider (CSP), cloud broker, cloud auditor, and cloud carrier. Each stakeholder has security and privacy (S&P) expectations and capabilities, along with independent and shared responsibilities. Hence, the S&P of the cloud computing model becomes an important issue. One of the biggest challenges that consumers encounter is that there is no concrete and transparent way to determine what essential security features meet their requirements. Moreover, there is not a well-established approach to quantify security in cloud services.This dissertation presents an approach to assist cloud stakeholders in recognizing their S&P challenges, addressing those issues, and measuring their protection capabilities with respect to cloud stakeholder type. The novelty of this approach lies in defining security of cloud services from a stakeholder perspective. Unlike the data and infrastructure perspectives, this approach aims to address S&P issues that result from stakeholders’ conflicts of interests more broadly and thoroughly. A prototype framework of tools was designed and developed based on the new approach. This framework supports cloud stakeholders in the initial screening of necessary S&P attributes. It also supports cloud stakeholders in evaluating the protection and deterrence of cloud services. The framework is designed using a rule-based classification system (i.e., taxonomy) and Goal-Question-Metric (GQM) method to recommend necessary S&P attributes. The framework also uses a multi-criteria decision making (MCDM) method to measure the degree of protection in the recommended attributes and to enable benchmarking. The presented framework is structurable, expandable, detailed, and conforms to standards in the CC field. The evaluation results confirm the presented solutions’ effectiveness in recommending and measuring security features appropriately and consistently. This work aims to relieve consumers’ fears of using this emerging technology. It also aims to fill the gap between consumers and CSPs and encourage CSPs to compete transparently.


Data is provided by the student.

Library Comment

Dissertation or thesis originally submitted to the local University of Memphis Electronic Theses & dissertation (ETD) Repository.