ARA-Assessor: Application-aware runtime risk assessment for cloud-based business continuity

Min Fu*, Shiping Chen, Jian Yang, Surya Nepal, Liming Zhu

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review


Cloud-based systems are prone to be attacked because they share the same cloud infrastructure, where there may exist hackers and malicious users. As a result, cloud system owners need an on-going security risk assessment mechanism to monitor the risk of their systems so that they can be mitigated in a timely manner to ensure the business continuity. Existing methods of cloud system risk assessment usually do not fully consider the dependencies of the system’s cloud resources or the conflictions of the threats on the system. In this paper we propose an application-aware cloud system risk assessment method, called ARA-Assessor, for performing security risk assessment for cloud systems. ARA-Assessor includes a cloud system model used to specify the significance value of each system component and their dependencies. With this application-aware model, the cloud system owners are able to continuously assess the risk of their systems. We evaluate ARA-Assessor with three typical cloud systems on AWS. The experimental results show that our method is capable of continuously assessing the runtime risk for multiple types of cloud systems.

Original languageEnglish
Title of host publication15th International Conference on Service-Oriented Computing (ICSOC 2017)
Subtitle of host publicationproceedings
Place of PublicationCham, Switzerland
PublisherSpringer, Springer Nature
Number of pages17
ISBN (Electronic)9783319690353
ISBN (Print)9783319690346
Publication statusPublished - 2017
Event15th International Conference on Service-Oriented Computing, ICSOC 2017 - Malaga, Spain
Duration: 13 Nov 201716 Nov 2017

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference15th International Conference on Service-Oriented Computing, ICSOC 2017


  • Cloud risk
  • Cloud security
  • Risk assessment
  • Risk management


Dive into the research topics of 'ARA-Assessor: Application-aware runtime risk assessment for cloud-based business continuity'. Together they form a unique fingerprint.

Cite this