@inproceedings{733948929f4840fcbb3c8a8176410cfb,
title = "ARA-Assessor: Application-aware runtime risk assessment for cloud-based business continuity",
abstract = "Cloud-based systems are prone to be attacked because they share the same cloud infrastructure, where there may exist hackers and malicious users. As a result, cloud system owners need an on-going security risk assessment mechanism to monitor the risk of their systems so that they can be mitigated in a timely manner to ensure the business continuity. Existing methods of cloud system risk assessment usually do not fully consider the dependencies of the system{\textquoteright}s cloud resources or the conflictions of the threats on the system. In this paper we propose an application-aware cloud system risk assessment method, called ARA-Assessor, for performing security risk assessment for cloud systems. ARA-Assessor includes a cloud system model used to specify the significance value of each system component and their dependencies. With this application-aware model, the cloud system owners are able to continuously assess the risk of their systems. We evaluate ARA-Assessor with three typical cloud systems on AWS. The experimental results show that our method is capable of continuously assessing the runtime risk for multiple types of cloud systems.",
keywords = "Cloud risk, Cloud security, Risk assessment, Risk management",
author = "Min Fu and Shiping Chen and Jian Yang and Surya Nepal and Liming Zhu",
year = "2017",
doi = "10.1007/978-3-319-69035-3_38",
language = "English",
isbn = "9783319690346",
volume = "10601",
series = "Lecture Notes in Computer Science",
publisher = "Springer, Springer Nature",
pages = "511--527",
booktitle = "15th International Conference on Service-Oriented Computing (ICSOC 2017)",
address = "United States",
note = "15th International Conference on Service-Oriented Computing, ICSOC 2017 ; Conference date: 13-11-2017 Through 16-11-2017",
}