ARA-Assessor: Application-aware runtime risk assessment for cloud-based business continuity

Min Fu; Shiping Chen; Jian Yang; Surya Nepal; Liming Zhu

doi:10.1007/978-3-319-69035-3_38

ARA-Assessor

Application-aware runtime risk assessment for cloud-based business continuity

Min Fu^*, Shiping Chen, Jian Yang, Surya Nepal, Liming Zhu

^*Corresponding author for this work

Department of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

Abstract

Cloud-based systems are prone to be attacked because they share the same cloud infrastructure, where there may exist hackers and malicious users. As a result, cloud system owners need an on-going security risk assessment mechanism to monitor the risk of their systems so that they can be mitigated in a timely manner to ensure the business continuity. Existing methods of cloud system risk assessment usually do not fully consider the dependencies of the system’s cloud resources or the conflictions of the threats on the system. In this paper we propose an application-aware cloud system risk assessment method, called ARA-Assessor, for performing security risk assessment for cloud systems. ARA-Assessor includes a cloud system model used to specify the significance value of each system component and their dependencies. With this application-aware model, the cloud system owners are able to continuously assess the risk of their systems. We evaluate ARA-Assessor with three typical cloud systems on AWS. The experimental results show that our method is capable of continuously assessing the runtime risk for multiple types of cloud systems.

Original language	English
Title of host publication	15th International Conference on Service-Oriented Computing (ICSOC 2017)
Subtitle of host publication	proceedings
Place of Publication	Cham, Switzerland
Publisher	Springer, Springer Nature
Pages	511-527
Number of pages	17
Volume	10601
ISBN (Electronic)	9783319690353
ISBN (Print)	9783319690346
DOIs	https://doi.org/10.1007/978-3-319-69035-3_38
Publication status	Published - 2017
Event	15th International Conference on Service-Oriented Computing, ICSOC 2017 - Malaga, Spain Duration: 13 Nov 2017 → 16 Nov 2017

Publication series

Name	Lecture Notes in Computer Science
Volume	10601
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	15th International Conference on Service-Oriented Computing, ICSOC 2017
Country	Spain
City	Malaga
Period	13/11/17 → 16/11/17

Keywords

Cloud risk
Cloud security
Risk assessment
Risk management

Access to Document

10.1007/978-3-319-69035-3_38

Fingerprint Dive into the research topics of 'ARA-Assessor: Application-aware runtime risk assessment for cloud-based business continuity'. Together they form a unique fingerprint.

Cite this

Fu, M., Chen, S., Yang, J., Nepal, S., & Zhu, L. (2017). ARA-Assessor: Application-aware runtime risk assessment for cloud-based business continuity. In 15th International Conference on Service-Oriented Computing (ICSOC 2017): proceedings (Vol. 10601, pp. 511-527). (Lecture Notes in Computer Science; Vol. 10601). Cham, Switzerland: Springer, Springer Nature. https://doi.org/10.1007/978-3-319-69035-3_38

@inproceedings{733948929f4840fcbb3c8a8176410cfb,

title = "ARA-Assessor: Application-aware runtime risk assessment for cloud-based business continuity",

abstract = "Cloud-based systems are prone to be attacked because they share the same cloud infrastructure, where there may exist hackers and malicious users. As a result, cloud system owners need an on-going security risk assessment mechanism to monitor the risk of their systems so that they can be mitigated in a timely manner to ensure the business continuity. Existing methods of cloud system risk assessment usually do not fully consider the dependencies of the system’s cloud resources or the conflictions of the threats on the system. In this paper we propose an application-aware cloud system risk assessment method, called ARA-Assessor, for performing security risk assessment for cloud systems. ARA-Assessor includes a cloud system model used to specify the significance value of each system component and their dependencies. With this application-aware model, the cloud system owners are able to continuously assess the risk of their systems. We evaluate ARA-Assessor with three typical cloud systems on AWS. The experimental results show that our method is capable of continuously assessing the runtime risk for multiple types of cloud systems.",

keywords = "Cloud risk, Cloud security, Risk assessment, Risk management",

author = "Min Fu and Shiping Chen and Jian Yang and Surya Nepal and Liming Zhu",

year = "2017",

doi = "10.1007/978-3-319-69035-3_38",

language = "English",

isbn = "9783319690346",

volume = "10601",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Springer Nature",

pages = "511--527",

booktitle = "15th International Conference on Service-Oriented Computing (ICSOC 2017)",

address = "United States",

}

Fu, M, Chen, S, Yang, J, Nepal, S & Zhu, L 2017, ARA-Assessor: Application-aware runtime risk assessment for cloud-based business continuity. in 15th International Conference on Service-Oriented Computing (ICSOC 2017): proceedings. vol. 10601, Lecture Notes in Computer Science, vol. 10601, Springer, Springer Nature, Cham, Switzerland, pp. 511-527, 15th International Conference on Service-Oriented Computing, ICSOC 2017, Malaga, Spain, 13/11/17. https://doi.org/10.1007/978-3-319-69035-3_38

ARA-Assessor : Application-aware runtime risk assessment for cloud-based business continuity. / Fu, Min; Chen, Shiping; Yang, Jian; Nepal, Surya; Zhu, Liming.

15th International Conference on Service-Oriented Computing (ICSOC 2017): proceedings. Vol. 10601 Cham, Switzerland : Springer, Springer Nature, 2017. p. 511-527 (Lecture Notes in Computer Science; Vol. 10601).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

TY - GEN

T1 - ARA-Assessor

T2 - Application-aware runtime risk assessment for cloud-based business continuity

AU - Fu, Min

AU - Chen, Shiping

AU - Yang, Jian

AU - Nepal, Surya

AU - Zhu, Liming

PY - 2017

Y1 - 2017

N2 - Cloud-based systems are prone to be attacked because they share the same cloud infrastructure, where there may exist hackers and malicious users. As a result, cloud system owners need an on-going security risk assessment mechanism to monitor the risk of their systems so that they can be mitigated in a timely manner to ensure the business continuity. Existing methods of cloud system risk assessment usually do not fully consider the dependencies of the system’s cloud resources or the conflictions of the threats on the system. In this paper we propose an application-aware cloud system risk assessment method, called ARA-Assessor, for performing security risk assessment for cloud systems. ARA-Assessor includes a cloud system model used to specify the significance value of each system component and their dependencies. With this application-aware model, the cloud system owners are able to continuously assess the risk of their systems. We evaluate ARA-Assessor with three typical cloud systems on AWS. The experimental results show that our method is capable of continuously assessing the runtime risk for multiple types of cloud systems.

AB - Cloud-based systems are prone to be attacked because they share the same cloud infrastructure, where there may exist hackers and malicious users. As a result, cloud system owners need an on-going security risk assessment mechanism to monitor the risk of their systems so that they can be mitigated in a timely manner to ensure the business continuity. Existing methods of cloud system risk assessment usually do not fully consider the dependencies of the system’s cloud resources or the conflictions of the threats on the system. In this paper we propose an application-aware cloud system risk assessment method, called ARA-Assessor, for performing security risk assessment for cloud systems. ARA-Assessor includes a cloud system model used to specify the significance value of each system component and their dependencies. With this application-aware model, the cloud system owners are able to continuously assess the risk of their systems. We evaluate ARA-Assessor with three typical cloud systems on AWS. The experimental results show that our method is capable of continuously assessing the runtime risk for multiple types of cloud systems.

KW - Cloud risk

KW - Cloud security

KW - Risk assessment

KW - Risk management

UR - http://www.scopus.com/inward/record.url?scp=85034040599&partnerID=8YFLogxK

UR - http://purl.org/au-research/grants/arc/DP150102966

U2 - 10.1007/978-3-319-69035-3_38

DO - 10.1007/978-3-319-69035-3_38

M3 - Conference proceeding contribution

SN - 9783319690346

VL - 10601

T3 - Lecture Notes in Computer Science

SP - 511

EP - 527

BT - 15th International Conference on Service-Oriented Computing (ICSOC 2017)

PB - Springer, Springer Nature

CY - Cham, Switzerland

ER -

Fu M, Chen S, Yang J, Nepal S, Zhu L. ARA-Assessor: Application-aware runtime risk assessment for cloud-based business continuity. In 15th International Conference on Service-Oriented Computing (ICSOC 2017): proceedings. Vol. 10601. Cham, Switzerland: Springer, Springer Nature. 2017. p. 511-527. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-69035-3_38