A risk model for cloud processes

Document Type: REVIEW PAPER



Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification of "typical" threats and attack vectors. Also, the dynamic, multi-party nature of cloud-based processes makes severity assessment very dependent on the particular set of stakeholders involved in each process execution. In this paper, we tackle these problems by presenting a novel, process-oriented quantitative risk assessment methodology aimed at disclosure risks on cloud computing platforms. Key advantages of our methodology include (i) a fully quantitative and iterative approach, which enables stakeholders to compare alternative versions of cloud-based processes (e.g., with and without security controls) (ii) non-frequency-based probability estimates, which allow analyzing threats for which a detailed history is not available (iii) support for quick visual comparisons of risk profiles of alternative processes even when impact cannot be exactly quantified.


[1] Information risk analysis methodology IRAM. https://www.securityforum.org/iram#iramtva.

[2] ATOS. Risk analysis framework for a cloud specific environment, 2008.

[3] Robert J. Aumann and Roger B. Myerson. Endogenous formation of links between players and of coalitions: An application of the shapely value. In Bhaskar Dutta and Matthew O. Jackson, editors, Networks and Groups, Studies in Economic Design, pages 207-220. Springer Berlin Heidelberg, 2003.

[4] Samik Basu and Tevfik Bultan. Choreography conformance via synchronizability. In Proc.s International Conference on World Wide Web, WWW 2011, Hyderabad, India, March 28 – April 1, 2011, pages 795-804, 2011.

[5] Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. Foundations of garbled circuits. In the ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, October 16-18, 2012, pages 784-796, 2012.

[6] Dan Bogdanov, Liina Kamm, Sven Laur, and Pille Pruulmann-Vengerfeldt. Secure multi-party data analysis: end user validation and practical experiments. Cryptology ePrint Archive, Report 2013/826, 2013.

[7] Peter Bogetoft, Ivan Damgård, Thomas Jakobsen, Kurt Nielsen, Jakob Pagter, and Tomas Toft. A practical implementation of secure auctions based on multiparty integer computation. In Financial Cryptography and Data Security, pages 142-147. Springer, 2006.

[8] Colin Boyd and Wenbo Mao. Security issues for electronic auctions. Hewlett-Packard Laboratories,2000.

[9] Phillip G Bradford, Sunju Park, Michael HRothkopf, and Heejin Park. Protocol completion incentive problems in cryptographic vickrey auctions. Electronic Commerce Research, 8(1-2):57-77, 2008.

[10] Felix Brandt. Fully private auctions in a constant number of rounds. In Financial Cryptography, pages 223-238. Springer, 2003.

[11] Ingrid Buckley, Eduardo B. Fernández, Marco Anisetti, Claudio Agostino Ardagna, Seyed Masoud Sadjadi, and Ernesto Damiani. Towards pattern-based reliability certification of services. In On the Move to Meaningful Internet Systems: OTM 2011 - Confederated International Conferences: CoopIS, DOA-SVI, and ODBASE 2011, Hersonissos, Crete, Greece, October 17-21, 2011, Proceedings, Part II, pages 560-576, 2011.

[12] Daniele Catteddu and Giles Hogben. Cloud computing: Benefits, risks and recommendations for information security. Technical report, ENISA, 2009.

[13] Ann Cavoukian. Privacy risk management: Building privacy protection into a risk management framework to ensure that privacy risks are managed by default. Technical report, Information and Privacy Commissioner - Ontario - Canada, 2010.

[14] SY Chan. An alternative approach to the modeling of probability distributions. Risk Analysis, 13(1):97-102, 1993.

[15] T. Chen. Information and Risk Management. 2009.

[16] CISCO. Data leakage worldwide white paper: The high cost of insider threats, 2011.

[17] Cloud Security Alliance. Security guidance for critical areas of focus in cloud computing v2.1, 2009.

[18] Ernesto Damiani, Claudio Agostino Ardagna, and Nabil El Ioini. Open Source Systems Security Certification. Springer, 2009.

[19] Folker den Braber, Gyrd Brndeland, Heidi E. I. Dahl, Iselin Engan, Ida Hogganvik, Mass S. Lundand Bjrnar Solhaug, Ketil Stlen, and Fredrik Vraalsen. The coras model-based method for security risk analysis. Technical report, SINTEF, 2006.

[20] K Eric Drexler and Mark S Miller. Incentive engineering for computational resource management. The ecology of Computation, 2:231-266, 1988.

[21] S Drissi, H Houmani, and H Medromi. Survey: Risk assessment for cloud computing. International Journal of Advanced Computer Science and Applications, 4:143-148, 2013.

[22] Martin Dufwenberg and Uri Gneezy. Information disclosure in auctions: an experiment. Journal of Economic Behavior & Organization, 48(4):431-444, August 2002.

[23] Benjamin Edelman and Michael Schwarz. Internet advertising and optimal auction design. In Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Las Vegas, Nevada, USA, August 24-27, 2008, page 1, 2008.

[24] Josep Oriol Fitó and Jordi Guitart. Introducing risk management into cloud computing. Technical Report UPC-DAC-RR-2010-33, Technical University of Catalonia, 2010.

[25] Matthew K Franklin and Michael K Reiter. The design and implementation of a secure auction service. Software Engineering, IEEE Transactions on, 22(5):302-312, 1996.

[26] Sailesh Gadia. Cloud computing risk assessment: A case study. ISACA Journal, (1):1-6, 2012.

[27] The Open Group. Risk taxonomy, 2008.

[28] Koichi Harada and Eihachiro Nakamae. Application of the bzier curve to data interpolation. Computer-Aided Design, 14(1):55-59, 1982.

[29] Jay Heiser and Mark Nicolett. Assessing the security risks of cloud computing, 2008.

[30] T. Hoomans, J. Seidenfeld, A. Basu, and D. Meltzer. Systematizing the use of value of information analysis in prioritizing systematic reviews. Technical Report 12-EHC109-EF, Agency for Healthcare Research and Quality, 2012.

[31] Ronald A. Howard. Information value theory. IEEE Trans. Systems Science and Cybernetics, 2(1):22-26, 1966.

[32] Bernardo A Huberman and Scott H Clearwater. A multi-agent system for controlling building environments. In ICMAS, pages 171-176, 1995.

[33] Information Systems Audit and Control Association. Cobit 5. http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Risk-Scenarios-Using-COBIT-5-for-Risk.aspx,2013.

[34] Ari Juels and Michael Szydlo. A two-server, sealed-bid auction protocol. In Financial Cryptography, pages 72-86. Springer, 2003.

[35] Burton S. Kaliski, Jr. andWayne Pauley. Toward risk assessment as a service in cloud environments. In Proceedings of the 2Nd USENIX Conference on Hot Topics in Cloud Computing, HotCloud'10, pages 13-13, Berkeley, CA, USA, 2010. USENIX Association.

[36] A.U. Khan, M. Oriol, M. Kiran, Ming Jiang, and K. Djemame. Security risks and their management in cloud computing. In Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on, pages 121-128, Dec 2012.

[37] Vladimir Kolesnikov. Gate evaluation secret sharing and secure one-round two-party computation. In Advances in Cryptology - ASIACRYPT 2005, 11th International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, December 4-8, 2005, Proceedings, pages 136-155, 2005.

[38] Vijay Krishna. Auction theory. Academic press, 2009.

[39] Antonio Kung, Alberto Crespo Garcia, Nicols Notario McDonnell, Inga Kroener, Daniel Le Mtayer, Carmela Troncoso, Jos Mara del lamo, and Yod Samuel Martns. Pripare: A new vision on engineering privacy and security by design. Technical report, PRIPARE, 2014.

[40] Jeffrey K MacKie-Mason and Hal R Varian. Pricing the internet. Technical report, Econ WPA, 1994.

[41] Dahlia Malkhi, Noam Nisan, Benny Pinkas, and Yaron Sella. Fairplay - secure two-party computation system. In Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, pages 287-302, 2004.

[42] Thomas A Mazzuchi and Johan René van Dorp. A bayesian expert judgment model to determine lifetime distributions for maintenance optimization. Structure and Infrastructure Engineering, 8(4):307-315, 2012.

[43] Moni Naor, Benny Pinkas, and Reuban Sumner. Privacy preserving auctions and mechanism design. In Proceedings of the 1st ACM conference on Electronic commerce, pages 129-139. ACM, 1999.

[44] Khanh Quoc Nguyen and Jacques Traoré. An online public auction protocol protecting bidder privacy. In Information Security and Privacy, pages 427-442. Springer, 2000.

[45] NIST. Federal information processing standard (fips) 65, guideline for automatic data processing risk analysis, 1979.

[46] NIST. Recommended security controls for federal information systems and organizations, 2009.

[47] Kazumasa Omote and Atsuko Miyaji. A practical English auction with one-time registration. In Information Security and Privacy, pages 221-234. Springer, 2001.

[48] David C Parkes, Michael O Rabin, and Christopher Thorpe. Cryptographic combinatorial clock proxy auctions. In Financial Cryptography and Data Security, pages 305-324. Springer, 2009.

[49] Michael O. Rabin. How to exchange secrets with oblivious transfer. IACR Cryptology ePrint Archive, 2005:187, 2005.

[50] Tuomas Sandholm. An implementation of the contract net protocol based on marginal cost calculations. In AAAI, volume 93, pages 256-262, 1993.

[51] Amit Sangroya, Saurabh Kumar, Jaideep Dhok, and Vasudeva Varma. Towards analyzing data security risks in cloud computing environments. In Information Systems, Technology and Management -4th International Conference, ICISTM 2010, Bangkok, Thailand, March 11-13, 2010. Proceedings, pages 255-265, 2010.

[52] P. Saripalli and B. Walters. Quirc: A quantitative impact and risk assessment framework for cloud security. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on, pages 280-288, July 2010.

[53] August-Wilhelm Scheer and Markus Nüttgens. ARIS architecture and reference models for business process management. In Business Process Management, Models, Techniques, and Empirical Studies, pages 376-389, 2000.

[54] Thomas Schneider and Michael Zohner. GMW vs. yao? efficient secure two-party computation with low depth circuits. In Financial Cryptography and Data Security - 17th International Conference, FC 2013, Okinawa, Japan, April 1-5, 2013, Revised Selected Papers, pages 275-292, 2013.

[55] A.S. Sendi and M. Cheriet. Cloud computing: A risk assessment model. In Cloud Engineering (IC2E), 2014 IEEE International Conference on, pages 147-152, March 2014.

[56] R. Sheikh and D.K. Mishra. Protocols for getting maximum value for multi-party computations. In Mathematical/Analytical Modeling and Computer Simulation (AMS), 2010 Fourth Asia International Conference on, pages 597-600, May 2010.

[57] R Smith. Communication and control in problem solver. IEEE Transactions on computers, 29:12, 1980.

[58] Koutarou Suzuki and Makoto Yokoo. Secure generalized vickrey auction using homomorphic encryption. In Financial Cryptography, pages 239-249. Springer, 2003.

[59] The Economist Intelligence Unit. Managing business risks in the information age, 1998.

[60] Paolo Trucco, Enrico Cagno, Fabrizio Ruggeri, and Ottavio Grande. A bayesian belief network modeling of organizational factors in risk analysis: A case study in maritime transportation. Rel. Eng. & Sys. Safety, 93(6):845-856, 2008.

[61] Hal R. Varian. Position auctions. International Journal of Industrial Organization, 25(6):1163-1178, 2007.

[62] Mary Ann FlaniganWagner and James R Wilson. Using univariate be´zier distributions to model simulation input processes. In Proceedings of the 25th conference on Winter simulation, pages 365-373. ACM, 1993.

[63] Carl A Waldspurger, Tad Hogg, Bernardo A. Huberman, Jeffrey O. Kephart, and W. Scott Stornetta. Spawn: A distributed computational economy. Software Engineering, IEEE Transactions on, 18(2):103-117, 1992.

[64] Changjie Wang and Ho-fung Leung. Anonymity and security in continuous double auctions for internet retails market. In System Sciences, 2004. Proceedings of the 37th Annual Hawaii International Conference on, pages 10-pp. IEEE, 2004.

[65] Vic Winkler. Cloud computing: Risk assessment for the cloud. Technet Magazine, January 2012.

[66] David Wright. Should privacy impact assessments be mandatory? Commun. ACM, 54(8):121-131, 2011.