VULCAN: Vulnerability Assessment Framework for Cloud Computing

P. Kamongi, S. Kotikela, K. Kavi, M. Gomathisankaran and A. Singhal
Cyber-Security, Countermeasures, Security Ontology, STRIDE, Cloud Computing, Threat Assessment

Assessing security of software services on Cloud is complex because the security depends on the vulnerability of infrastructure, platform and the software services. In many systems, the platform or the infrastructure on which the software will actually run may not be known or guaranteed. This implies that the security of the software service must be assured regardless of the underlying infrastructure or platform, requiring a large number of combinations. Another common trend in Cloud and Service oriented Architecture (SoA) environments is Service composition, whereby new services can be created rapidly by composing existing services. Once again, the component services must be tested for security levels on a large number of platform and infrastructure combinations. In this paper we propose a novel vulnerability assessment framework for cloud computing systems. We have designed and developed a prototype of our framework.

Publish Date: 
Tuesday, June 18, 2013
Proceedings of the IEEE 7th International Conference on Software Security and Reliability
Paper URL: