A security risk management model for cloud computing systems: Infrastructure as a service

Abstract

Cloud Computing represents a new computing way that increases dynamically capabilities without investing new infrastructure. It become much adopted today thanks to many advantages like distributed computing, scalability and performance, multi-tenancy and pay per use services. However, it poses many serious security issues at all cloud delivery models. Software, Platform, and Infrastructure as a Service are the three main service delivery models for Cloud Computing. Infrastructure as a Service (IaaS) serves as the basis layer for the other delivery models, and a lack of security in this layer will affect the other delivery models. This paper presents a detailed study of IaaS components’ security and determines vulnerabilities and security solutions. Finally, to combat security repose, we present a security risk management framework for Cloud system to threats and vulnerabilities reduction security risks mitigation. The proposed security risk management framework is based on a quantitative security risk assessment model to evaluate risks for this system.