题名

以安全風險量測模式評估雲端運算的安全性

并列篇名

A Security Risk Measurement model for Evaluating Cloud Computing Security

作者

賴森堂

关键词

雲端運算 ; 安全風險量測 ; 安全因子 ; 評估程序 ; 服務供應商 ; cloud computing ; security risk measurement ; security factors ; evaluation procedure ; service provider

期刊名称

電腦稽核

卷期/出版年月

32期(2015 / 08 / 01)

页次

31 - 44

内容语文

繁體中文
中文摘要

雲端運算是資訊資源共享的趨勢,用戶可以彈性調整容量與配置,也是企業與組織提升競爭力的重要利器。不過,駭客的入侵、惡意使用者、員工的道德與誠信及雲端環境的溝通介面持續威脅雲端運算的安全運作,雲端運算安全性受到嚴格的考驗,如何有效評估雲端運算的安全風險成為一項值得探究的議題。結合系統、管理與技術等層面的安全因子,本文提出一套安全風險量測(SEcurity Risk Measur ement; SERM)模式。利用SERM模式的特質,雲端運算的安全風險與缺失可以被識別,雲端運算的安全運作環境可以被評估,且基於安全風險評估的結果,使用單位可以挑選出高安全性的服務供應商,或要求服務供應商提供適時的安全改善措施,有效降低雲端運算的安全風險。
英文摘要

Cloud computing is the trend of information resources sharing and also an important tool for enterprises or organizations to enhance competitiveness. Users have the flexibility to adjust request and configuration. However, network security and resource sharing issues have continued to threaten the operation of cloud computing, making cloud computing security encounter serious test. How to evaluate cloud computing security has become a topic worthy of further exploration. Combining system, management and technique three levels security factors, this paper proposes a SEcurity Risk Measurement (SERM) Model. Applying the SERM model, security of cloud computing system environment can be effectively evaluated and cloud computing security defects and problems can be concretely identified. Based on the evaluation results, the user can choice the higher security service provider or request the service provider security improvement actions.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. Gens., F. (2009, Feb. ) “New IDC IT Cloud Services Survey: Top Benefits and Challenges”, IDC eXchange, Available: (http://blogs.idc.com/ie/?p=730 ) [April 18, 2015].
  2. CSA (2011) Cloud Security Alliance Defined Categories of Service 2011.(2011)(https://cloudsecurityalliance.org/wp-ontent/uploads/2011/09/SecaaS_V1_0.pdf)
  3. Binning David, (2009 ) “Top five cloud computing security issues,” computer weekly , April 2009. (http://www.computerweekly.com/news/2240089111/Top-five-cloud-computing-security-issues )
  4. CSCC(2012)Security for Cloud Computing 10 Steps to Ensure Success, Cloud Standards Customer Council, August, 2012..
  5. PRWEB UK (2013 ) “A Cloud Computing Forecast Summary for 2013 - 2017 from IDC, Gartner and KPMG, Written by AppsCare,” (2013 ) PRWEB UK, November 2013. (http://uk.prweb.com/releases/2013/11/prweb11341594.htm )
  6. Brodkin, J. ( 2008 )“ Gartner: Seven cloud-computing security risks.” Infoworld, Available: (http://www.infoworld.com/d/security-central/gartner-seven-loudcomputingsecurity-risks-853?page=0,1 ) [April 18, 2015].
  7. Bisong, A,Rahman, S(2011).An overview of the Security concerns in Enterprise Cloud Computing.International Journal of Network Security & Its Applications,3(1),30-45.
  8. Boehm, B. W.(1981).Software Engineering Economics.New Jersey:Prentice- Hall.
  9. Carlin, S,Curran, K(2011).Cloud Computing Security.International Journal of Ambient Computing and Intelligence,3(1),38-46.
  10. Conte, S. D.,Dunsmore, H. E.,Shen, V. Y.(1986).Software Engineering Metrics and Models.Menlo Park:Benjamin/Cummings.
  11. Fenton, N. E.(1991).Software Metrics - A Rigorous Approach.Chapman & Hall.
  12. Grobauer, B.,Walloschek, T.,Stöcker, E.(2010).Understanding Cloud ComputingVulnerabilities.IEEE Security and Privacy,99
  13. Jansen, Wayne,Grance, Timothy(2011).,NIST Special Publication.
  14. Mell, Peter,Grance, Timothy(2011).,NIST Special Publication.
  15. Popovic, K,Hocenski, Z(2010).Cloud Computing Security issues and challenges.Proceedings of the 33rd International convention MIPRO,Washington DC, USA:
  16. Ramgovind, S.,Eloff, M. M.,Smith, E.(2010).The Management of Security in Cloud Computing.PROC 2010 IEEE International Conference on Cloud Computing
print cancel