Security Risk Assessment of Cloud Carrier

摘要

Cloud computing based delivery model has been adopted by end-users and enterprises to reduce enterprise IT costs and complexities. The ability to offload user software and data to cloud datacenters has raised many security and privacy concerns over the cloud computing model. Significant research efforts have focused on hypervisor security and low-layer operating system implementations in cloud datacenters. Unfortunately, the role of a cloud carrier on the security and privacy of user software and data has not been well studied. A cloud carrier represents the wide area network that provides the connectivity and transport of cloud services between cloud consumers and cloud providers. In this paper, we present a risk assessment framework to study the security risk of the cloud carrier between cloud users and two cloud providers. The risk assessment framework leverages the National Vulnerability Database (NVD) to examine the security vulnerabilities of operating systems of routers within the cloud carrier. This framework provides the quantifiable security metrics of each cloud carrier, which enables cloud users to select quality of security services among cloud providers. Such security metric information is very useful in the Service Level Agreement (SLA) negotiation between a cloud user and a cloud provider. It can be also used to build a tool for verifying the commitment of an SLA. Furthermore, we implement this framework on Amazon Web Services and Windows Azure, respectively. Our experiments show that the security risks of cloud carriers on these two commercial clouds are significantly different. This finding provides guidance for a network provider to improve the security of cloud carriers.