Off-campus SJSU users: To download campus access theses, please use the following link to log into our proxy server with your SJSU library user name and PIN.

Publication Date

Fall 2016

Degree Type

Thesis - Campus Access Only

Degree Name

Master of Science (MS)

Department

Computer Engineering

Advisor

Weider D. Yu

Keywords

cloud computing, fishbone diagram, machine learning, root-cause analysis, threat, vulnerability

Subject Areas

Computer engineering; Computer science

Abstract

Cloud-computing is a new paradigm with great potentials for delivering a wide variety of services to different types of customers. It can substitute the traditional IT infrastructure and eliminate the requirements for building and maintaining physical IT infrastructure fully or partly. As a result, cloud customers find themselves outsourcing all or a part of their critical assets, thus losing full control over them. Therefore, despite the cloud’s great offerings and potentials, many organizations and businesses are still reluctant to adopt the cloud due to security concerns. Understanding the cloud's existing issues is one of the very first, yet essential, steps to make it more reliable. This work was dedicated to studying and modeling the dominant threats and vulnerabilities to the cloud. At first, a fishbone diagram was created to model threats and vulnerabilities in cloud-computing. This fishbone diagram was then used as a root-cause analysis tool to analyze and categorize cloud incident scenarios published by Cloud Security Alliances (CSA) and Cloutage datasets. As a result, the responsible root-causes for 60% of the studied cloud incidents were identified. Determining the root-cause factors for the remaining 40% of the cloud incidents using the fishbone diagram was impossible due to the lack of sufficient details in the scenarios provided for those incidents. For overcoming this challenge, a solution was proposed based on supervised machine learning binary classification. By applying this solution, the responsible root-causes for 96% of the incidents with unknown root-cause could be predicted.

Download

Share

COinS