Off-campus SJSU users: To download campus access theses, please use the following link to log into our proxy server with your SJSU library user name and PIN.
Publication Date
Fall 2016
Degree Type
Thesis - Campus Access Only
Degree Name
Master of Science (MS)
Department
Computer Engineering
Advisor
Weider D. Yu
Keywords
cloud computing, fishbone diagram, machine learning, root-cause analysis, threat, vulnerability
Subject Areas
Computer engineering; Computer science
Abstract
Cloud-computing is a new paradigm with great potentials for delivering a wide variety of services to different types of customers. It can substitute the traditional IT infrastructure and eliminate the requirements for building and maintaining physical IT infrastructure fully or partly. As a result, cloud customers find themselves outsourcing all or a part of their critical assets, thus losing full control over them. Therefore, despite the cloud’s great offerings and potentials, many organizations and businesses are still reluctant to adopt the cloud due to security concerns. Understanding the cloud's existing issues is one of the very first, yet essential, steps to make it more reliable. This work was dedicated to studying and modeling the dominant threats and vulnerabilities to the cloud. At first, a fishbone diagram was created to model threats and vulnerabilities in cloud-computing. This fishbone diagram was then used as a root-cause analysis tool to analyze and categorize cloud incident scenarios published by Cloud Security Alliances (CSA) and Cloutage datasets. As a result, the responsible root-causes for 60% of the studied cloud incidents were identified. Determining the root-cause factors for the remaining 40% of the cloud incidents using the fishbone diagram was impossible due to the lack of sufficient details in the scenarios provided for those incidents. For overcoming this challenge, a solution was proposed based on supervised machine learning binary classification. By applying this solution, the responsible root-causes for 96% of the incidents with unknown root-cause could be predicted.
Recommended Citation
Runiassy, Maryam, "Modeling Cloud Computing Threats and Vulnerabilities" (2016). Master's Theses. 4775.
DOI: https://doi.org/10.31979/etd.wcn8-66xp
https://scholarworks.sjsu.edu/etd_theses/4775