Loading [MathJax]/extensions/MathMenu.js
Multi-criteria Decision Making Model for Vulnerabilities Assessment in Cloud Computing regarding Common Vulnerability Scoring System | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2019 Congreso Internacional d...

Multi-criteria Decision Making Model for Vulnerabilities Assessment in Cloud Computing regarding Common Vulnerability Scoring System

PDF
Holman Bolívar; Héctor Dario Jaimes Parada; Olga Roa; John Velandia
All Authors

Abstract:

Vulnerability is associated with the probability of resistance of actions of a threat. A vulnerability exists when a force of threat exceeds the capacity of resistance. V...Show More

Metadata

Abstract:

Vulnerability is associated with the probability of resistance of actions of a threat. A vulnerability exists when a force of threat exceeds the capacity of resistance. Virtualization and its exclusive architecture have numerous features and advantages over non-conventional virtual machines. However, this new uniqueness creates new vulnerabilities and attacks on a cloud system. Assessing the security of software services on Cloud is complex because the security depends on the vulnerability of infrastructure, platform and software services. In 2017, over 14,000 new vulnerabilities were disclosed, so, a key question for administrators is which vulnerabilities to prioritize. The Common Vulnerability Scoring System (CVSS) is often used to decide which vulnerabilities pose the greatest risk. CVSS V3 creates a metric for each vulnerability and establishes a very broad definition of vulnerabilities, therefore, multi-criteria decision making (MCDM) is necessary to making a choice of the best alternative from among a finite set of decision alternatives in terms of multiple criteria. We propose a model for the evaluation and prioritization of vulnerabilities in cloud architectures based on the Common Vulnerability Scoring System and multi-criteria decision making.
Published in: 2019 Congreso Internacional de Innovación y Tendencias en Ingenieria (CONIITI )
Date of Conference: 02-04 October 2019
Date Added to IEEE Xplore: 16 January 2020
ISBN Information:
DOI: 10.1109/CONIITI48476.2019.8960909
Conference Location: Bogota, Colombia
Citations are not available for this document.
Contents

I. Introduction

Cloud computing (CC) refers to applications delivered as services over the Internet and, hardware and software in the data centers that provide those services [1]. While there are a number of definitions of “CC” we adopted National Institute of Standards and Technology (NIST) definition: “A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” [2]. CC is a special technological paradigm that may revolutionize how organizations use Information and communication technology (ICT) by facilitating the delivery of all technology as a service [3]. Since the popularization of the term in 2006, cloud computing has evolved to become the top technology priority for organizations worldwide [4]. ICT improvements render CC both an effective and cost-efficient platform for Small and medium-sized enterprises (SMEs) [5]. The majority of studies have focused on large organizations, with little attention paid to SMEs. [6].

Cites in Papers - |

Cites in Papers - IEEE (3)

Select All
1.
Negin Moghadasi, Mai Luu, Rahman O. Adekunle, Thomas L. Polmateer, Mark C. Manasco, John M. Emmert, James H. Lambert, "Research and Development Priorities for Security of Embedded Hardware Devices", IEEE Transactions on Engineering Management, vol.71, pp.2800-2811, 2024.
Show Article
Google Scholar
2.
Abril Ximena Sánchez López, Ian Gerardo Horcasitas Pérez, Juan Carlos Hernández Mora, John Velandia, "IT Trends: A Literature Review", 2023 Congreso Internacional de Innovación y Tendencias en Ingeniería (CONIITI), pp.1-9, 2023.
Show Article
Google Scholar
3.
Deiver Mena, Fredy Pardo, "Gamification as a Function of the Support to the Treatment of Depression – Meta-Analysis", 2023 Congreso Internacional de Innovación y Tendencias en Ingeniería (CONIITI), pp.1-6, 2023.
Show Article
Google Scholar

Cites in Papers - Other Publishers (3)

1.
Erfan Koza, "An Assessment Model for Prioritizing CVEs in Critical Infrastructures in the Context of Time and Fault Criticality", Critical Information Infrastructures Security, vol.13723, pp.93, 2023.
CrossRef Google Scholar
2.
Wael Zayat, Huseyin Selcuk Kilic, Ahmet Selcuk Yalcin, Selim Zaim, Dursun Delen, "Application of MADM Methods in Industry 4.0: A Literature Review", Computers & Industrial Engineering, pp.109075, 2023.
CrossRef Google Scholar
3.
Jorge Reyes, Walter Fuertes, Paco Arévalo, Mayra Macas, "An Environment-Specific Prioritization Model for Information-Security Vulnerabilities Based on Risk Factor Analysis", Electronics, vol.11, no.9, pp.1334, 2022.
CrossRef Google Scholar
Contact IEEE to Subscribe
More Like This
Automotive Cybersecurity Vulnerability Assessment Using the Common Vulnerability Scoring System and Bayesian Network Model

IEEE Systems Journal

Published: 2023

Security threat probability computation using Markov Chain and Common Vulnerability Scoring System

2018 28th International Telecommunication Networks and Applications Conference (ITNAC)

Published: 2018

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.