Abstract
Background: Currently, Cloud Service Provider (CSP) or third party usually proposes principles and methods for cloud security risk evaluation, while cloud users have no choice but to accept them. However, since cloud users and cloud service providers have conflicts of interests, cloud users may not trust the results of security evaluation performed by the CSP. Different cloud users may have different security risk preferences, which makes it difficult for the third party to consider all users' needs during evaluation. In addition, current security evaluation indexes for the cloud are too impractical to test (e.g., indexes like interoperability, transparency, portability are not easy to be evaluated).
Methods: To solve the above problems, this paper proposes a practical cloud security risk evaluation method of decision-making based on conflicting roles by using the Analytic Hierarchy Process (AHP) with Aggregation of Individual Priorities (AIP).
Results: Not only can our method bring forward a new index system based on risk source for cloud security and corresponding practical testing methods, but also can obtain the evaluation result with the risk preferences of conflicting roles, namely CSP and cloud users, which can lay a foundation for improving mutual trusts between the CSP and cloud users. The experiments show that the method can effectively assess the security risk of cloud platforms and in the case where the number of clouds increased by 100% and 200%, the evaluation time using our methodology increased by only 12% and 30%.
Conclusion: Our method can achieve consistent decisions based on conflicting roles, high scalability and practicability for cloud security risk evaluation.
Keywords: Cloud security, risk evaluation, decision-making based on conflicting roles, security risk preference, Analytic hierarchy process with aggregation of individual priorities, cloud service provider.
Graphical Abstract