Abstract:
Cloud computing offers an innovative business model for all cloud enterprises to serve IT services with no need to have technical details. The extreme growth of cloud usage increases the probability of threats occurrence, which in turn leads to financial and other losses. So there is a need to use appropriate metrics to assess the failure cost among cloud stakeholders according to their different needs; we propose a measure called “Mean Failure Cost” (MFC) which quantifies the impact of failure (per unit of time) by representing the losses for each stakeholder as a result of possible security failure.
This study investigates this MFC measure which has been adapted to cloud computing by proposing four innovative models: The main model is “The Abstract Representation Model” which is used as a generic model, and then the MFC metric is enriched by proposing three expanded models which are used to refine the MFC cyber-security measure, these new expanded models are: “Multi-dimensional MFC model” (M2FC), “Service Based MFC Model (SBMFCM)” and “The Hybrid Model”, these models are used to serve different cloud sectors. The MFC matrices are filled by empirical data with analytical reasoning, these data is used as a “Default Data” which leads to gain reasonable, accurate and precise results that are compliant with a disciplined “Probability Disruption Rule”, cloud experts can re-adjust these default data. Some of Verification and Validation (V&V) measures are used to reduce the failure cost; these models can be evaluated using an innovative cost/benefit analysis model by matching the deployment cost of these V&V measures against the benefit.
These new expansions on MFC give us a clear refinement, accurate estimation and useful interpretation for security related decision-making. Moreover, all proposed models of the MFC provide a unified model of security concepts because security lacks a clear taxonomy of all MFC parameters which leads to the improvement of the system’s software quality.
The overall aim of this study is to refine, investigate and adapt the MFC model with cloud computing systems by using cloud-specific knowledge.
These aspects are supported by an automated tool which aim to fill all MFC matrices based on empirical data and analytical reasoning then evaluate the obtained results using economical based approaches that help the decision makers to decide whether the measure is worthwhile or not and expected results are achieved.
