Application Design Phase Risk Assessment Framework using Cloud Security Domains


Security risk assessment is done to identify the vulnerabilities of a client's application and develop strong security measures within budgetary constraints. However, while migrating to the Cloud platform, a generic notion of their publicly available security policies make it challenging for clients to assess the security threats solely relevant to their applications. Additionally, traditional risk assessment techniques cannot address these challenges as they neither consider cloud security domains as assessment criteria nor identifies critical system resources that need to be protected in the likelihood of a successful attack. In order to address these challenges, this paper presents a risk assessment framework for clients’ applications that is characterized by the inclusion of cloud security metrics to perform risk assessment during the design phase of an application by incorporating the techniques of cloud misuse patterns. It also helps improve the security requirements phase that precedes risk assessment, by illustrating clients how different attack scenarios can spread through the applications by using the concepts of percolation centrality and probabilistic state transition diagrams. One of the key findings this work address is how to systematically gain a distinction between multiple system resources belonging to the same security defense priority level.


Computer Science

Research Center/Lab(s)

Center for High Performance Computing Research

Second Research Center/Lab

Intelligent Systems Center

Keywords and Phrases

Cloud computing; Cloud migration; Misuse patterns; Security risk assessment; Software development lifecycle

International Standard Serial Number (ISSN)


Document Type

Article - Journal

Document Version


File Type





© 2020 Elsevier, All rights reserved.

Publication Date

01 Dec 2020