查看文章

While Cloud usage increasingly involves security considerations, there is still a conspicuous lack of techniques for users to assess/ensure that the security level advertised by the Cloud Service Provider (CSP) is actually delivered. Recent efforts have proposed extending existing Cloud Service Level Agreements (SLAs) to the security domain, by creating Security SLAs (SecLAs) along with attempts to quantify and reason about the security assurance provided by CSPs. However, both technical and usability issues limit their adoption in practice. In this paper we introduce a new technique for conducting quantitative and qualitative analysis of the security level provided by CSPs. Our methodology significantly improves upon contemporary security assessment approaches by creating a novel decision making technique based on the Analytic Hierarchy Process (AHP) that allows the comparison and benchmarking of the …