Научный журнал Моделирование, оптимизация и информационные технологииThe scientific journal Modeling, Optimization and Information Technology
cетевое издание
issn 2310-6018

VULNERABILITY CLASSIFICATION OF CLOUD TOOLS IN THE PROBLEM OF QUANTITATIVE RISK ASSESSMENT

Tsaregorodtsev A.V.   Zelenina A.N.   Savel'yev V.A.  

UDC 004.056:061.68
DOI:

  • Abstract
  • List of references
  • About authors

Almost all technologies that are now part of the cloud paradigm existed before, but so far there have been no offers on the market that would combine the promising technologies in a single commercially attractive solution. Only in the past decade publicly available cloud services emerged, which made these technologies, on the one hand, available to the developer, and on the other hand, understandable for the business community. But many of the features that make cloud computing attractive can conflict with traditional information security models. Based on a common vulnerability assessment system, which allows to determine the qualitative index of susceptibility to vulnerabilities of information systems taking into account environmental factors, a methodology for risk assessment for different types of deployment of cloud environments was proposed. Based on the widely used Common Vulnerability Accounting System, which helps to determine the qualitative indicator of susceptibility to information system vulnerabilities, the article proposes a classification of vulnerabilities typical for different types of cloud deployment.

1. Tsaregorodtsev, A.V. Model' otsenki riskov informatsionnoy bezopasnosti informatsionnykh sistem na osnove oblachnykh vychisleniy [Tekst] / Tsaregorodtsev, A.V., Yermoshkin, G.N. // Natsional'naya bezopasnost'. 2013. №6(29). P.46-54.

2. Tsaregorodtsev, A.V. Otsenka uyazvimostey dlya razlichnykh tipov razvertyvaniya oblachnykh sred [Tekst] / Tsaregorodtsev, A.V., Makarenko, Ye.V. // Bezopasnost' informatsionnykh tekhnologiy. 2014. №4. P.112-117.

3. Tsaregorodtsev, A.V. Odin iz podkhodov k otsenke riskov informatsionnoy bezopasnosti v oblachnykh sredakh [Tekst] / Tsaregorodtsev, A.V., Malyuk, A.A., Makarenko, Ye.V. // Bezopasnost' informatsionnykh tekhnologiy. – M., 2014. – №4. – P.68-74.

4. Tsaregorodtsev, А. Methodology of vulnerability assessment for various types of cloud structures [Текст] / Tsaregorodtsev, А., Zelenina, А., Ružický, E. // Information Technology Applications. – Bratislava, Slovakia, 2017. – №1. – С.51-60.

5. Tsaregorotsev, A. Automation of the distribution process of sensitive data processing in a hybrid cloud computing environment [Текст] / Tsaregorotsev, A., Zelenina A. // Information Technology Applications. – Bratislava, Slovakia, 2016. – №1. – С.137-149.

Tsaregorodtsev Anatoly Valeryevich
Doctor of Technical Sciences Professor
Email: academic_tsar@mail.ru

Moscow State Linguistic University

Moscow, Russian Federation

Zelenina Anna Nikolaevna
Candidate of Technical Sciences Associate Professor
Email: snakeans@gmail.com


Voronezh, Russian Federation

Savel'yev Vasiliy Aleksandrovich

Moscow State Linguistic University

Moscow, Russian Federation

Keywords: information security, cloud computing, vulnerability, risk model, risk assessment

For citation: Tsaregorodtsev A.V. Zelenina A.N. Savel'yev V.A. VULNERABILITY CLASSIFICATION OF CLOUD TOOLS IN THE PROBLEM OF QUANTITATIVE RISK ASSESSMENT. Modeling, Optimization and Information Technology. 2017;5(4). Available from: https://moit.vivt.ru/wp-content/uploads/2017/10/ZaregorodzevSoavtori_4_2_17.pdf DOI: (In Russ).

108

Full text in PDF