ThreatRiskEvaluator: A Tool for Assessing Threat-Specific Security Risks in the Cloud

In cloud computing, security risks posed to individual clients are different based on their specific security requirements. In current practice, cloud providers usually apply generic protection mechanisms that may not be effective in addressing specific threats for different clients. In this paper, we describe a tool, called ‘ThreatRiskEvaluator’ that assesses security risks that are specific and relevant to specific cloud clients. The tool implements a novel risk analysis mechanism that utilizes various security-related properties of the cloud such as vulnerability information, the probability of an attack, as well as client-specific security requirements. The method enables cloud providers to make fine-grained decisions for selecting specific protection mechanisms to tackle specific risks posed to individual clients based on their security needs against specific threats.