Assessment Model of Cloud Service Security Level Based on Standardized Security Metric Hierarchy

In order to cope with the issues existing in the traditional literature that assessment metrics are coarse-grained and non-quantitative as well as assessment methods are subjective and low efficiency, an assessment model of could service security level based on the standardized security metric hierarchy was proposed. First, a fine-grained, quantifiable and standardized cloud service security metric hierarchy was structured according to the principle of evaluation metric system. The content of cloud service security metric hierarchy was composed of both domestic and foreign standards related to the cloud service security. Second, a cloud service security level evaluation model was proposed based on the metric hierarchy. Considering the difference of metric' types and impact of attributes on the security features of cloud services, a security level assessment method was designed based on the objective weights assignment of the metrics to evaluate the security level of cloud services. Finally, a case study and a performance comparison experiment were respectively conducted to validate effectiveness of the proposed assessment model and efficiency of its evaluation method. Experimental results show that the proposed assessment method is efficient and accurate in the cloud service security level assessment, and the evaluation method outperforms the traditional cloud service security assessment methods. © 2020, Editorial Department of Advanced Engineering Sciences. All right reserved.