Security Assessment Framework for Multi-tenant Cloud with Nested Virtualization

Security assessment and mitigation have gained considerable attention over the recent years according to the information technology evolution and its broad adoption. Organizations are more aware of their data security, and they also have become more exigent in terms of extensibility and flexibility of their Information Technology infrastructures. Cloud computing is introduced as an evolution of information technology that offers major solutions and techniques to meet the evolving requirements of both tenants and clients. Therefore, extensibility and dynamic adjustment, which are among the most essential Cloud advantages, can make the security analysis a very hard task. There have been many approaches to analyze automatically the cyber security of traditional IT infrastructures without taking into account the dynamic nature of Cloud computing and it's new features, such as the nested virtualization. Until now, there is a few work to assess the security of Cloud computing. In this paper, we propose a novel approach to design and develop Model-based Automated Security Assessment Tool for Cloud Computing named MASAT.