A Risk Assessment Study: Encircling Docker Container Assets on IaaS Cloud Computing Topology

The articulate utilization of docker container assets in Cloud Computing is one strategic pivotal aspect of the underlying rationale for customers to conjecture on their ventures. It can be standardized under the organization's viewpoints toward its purposes and objectives, given the facilities...

Full description

Saved in:
Bibliographic Details
Main Authors: Hersyah, Mohammad Hafiz, Hossain, Md Delwar, Taenaka, Yuzo, Kadobayashi, Youki
Format: Conference Proceeding
Language:English
Subjects:
Cloud computing
Containers
docker container
Infrastructure-as-a-Service
NIST
Productivity
Risk Assessment
Risk management
Software
Topology
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The articulate utilization of docker container assets in Cloud Computing is one strategic pivotal aspect of the underlying rationale for customers to conjecture on their ventures. It can be standardized under the organization's viewpoints toward its purposes and objectives, given the facilities provided by a cloud service provider. IaaS (Infrastructure-as-a-Service) topology offers many opportunities, including serverless capability in a docker container through software abstraction, and magnifying customization. Techniques such as intensifying the quality of streamlined services, and uplifts productivity, become sufficient evidence of underlying equal responsibilities between provider and customer, which need to be evaluated its risks periodically to improve the resilience of containerized objects. This study contributes alternate insight concerning risk assessment methodology in a docker container environment to mitigate the risk rating and propose risk treatment recommendations for cloud providers and customers. To grasp unified security perception in analyzing assets, threats, and vulnerabilities, harnessing several methods and international standards such as the Analytical Hierarchy process, Partial Dependency, ISO 27K Family, MITRE ATT& CK, EBIOS Risk Manager, and NIST 800-30. The experiment uses a realworld threat group from MITRE ATT& CK called TeamTNT.
ISSN:2159-6972
DOI:10.1109/CIoT57267.2023.10084910