Security Assessment Research For Cloud IaaS Service Based On Classified Protection

Infrastructure-as-a-Service (IaaS) is one of the three major service models of Cloud Computing. An IaaS Cloud provider allocates computational resources to customers in the form of virtual machines (VMs) deployed in the Cloud provider’s data center. Accurate security level evaluation of IaaS Clouds can give guidance to IaaS providers for providing safty and reliable cloud services. Hence, security level evaluation of IaaS is of vital importance.However, featured with virtualization and multitenancy, systematic security level evaluation of IaaS is difficulty.Supported by National information security special projects, aiming at the requirement of security level quantification in cloud computing service, combining with features of the IaaS model and the classified protection theory, the article designed the security assessment index system for cloud IaaS service based on the third level of classified protection through Delphi method, which help to estimate the IaaS services security level from technical safety and managment security comprehensively. About evalution method, firstly, weight of each index was calculated with analytic hierarchy process. Firstly, the article uses analytic hierarchy process (AHP) to confirm the weighing of all level indexes. Then, considering multi-factors, multi-goals and complexity, the article used fuzzy synthetically judge model to assess the security level of IaaS. At last, IaaS provider (company A) was taken as an example to make empirical analysis that showed this model can effectively quantify and assess the security level of IaaS.The innovation in this article mainly lies in the construction of a set of scientific, rational and comprehensive security assessment index system for cloud IaaS service based on classified protection, and the utilization of qualitative and quantitative evaluation methods. The article is a meaningful exploration of cloud security assessment, which provides a reference for third-party assessment agencies when they assess the IaaS providers’ security level and to promote the healthy development of IaaS cloud computing industry.