The components of cloud computing (as a pay-per-use model) can not only be allocated, deployed and recovered quickly, but also reduced or expanded swiftly. This high scalability and flexibility has brought considerable convenience and benefits for users, but also many difficulties in cloud computing security risk management, especially in risk identification. In Hierarchical Holographic Modeling (HHM), with the system as the research object, the inherent nature is displayed through a multi-angle and multi-dimensional analysis in the form of a chart framework. In order to obtain a full understanding of large-scale systems and reveal the essential characteristics of the system, HHM divides the large and complex system into different classifications from different angles and aspects. Each classification can only describe the relevant content and attributes of a certain aspect of the hierarchical system which break down in a stepwise manner until the last breakdown.

HHM method is suitable for solving large-scale complex problems. Considering the complexity, randomness and uncertainty of security risk identification of cloud computing, with the application of HHM, the definition and identification according to the background reasons, characteristics and expected consequences of cloud computing security risks, and the hierarchical classification of all risk factors, cloud computing system can be described hierarchically from different perspectives and comprehensive security risk identification and inherent relationship between different risk factors can be organized effectively [7T.P. Chen, L.J. Zheng, and X.Y. Zhang, "Application of HHM in risk identification of information system", J. Safety Sci. Tech., vol. 4, no. 6, pp. 98-100, 2008.]. The major steps are as follows:

I. Compilation and analysis of historical data. Before cloud computing security risk identification, the existing theoretical research and related materials on cloud computing security risk factors and security applications are collected, collated and analyzed.

II. Establishment of HHM framework of cloud computing security risk. A full understanding of cloud computing risks is acquired by means of expert research and academic seminars, and a preliminary HHM framework of cloud computing security risks is established. In this paper, according to the security architecture of cloud computing, cloud computing security risk factors are analyzed from three domains (1^st hierarchy), which are cloud computing security operation management, cloud computing security technology implementation and cloud computing security support platform [8C.R. Chen, Y.T. Li, G.P. Liu, and L.W. Yang, Cloud Computing Services - Operations, Management, and Technical Architecture., China Tsinghua University Publishers: Beijing, 2014.] to establish the preliminary HHM framework.

III. Identification of cloud computing security risks. Based on the HHM framework, the three domains of cloud computing security risks are broken down again. The domain of cloud computing security operation management, for example, can be broken down into security operations, business continuity and backup and security operation organization process (2^nd hierarchy). Security operations can be classified into four factors – monitoring and warning, security scan and penetration test, security audit and privacy protection (3^rd hierarchy). At this point, these four specific factors cannot be broken down again, and therefore they are the atomic objects in the final analysis of cloud computing security system.

IV. Analysis of cloud computing security risks. Cloud computing security risk factors are analyzed based on HHM to identify potential security risks and risk factors and establish a formal cloud computing security risk factors HHM framework (Fig. 1), which lays the foundation for cloud computing security assessment.

Fig. (1) Cloud computing security risk factors HHM framework.

It should be noted that cloud computing security risk identification requires a cyclic iterative process (factor acquisition → cloud computing security HHM diagram → factor acquisition → …) to ultimately determine cloud computing security risk factors. If a certain cloud computing security risk source cannot be determined by using the current HHM framework, then the framework should be constantly improved and extended in new dimensions for the identification of all cloud computing security risk factors through the continuous cycle. According to “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0” released by Cloud Security Alliance (CSA), cloud computing security operation management involves cloud computing architectural framework, governance and enterprise risk management, legal issues and electronic discovery, compliance and audit, information management and data security and other key domains; cloud computing security technology implementation includes traditional security, business continuity and disaster recovery, data center operations, incident response, application security, encryption and key management, identity, entitlement and access management, virtualization, etc.; cloud computing security operation management, technology implementation and support platform all demonstrate the critical domain of security as a service. As interoperability and portability (Domain 6) involves business compatibility and portability among multiple operators, it is not unique to cloud computing risk factors. Therefore by applying HHM to cloud computing security risk identification phase, risk factors can be fully captured and identified.

Cloud computing security risks and the probability of potential security incidents along with the resulting losses are closely related. Therefore, the probability and losses must be quantified for relatively accurate measurement of cloud computing security risks. According to GB/T 20984-2007 (Risk Assessment Specification for Information Security), risk calculation of information systems follows the paradigm: risk value = R(A, T, V) (R represents a security risk calculation function; A stands for assets; T represents threats, V indicates vulnerability). The degree of the impact of risk on assets, threat frequency and vulnerability severity is defined as levels 1-5. Cloud computing is a “special” information system, and its security risk value R can be regarded as function of assets, threats and vulnerability. Namely, cloud computing security risk R = G (c, t, f), where c is impact on assets, t is threat frequency, f is vulnerability severity.

As shown in HHM framework, risk factors resulting in cloud computing security incidents have the characteristics of complexity, ambiguity and uncertainty. Therefore, fuzzy comprehensive evaluation method is chosen for the calculation of cloud computing security risks [9Y. Fu, X.P. Wu, Q. Ye, and X. Peng, "An approach for information systems security risk assessment on fuzzy set and entropy-weight", Tien Tzu Hsueh Pao, vol. 38, no. 7, pp. 1489-1494, 2010., 10R. Jiang, Z.F. Ma, T. Li, and Q.J. Zhang, "Study on security risk assessment for technology of cloud computing", App. Elec. Tech., vol. 41, no. 3, pp. 111-115, 2015.]. The evaluation of security risk factors and the construction of membership matrix of the corresponding evaluation set are completed with the use of fuzzy set theory from dimensions of impact on assets, threat frequency and vulnerability severity, and the entropy weight method is used to determine the weight of risk factors to the security risks of cloud computing. Ultimately the security risk values of the three dimensions are determined and quantified into cloud computing security risk values and their corresponding levels.

3.2.1. Fuzzy Sets and Membership Matrices

Firstly, a set of risk factors for cloud computing security is established. Let A={a₁, a₂,…, a_n}, where n is the number of risk factors.

Secondly, evaluation sets are constructed. Different evaluation sets B_c, B_t, B_f are set up for assets, threats and vulnerability respectively: B_c = {b_c1, b_c2, …, b_ci}, B_t = {b_t1, b_t2, …, b_tj}, B_f = {b_f1, b_f2, …, b_fk}, where i, j and k represent the number of factors in corresponding evaluation sets.

Thirdly, fuzzy mapping is conducted. Different factors in risk factor set A are evaluated with the use of evaluation set B, and fuzzy mapping is f:A→F(B). F(B) is the fuzzy set of B, a_i→f(a_i) = {p_i1, p_i2,…,p_im} F(B), where f represents the degree of support of risk factor a_i for each index in evaluation sets.

Fourthly, membership matrices are constructed. The membership vector of risk factor a_i for evaluation set B is p_i = {p_i1, p_i2,…,p_im} (i=1,2,…,n), where n is the number of risk factors and m is the number of indexes in corresponding evaluation sets. Cloud computing security risk membership matrix is:

Similarly, membership matrices of impact on assets, threat frequency and vulnerability severity are P_c, P_t and P_f respectively.

3.2.2. Entropy Weight of Risk Factors

Firstly, assuming that the system may be in different states n: S₁,S₂,…,S_n, P_i represents the probability that the system is in state S_i, where i=1,2,…,n, 0≤P_i≤1, =1. Then the entropy can be expressed as:

(1)

The information entropy H indicates the orderly degree of the system.

Secondly, the relative importance of risk factor a_i can be measured by entropy:

(2)

Here p_ij (i=1,2,…,n;j=1,2,…,m) represents the degree of support of risk factors for each index in evaluation sets. The closer they are equal to each other, the greater the entropy value and uncertainty of risk factor a_i to cloud computing security assessment is.

Thirdly, formula (2) is normalized by using H_max (H_max=lnm) for the entropy of relative importance which measures cloud computing security risk factor a_i:

(3)

According to the formula (2), when the values of p_ij are equal, e_i is the maximum value 1, that is 0≤ e_i ≤1. When the entropy of relative importance of risk factor a_i is the maximum value, this risk factor’s contribution to cloud computing security risk assessment is the smallest.

Fourthly, normalization is conducted again by using 1-e_i to represent the weight of cloud computing security risk factor a_i, and the weight value is:

(4)

3.2.4. Cloud Computing Security Risk Values

According to the formula (4), the corresponding weight vector of cloud computing security risk factors is φ_i=(φ₁, φ₂,…,φ_n), where i=1,2,…,n. The security risk value of impact on assets is:

(5)

Similarly, the security risk values of threat frequency and vulnerability severity are R_t and R_f. Cloud computing security risk value is:

(6)

Here k₁, k₂ and k₃ represent the relative importance of the three aspects, and satisfy k₁ + k₂ + k₃ = 1.

As shown in cloud computing security risk factors HHM framework, cloud computing system is composed of multiple security domains; a cloud security domain is composed of multiple security classes and a certain security class is composed of multiple risk factors. The overall risk level value of cloud computing is:

(7)

Here w_i stands for the weight of the i-th security class in a specific domain (i=1,2,…,n), and satisfies w₁ + w₂ + …+ w_n = 1; R_i stands for the risk value of the n-th security class. w_ij represents the weight of the j-th security domain (j=1,2,…,m), and satisfies w_i1+w_i2+…+w_in=1; R_ij represents the risk value of the j-th security domain.

3.2.5. Cloud Computing Security Risk Levels

When the security risk value of cloud computing system is determined, security risk level can be decided according to security risk membership levels (Table 1).

Table 1
Security risk membership levels.

For simplicity, only the domain of “cloud computing security technology implementation” is used for analysis in this article. According to cloud computing security risk factors HHM framework (Fig. 1), security risk in this domain is subdivided and the risk factor set is as follows:

Given the parallel linear property of the secondary classification A₁, A₂,…, A₆, here only application security (A₁) is discussed, and the method can be applied to other classes. The security class A₁ consists of six risk factors (Table 2), and its factor set is {a₁, a₂, a₃, a₄, a₅, a₆}. The assessment on impact on assets, threat frequency and vulnerability severity is categorized into five levels: high, relatively high, medium, relatively low, and low. Hence the evaluation set of A₁ is B_c = {b_c1, b_c2,…,b_c5}, B_t = {b_t1, b_t2,…,b_t5}, B_f = {b_f1, b_f2,…,b_f5}.

Table 2
Risk factor set in cloud computing security technology implementation domain.

According to expert scoring method (15 experts), the degree of influence of risk factors on assets, threats and vulnerability are rated and the probability of each risk factor belonging to each evaluation index is calculated. The corresponding membership matrices P_c, P_t, and P_f are shown in Table 3.

Table 3
Membership matrix.

θ_c = ( θ_c1, θ_c2, θ_c3, θ_c4, θ_c5, θ_c6) = (0.109, 0.313, 0.160, 0.109, 0.200, 0.109)

θ_t = ( θ_t1, θ_t2, θ_t3, θ_t4, θ_t5, θ_t6) = (0.105, 0.197, 0.017, 0.372, 0.112, 0.197)

θ_f = ( θ_f1, θ_f2, θ_f3, θ_f4, θ_f5, θ_f6) = (0.117, 0.101, 0.206, 0.252, 0.117, 0.206)

The corresponding weights of evaluation sets of assets, threats and vulnerability are:

U = (1/15, 5/15, 3/15, 2/15, 4/15)

V = (3/15, 2/15, 4/15, 1/15, 5/15)

W = (2/15, 3/15, 5/15, 1/15, 4/15)

According to formulas (5) and (6), the risk values of cloud computing application security in three dimensions (A₁) are:

R_c = θ_cP_cU_T = 0.186

R_t = θ_tP_tV_T = 0.202

R_f = θ_fP_fW_T = 0.184.

For cloud computing application security class (A₁), assets, threats and vulnerability are of equal importance, therefore k₁=k₂=k₃=1/3, and the risk value of this class (A₁) is R₁ = k₁R_c + k₂R_t + k₃R_f = 0.191.

According to formula (7), the computing security risk value is: =0.173, where i=6, j=3.

According to Table 1, the cloud computing platform security risk level of this school is low.