Model for IaaS Security Model: MISP Framework

Cloud computing offers plenty of services having benefits of cost cutting, flexibility, availability, elasticity and pay per use for cloud users and centralized control, safety and management for Cloud Service Providers (CSP). Out of several service models, Infrastructure-as-a-Service (IaaS) preludes by offering access to computing resources like CPUs, servers, network devices through software like APIs, UIs and GUIs over the internet. Along with numerous merits of IaaS, there exist several security and privacy issues and threats to Confidentiality, Integrity and Authentication (CIA) triad. In this paper, we explore security and privacy issues related to IaaS components through rigorous study and determine counter measures for the same. Furthermore, with the help of MITRE ATT&CK knowledge base, a Model for IaaS Security and Privacy: MISP framework is proposed. The framework is exhibited as a multidimensional structure, each dimension having different parameters. This leads to addition of important features currently missing in the existing models. The proposed framework enhances security and privacy in IaaS model and guides for safer adoption of the delivery model by organizations and enterprises.