Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


Computer Engineering and Sciences

First Advisor

William H. Allen

Second Advisor

Marius Silaghi

Third Advisor

Shengzhi Zhang

Fourth Advisor

Muzaffar Shaikh


With the rapid growth of cloud computing and the increasing importance of measuring the security of cloud systems, more attention has been focused on the need for security metrics that are specific to cloud computing. The use of metrics in cloud computing enables improved service selection, service agreement, and service verification. This dissertation presents a taxonomy of cloud security metrics and guideline and a framework for allocating cloud security metrics shared responsibility. The taxonomy considers several novel viewpoints. Metrics are organized by cloud capability type (Application, Platform, Infrastructure) along with the type of cloud deployment (public, private, hybrid, community), and the different needs of managerial, operational and technical staff within a cloud system are also considered. In addition, the sharing of responsibility for gathering and evaluating metrics between cloud customers and providers is incorporated. The goal of this research is to use the taxonomy as the basis for a framework to guide cloud customers and providers in selecting and using security metrics to better protect cloud systems. The framework provides guidelines for determining the proportion of shared responsibility for cloud security metrics between potential cloud customers and service providers based on factors such as the type of cloud capability, deployment model, and metrics categories.


Copyright held by author