The Repository @ St. Cloud State

Open Access Knowledge and Scholarship

Date of Award


Culminating Project Type

Starred Paper

Degree Name

Information Assurance: M.S.


Information Assurance and Information Systems


Herberger School of Business

First Advisor

Dr. Abdullah Abu Hussein

Second Advisor

Dr. Lynn Collen

Third Advisor

Dr. Balsy Kasi

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Keywords and Subject Headings

Platform-as-a-service security issues, cloud security, quantification of risks


Cloud computing is a scalable and cost-effective technology being adopted by organizations to increase profits and flexibility. Due to the nature of cloud service models, security is a big concern for organizations. In this paper, we discussed the security issues in the Platform-as-a-Service cloud service model and the various possible attack types on PaaS. PaaS has a number of stakeholders such as developers, testers, deployers, and administrators. PaaS stakeholders have different security goals, objectives, and tolerance to risks. Organizations need to understand the possible threats, source of those threats, and different security requirements of their stakeholders in a PaaS service model so that they can measure the risks accurately and implement effective security controls. The objective of the study is to provide stakeholders of PaaS with means to quantify the security threats in PaaS cloud services. We studied the different ways in the literature to measure the security risks in cloud computing. We proposed our methodology to quantify security in PaaS from a stakeholder’s point of view, considering their interactions with various PaaS components and the tasks they perform. We identified the stakeholders, their interactions with different components, and the tasks they perform by creating a taxonomy. We then used a well-known metric, Mean Failure Cost, to quantify the failure cost of PaaS components as pertinent to stakeholders. This will help the organizations to assess their security controls and implement better security measures.