nach oben

The Journal of Supercomputing

Erschienen in:

02.05.2017

A security evaluation framework for cloud security auditing

verfasst von: Syed Rizvi, Jungwoo Ryoo, John Kissell, William Aiken, Yuhong Liu

Erschienen in: The Journal of Supercomputing | Ausgabe 11/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Cloud computing is clearly one of today’s most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the data security and privacy. Currently, there are several cloud service providers (CSPs) offering a wide range of services to their customers with varying levels of security strengths. Due to the vast diversity in the available cloud services, from the customer’s perspective, it has become difficult to decide which CSP they should use and what should be the selection criteria. Presently, there is no framework that can allow CSUs to evaluate CSPs based on their ability to meet the customer’s security requirements. We propose a framework and a mechanism that evaluate the security strength of CSPs based on the customer’s security preferences. We have shown the applicability of our security evaluation framework using a case study.

Vorheriger Artikel Design and implementation of an attestation protocol for measured dynamic behavior

Nächster Artikel An efficient cascaded method for network intrusion detection based on extreme learning machines

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Peter M, Timothy G (2011) The NIST definition of cloud computing. National Institute of Standards and Technology (NIST), version 15. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

Park J, Spetka E, Rasheed H, Ratazzi P, Han K (2012) Near-real-time cloud auditing for rapid response. In: Proc. of the 26th International Conference on Advanced Information Networking and Applications Workshops, pp 1252–1257. doi:10.1109/WAINA.2012.78

Sen J (2013) Security and privacy issues in cloud computing. In: Antonio R (ed) Architectures and protocols for secure information technology, IGI-Global, USA, 2013. arxiv:1303.4814

Cloud Adoption Practices & Priorities Survey Report (2015) Cloud security alliance (CSA), https://cloudsecurityalliance.org/research/surveys/

Cloud Security Survey 2015: Trends in Cloud Security (2015) Alert Logic. https://www.alertlogic.com/resources/cloud-security-report-2015/

Juels A, Oprea A (2013) New approaches to security and availability for cloud data. Commun ACM 56(2):64–73. doi:10.1145/2408776.2408793 CrossRef

Bender D (2012) Privacy and security issues in cloud computing. Comput Internet Lawyer 29(10):1–15

Silva C, Ferreira A, Geus P (2012) A methodology for management of cloud computing using security criteria. In: Proceedings of the 2012 IEEE Latin America Conference on Cloud Computing and Communications, pp 49–54. doi:10.1109/LatinCloud.2012.6508157

Rees R (2011) PCI virtualization SIG releases guidelines. InFocus, Retrieved from: http://infocus.emc.com/richard_rees/pci-virtualization-sig-releases-guidelines

10.

Litty L, Cavilla H, Lie D (2009) Computer meteorology: monitoring compute clouds. In: Proceedings of the \(12{{\rm th}}\) Conference on Hot Topics in Operating Systems, USENIX Association, Berkeley, CA, USA, pp 4

11.

Xen Hypervisor: the open source standard for hardware virtualization (2013) Xen.org. Retrieved from http://xen.org/products/xenhyp.html

12.

Tholeti B (2011) Hypervisors, virtualization, and the cloud: learn about hypervisors, system virtualization, and how it works in a cloud environment. IBM Developer Works, http://www.ibm.com/developerworks/cloud/library/cl-hypervisorcompare/

13.

Sunyaev A, Schneider S (2013) Cloud services certification. Commun ACM 56(2):33–36. doi:10.1145/2408776.2408789 CrossRef

14.

Modi C, Patel D, Borisaniya B, Patel A, Rajarajan M (2013) A survey on security issues and solutions at different layers of cloud computing. J Supercomput 63(2):561–592CrossRef

15.

Rizvi S, Ryoo J, Kissell J, Aiken B (2015) A stakeholder-oriented assessment index for cloud security auditing. In: Proceedings of the 9th International Conference on Ubiquitous Information Management and Communication (IMCOM ’15). ACM, New York, NY, USA, Article 55, 7 pages. doi:10.1145/2701126.2701226

16.

The notorious nine: cloud computing top threats in 2013 (2013) Cloud Security Alliance, Tech. Rep., Retrieved from: https://cloudsecurityalliance.org/group/top-threats/

17.

Cappelli D, Moore A, Trzeciak R (2012) The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (theft, aabotage, fraud). ser. SEI Series in Software Engineering. 1st edn. Addison-Wesley Professional, Boston

18.

McCormac A, Parsons K, Butavicius M (2012) Preventing and profiling malicious insider attacks. Defence Science and Technology Organisation, Australian Government Department of Defense

19.

Pauley W (2010) Cloud provider transparency: an empirical evaluation. IEEE Secur Priv 8(6):32–39. doi:10.1109/MSP.2010.140 CrossRef

20.

Zeng W, Zhao Y, Zeng J (2009) Cloud service and service selection algorithm research. In: Proceedings of the first ACM/SIGEVO Summit on Genetic and Evolutionary Computation, ACM, pp 1045–1048

21.

Martens B, Teuteberg F, Gräuler M (2011) Design and implementation of a community platform for the evaluation and selection of cloud computing services: a market analysis. In: Proceedings of European Conference on Information Systems

22.

Hussain FK, Hussain OK (2011) Towards multi-criteria cloud service selection. In: 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp 44–48

23.

Gui Z, Yang C, Xia J, Huang Q, Liu K, Li Z et al (2014) A Service brokering and recommendation mechanism for better selecting cloud services. PLoS One 9(8):e105297. doi:10.1371/journal.pone.0105297 CrossRef

24.

Habib SM, Varadharajan V, Muhlhauser M (2013) A trust-aware framework for evaluating security controls of service providers in cloud marketplaces. In: Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp 459–468. doi:10.1109/TrustCom.2013.58

25.

Ko RKL, Jagadpramana P, Mowbray M, Pearson S, Kirchberg M, Qianhui L, Lee BS (2011) TrustCloud: a framework for accountability and trust in cloud computing. In: Proceedings of the 2011 IEEE World Congress on Services (SERVICES), pp 584–588. doi:10.1109/SERVICES.2011.91

26.

Tariq M (2012) Towards information security metrics framework for cloud computing. Int J Cloud Comput Serv Sci 1(4):209–217

27.

Reixa M, Costa C, Aparicio M (2012) Cloud services evaluation framework. In: Proceedings of the Workshop on Open Source and Design of Communication (OSDOC ’12). ACM, New York, NY, USA, pp 61–69

28.

Garg SK, Versteeg S, Buyya R (2013) A framework for ranking of cloud computing services. Futur Gener Comput Syst 29(4):1012–1023. doi:10.1016/j.future.2012.06.006 CrossRef

29.

Rivera J, Yu H, Williams K, Zhan J, Yua X (2015) Assessing the security posture of cloud service providers. In: Proceedings of the 5th International Conference on IS Management and Evaluation—ICIME, pp 103–110

30.

Consensus Assessments Initiative Questionnaire (CAIQ) v3.0.1 by Cloud Security Alliance (CSA). https://cloudsecurityalliance.org/group/consensus-assessments/

31.

Yu H, Williams K, Yuan X (2015) Cloud computing threats and provider security assessment. Algorithms and Architectures for Parallel Processing. Vol. 9532 of the series Lecture Notes in Computer Science pp 238–250CrossRef

32.

Egea M, Mahbub K, Spanoudakis G, Vieira M (2015) A certification framework for cloud security properties. The Monitoring Path. Accountability and Security in the Cloud. Vol. 8937 of the series Lecture Notes in Computer Science, pp 63–77

33.

Tian L, Lin C, Ni Y (2010) Evaluation of user behavior trust in cloud computing. In: Proceedings of the 2010 International Conference on Computer Application and System Modeling (ICCASM), pp.V7-567-V7-572. doi:10.1109/ICCASM.2010.5620636

34.

Chong SK, Abawajy J, Ahmad M, Hamid IR (2014) Enhancing trust management in cloud environment. In: Proceedings of the 2nd International Conference on Innovation, Management and Technology Research. Vol 129, pp 314–321. doi:10.1016/j.sbspro.2014.03.682 CrossRef

35.

Marudhadevi D, Dhatchayani VN, Sriram VS (2015) A trust evaluation model for cloud computing using service level agreement. Comput J 58:2225–2232. doi:10.1093/comjnl/bxu129 CrossRef

36.

Alhamad M, Dillon T, Chang E (2010) SLA-based trust model for cloud computing. In: Proceedings of the 2010, 13th International Conference on Network-Based Information Systems (NBIS ’10). IEEE Computer Society, Washington, DC, USA, pp 321–324. doi:10.1109/NBiS.2010.67

37.

Haq I, Alnemr R, Paschke A, Schikuta E, Boley H, Meinel C (2010) Distributed trust management for validating SLA choreographies. Grids and Service-Oriented Architectures for Service Level Agreements, pp 45–55. doi:10.1007/978-1-4419-7320-7_5 CrossRef

38.

Ghosh N, Ghosh SK, Das SK (2015) “SelCSP: a framework to facilitate selection of cloud service providers. IEEE Trans Cloud Comput 3(1):66–79. doi:10.1109/TCC.2014.2328578 CrossRef

39.

Mitchell J, Rizvi S, Ryoo J (2015) A fuzzy-logic approach for evaluating a cloud service provider. In: To The 2015 The 1st International Conference on Software Security and Assurance (ICSSA’15), July 27, 2015, Sungkyunkwan University, Korea

Titel: A security evaluation framework for cloud security auditing
verfasst von: Syed Rizvi
Jungwoo Ryoo
John Kissell
William Aiken
Yuhong Liu
Publikationsdatum: 02.05.2017
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 11/2018
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-017-2055-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 11/2018

Cost-efficient reactive scheduling for real-time workflows in clouds

Zeroing memory deallocator to reduce checkpoint sizes in virtualized HPC environments

An efficient cascaded method for network intrusion detection based on extreme learning machines

Remote user authentication and key agreement for mobile client–server environments on elliptic curve cryptography

An SDN-enhanced load-balancing technique in the cloud system

GPU-accelerated high-performance encoding and decoding of hierarchical RAID in virtual machines

Premium Partner