ABSTRACT
Security concerns are often mentioned amongst the reasons why organizations hesitate to adopt Cloud computing. Given that multiple Cloud Service Providers (CSPs) offer similar security services (e.g., "encryption key management") albeit with different capabilities and prices, the customers need to comparatively assess the offered security services in order to select the best CSP matching their security requirements. However, the presence of both explicit and implicit dependencies across security related services add further challenges for Cloud customers to (i) specify their security requirements taking service dependencies into consideration and (ii) to determine which CSP can satisfy these requirements. We present a framework to address these challenges. For challenge (i), our framework automatically detects conflicts resulting from inconsistent customer requirements. Moreover, our framework provides an explanation for the detected conflicts allowing customers to resolve these conflicts. To tackle challenge (ii), our framework assesses the security level provided by various CSPs and ranks the CSPs according to the desired customer requirements. We demonstrate the framework's effectiveness with real-world CSP case studies derived from the Cloud Security Alliance's Security, Trust and Assurance Registry.
- M. Almorsy, J. Grundy, and A. Ibrahim. Collaboration-based cloud computing security management framework. Proc. of Cloud Computing, pages 364--371, 2011. Google ScholarDigital Library
- T. Browning. Applying the design structure matrix to system decomposition and integration problems: a review and new directions. In Trans. on Engg. Management, 48(3):292--306, 2001.Google ScholarCross Ref
- V. Casola, A. Mazzeo, N. Mazzocca, and M. Rak. A sla evaluation methodology in service oriented architectures. In Quality of Protection, pages 119--130, 2006.Google ScholarCross Ref
- M. Charalambides, P. Flegkas, G. Pavlou, J. Rubio-Loyola, A. Bandara, E. Lupu, A. Russo, N. Dulay, and M. Sloman. Policy conflict analysis for diffserv quality of service management. In Network and Service Management, 6(1):15--30, 2009. Google ScholarDigital Library
- S. Chaves, C. Westphall, and F. Lamin. SLA perspective in security management for cloud computing. Proc. of Networking and Services, pages 212--217, 2010. Google ScholarDigital Library
- C. Chen, S. Yan, G. Zhao, B. Lee, and S. Singhal. A systematic framework enabling automatic conflict detection and explanation in cloud service selection for enterprises. Proc. of Cloud Computing, pages 883--890, 2012. Google ScholarDigital Library
- Cloud Security Alliance. The Open Certification Framework. https://cloudsecurityalliance.org/research/ocf/.Google Scholar
- Cloud Security Alliance. The Security, Trust & Assurance Registry (STAR). https://cloudsecurityalliance.org/star/.Google Scholar
- N. Dunlop, J. Indulska, and K. Raymond. Dynamic conflict detection in policy-based management systems. Proc. of the Enterprise Distributed Object Computing Conference, pages 15--26, 2002. Google ScholarDigital Library
- C. Ensel and A. Keller. Managing application service dependencies with xml and the resource description framework. Proc. of the Integrated Network Management Proceedings, pages 661--674, 2001.Google ScholarCross Ref
- G. Frankova and A. Yautsiukhin. Service and protection level agreements for business processes. Proc. of European Young Researchers Workshop on Service Oriented Computing, pages 38--43, 2007.Google Scholar
- K. Garg, S. Versteeg, and R. Buyya. A framework for ranking of cloud computing services. In Future Generation Computer Systems, 29(4):1012--1023, 2013. Google ScholarDigital Library
- D. Gebala and S. Eppinger. Methods for analyzing design procedures. Proc. of Design Theory and Methodology, pages 227--233, 1991.Google Scholar
- J. Luna, A. Taha, R. Trapero, and N. Suri. Quantitative reasoning about cloud security using service level agreements. In Trans. on Cloud Computing, (99), 2015.Google ScholarCross Ref
- L. Krautsevich, F. Martinelli, and A. Yautsiukhin. A general method for assessment of security in complex services. Proc. of Towards a Service-Based Internet, pages 153--164, 2011. Google ScholarDigital Library
- A. Li, X. Yang, S. Kandula, and M. Zhang. Cloudcmp: comparing public cloud providers. Proc. of Internet Measurement, pages 1--14, 2010. Google ScholarDigital Library
- A. Ludwig and B. Franczyk. Cosma--an approach for managing slas in composite services. Proc. of Service-Oriented Computing, pages 626--632, 2008. Google ScholarDigital Library
- J. Luna, R. Langenberg, and N. Suri. Benchmarking Cloud Security Level Agreements Using Quantitative Policy Trees. Proc. of Cloud Computing Security Workshop, pages 103--112, 2012. Google ScholarDigital Library
- D. Marca and C. McGowan. Sadt: structured analysis and design technique. McGraw-Hill, 1987. Google ScholarDigital Library
- R. Ramanathan. A note on the use of the analytic hierarchy process for environmental impact assessment. In Journal of Environmental Management, 63(1):27--35, 2001.Google ScholarCross Ref
- Z. Rehman, F. Hussain, and O. Hussain. Towards multi-criteria cloud service selection. Proc. of Innovative Mobile and Internet Services in Ubiquitous Computing, pages 44--48, 2011. Google ScholarDigital Library
- D. Ross. Structured analysis (SA): A language for communicating ideas. In Software Engineering, (1):16--34, 1977. Google ScholarDigital Library
- T. Saaty. How to make a decision: the analytic hierarchy process. In European journal of operational research, 48(1):9--26, 1990.Google Scholar
- N. Sangal, E. Jordan, V. Sinha, and D. Jackson. Using dependency models to manage complex software architecture. In Sigplan Notices, 40(10):167--176, 2005. Google ScholarDigital Library
- J. Siegel and J. Perdue. Cloud services measures for global use: the service measurement index (smi). Proc. of Global Conference, pages 411--415, 2012. Google ScholarDigital Library
- D. Steward. The design structure system: a method for managing the design of complex systems. In Trans. on Engg. Management, (3):71--74, 1981.Google ScholarCross Ref
- A. Taha, R. Trapero, J. Luna, and N. Suri. AHP-Based Quantitative Approach for Assessing and Comparing Cloud Security. Proc. of Trust, Security and Privacy in Computing and Communications, pages 284--291, 2014. Google ScholarDigital Library
- J. Wiest and F. Levy. A management guide to PERT/CPM. Prentice-Hall, 1977.Google Scholar
- M. Winkler and A. Schill. Towards dependency management in service compositions. Proc. of e-Business, pages 79--84, 2009.Google Scholar
- M. Winkler, T. Springer, and A. Schill. Automating composite sla management tasks by exploiting service dependency information. Proc. of Web Services, pages 59--66, 2010. Google ScholarDigital Library
- M. Zeleny. Multiple Criteria Decision Making. McGraw Hill, 1982.Google Scholar
Index Terms
Identifying and Utilizing Dependencies Across Cloud Security Services
Recommendations
Benchmarking cloud security level agreements using quantitative policy trees
CCSW '12: Proceedings of the 2012 ACM Workshop on Cloud computing security workshopWhile the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications onto it has been limited, in part, due to the lack of security assurance on the Cloud Service Provider (CSP). However, the ...
Different facets of security in the cloud
CNS '12: Proceedings of the 15th Communications and Networking Simulation SymposiumCloud computing is a long fantasized visualization of computing as a utility, where data owners can remotely store and access their data in the cloud anytime and from anywhere. Using a shared pool of configurable resources, users can be relieved from ...
A security evaluation framework for cloud security auditing
Cloud computing is clearly one of today's most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the ...
Comments