skip to main content
10.1145/2897845.2897911acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Identifying and Utilizing Dependencies Across Cloud Security Services

Authors Info & Claims
Published:30 May 2016Publication History

ABSTRACT

Security concerns are often mentioned amongst the reasons why organizations hesitate to adopt Cloud computing. Given that multiple Cloud Service Providers (CSPs) offer similar security services (e.g., "encryption key management") albeit with different capabilities and prices, the customers need to comparatively assess the offered security services in order to select the best CSP matching their security requirements. However, the presence of both explicit and implicit dependencies across security related services add further challenges for Cloud customers to (i) specify their security requirements taking service dependencies into consideration and (ii) to determine which CSP can satisfy these requirements. We present a framework to address these challenges. For challenge (i), our framework automatically detects conflicts resulting from inconsistent customer requirements. Moreover, our framework provides an explanation for the detected conflicts allowing customers to resolve these conflicts. To tackle challenge (ii), our framework assesses the security level provided by various CSPs and ranks the CSPs according to the desired customer requirements. We demonstrate the framework's effectiveness with real-world CSP case studies derived from the Cloud Security Alliance's Security, Trust and Assurance Registry.

References

  1. M. Almorsy, J. Grundy, and A. Ibrahim. Collaboration-based cloud computing security management framework. Proc. of Cloud Computing, pages 364--371, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. Browning. Applying the design structure matrix to system decomposition and integration problems: a review and new directions. In Trans. on Engg. Management, 48(3):292--306, 2001.Google ScholarGoogle ScholarCross RefCross Ref
  3. V. Casola, A. Mazzeo, N. Mazzocca, and M. Rak. A sla evaluation methodology in service oriented architectures. In Quality of Protection, pages 119--130, 2006.Google ScholarGoogle ScholarCross RefCross Ref
  4. M. Charalambides, P. Flegkas, G. Pavlou, J. Rubio-Loyola, A. Bandara, E. Lupu, A. Russo, N. Dulay, and M. Sloman. Policy conflict analysis for diffserv quality of service management. In Network and Service Management, 6(1):15--30, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. S. Chaves, C. Westphall, and F. Lamin. SLA perspective in security management for cloud computing. Proc. of Networking and Services, pages 212--217, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. C. Chen, S. Yan, G. Zhao, B. Lee, and S. Singhal. A systematic framework enabling automatic conflict detection and explanation in cloud service selection for enterprises. Proc. of Cloud Computing, pages 883--890, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Cloud Security Alliance. The Open Certification Framework. https://cloudsecurityalliance.org/research/ocf/.Google ScholarGoogle Scholar
  8. Cloud Security Alliance. The Security, Trust & Assurance Registry (STAR). https://cloudsecurityalliance.org/star/.Google ScholarGoogle Scholar
  9. N. Dunlop, J. Indulska, and K. Raymond. Dynamic conflict detection in policy-based management systems. Proc. of the Enterprise Distributed Object Computing Conference, pages 15--26, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. C. Ensel and A. Keller. Managing application service dependencies with xml and the resource description framework. Proc. of the Integrated Network Management Proceedings, pages 661--674, 2001.Google ScholarGoogle ScholarCross RefCross Ref
  11. G. Frankova and A. Yautsiukhin. Service and protection level agreements for business processes. Proc. of European Young Researchers Workshop on Service Oriented Computing, pages 38--43, 2007.Google ScholarGoogle Scholar
  12. K. Garg, S. Versteeg, and R. Buyya. A framework for ranking of cloud computing services. In Future Generation Computer Systems, 29(4):1012--1023, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. Gebala and S. Eppinger. Methods for analyzing design procedures. Proc. of Design Theory and Methodology, pages 227--233, 1991.Google ScholarGoogle Scholar
  14. J. Luna, A. Taha, R. Trapero, and N. Suri. Quantitative reasoning about cloud security using service level agreements. In Trans. on Cloud Computing, (99), 2015.Google ScholarGoogle ScholarCross RefCross Ref
  15. L. Krautsevich, F. Martinelli, and A. Yautsiukhin. A general method for assessment of security in complex services. Proc. of Towards a Service-Based Internet, pages 153--164, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. A. Li, X. Yang, S. Kandula, and M. Zhang. Cloudcmp: comparing public cloud providers. Proc. of Internet Measurement, pages 1--14, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. A. Ludwig and B. Franczyk. Cosma--an approach for managing slas in composite services. Proc. of Service-Oriented Computing, pages 626--632, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. J. Luna, R. Langenberg, and N. Suri. Benchmarking Cloud Security Level Agreements Using Quantitative Policy Trees. Proc. of Cloud Computing Security Workshop, pages 103--112, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. D. Marca and C. McGowan. Sadt: structured analysis and design technique. McGraw-Hill, 1987. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. R. Ramanathan. A note on the use of the analytic hierarchy process for environmental impact assessment. In Journal of Environmental Management, 63(1):27--35, 2001.Google ScholarGoogle ScholarCross RefCross Ref
  21. Z. Rehman, F. Hussain, and O. Hussain. Towards multi-criteria cloud service selection. Proc. of Innovative Mobile and Internet Services in Ubiquitous Computing, pages 44--48, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. D. Ross. Structured analysis (SA): A language for communicating ideas. In Software Engineering, (1):16--34, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. T. Saaty. How to make a decision: the analytic hierarchy process. In European journal of operational research, 48(1):9--26, 1990.Google ScholarGoogle Scholar
  24. N. Sangal, E. Jordan, V. Sinha, and D. Jackson. Using dependency models to manage complex software architecture. In Sigplan Notices, 40(10):167--176, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. J. Siegel and J. Perdue. Cloud services measures for global use: the service measurement index (smi). Proc. of Global Conference, pages 411--415, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. D. Steward. The design structure system: a method for managing the design of complex systems. In Trans. on Engg. Management, (3):71--74, 1981.Google ScholarGoogle ScholarCross RefCross Ref
  27. A. Taha, R. Trapero, J. Luna, and N. Suri. AHP-Based Quantitative Approach for Assessing and Comparing Cloud Security. Proc. of Trust, Security and Privacy in Computing and Communications, pages 284--291, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. J. Wiest and F. Levy. A management guide to PERT/CPM. Prentice-Hall, 1977.Google ScholarGoogle Scholar
  29. M. Winkler and A. Schill. Towards dependency management in service compositions. Proc. of e-Business, pages 79--84, 2009.Google ScholarGoogle Scholar
  30. M. Winkler, T. Springer, and A. Schill. Automating composite sla management tasks by exploiting service dependency information. Proc. of Web Services, pages 59--66, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. Zeleny. Multiple Criteria Decision Making. McGraw Hill, 1982.Google ScholarGoogle Scholar

Index Terms

  1. Identifying and Utilizing Dependencies Across Cloud Security Services

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in
          • Published in

            cover image ACM Conferences
            ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security
            May 2016
            958 pages
            ISBN:9781450342339
            DOI:10.1145/2897845

            Copyright © 2016 ACM

            Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 30 May 2016

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article

            Acceptance Rates

            ASIA CCS '16 Paper Acceptance Rate73of350submissions,21%Overall Acceptance Rate418of2,322submissions,18%

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader