Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Identifying and utilizing dependencies across cloud security services
AU - Taha, A.
AU - Metzler, P.
AU - Trapero, R.
AU - Luna, J.
AU - Suri, Neeraj
PY - 2016/5/30
Y1 - 2016/5/30
N2 - Security concerns are often mentioned amongst the reasons why organizations hesitate to adopt Cloud computing. Given that multiple Cloud Service Providers (CSPs) offer similar security services (e.g., \encryption key management") albeit with different capabilities and prices, the customers need to comparatively assess the offered security services in order to select the best CSP matching their security requirements. However, the presence of both explicit and implicit dependencies across security related services add further challenges for Cloud customers to (i) specify their security requirements taking service dependencies into consideration and (ii) to determine which CSP can satisfy these requirements. We present a framework to address these challenges. For challenge (i), our framework automatically detects conicts resulting from inconsistent customer requirements. Moreover, our framework provides an explanation for the detected conicts allowing customers to resolve these conicts. To tackle challenge (ii), our framework assesses the security level provided by various CSPs and ranks the CSPs according to the desired customer requirements. We demonstrate the framework's effectiveness with real-world CSP case studies derived from the Cloud Security Alliance's Security, Trust and Assurance Registry. © 2016 ACM.
AB - Security concerns are often mentioned amongst the reasons why organizations hesitate to adopt Cloud computing. Given that multiple Cloud Service Providers (CSPs) offer similar security services (e.g., \encryption key management") albeit with different capabilities and prices, the customers need to comparatively assess the offered security services in order to select the best CSP matching their security requirements. However, the presence of both explicit and implicit dependencies across security related services add further challenges for Cloud customers to (i) specify their security requirements taking service dependencies into consideration and (ii) to determine which CSP can satisfy these requirements. We present a framework to address these challenges. For challenge (i), our framework automatically detects conicts resulting from inconsistent customer requirements. Moreover, our framework provides an explanation for the detected conicts allowing customers to resolve these conicts. To tackle challenge (ii), our framework assesses the security level provided by various CSPs and ranks the CSPs according to the desired customer requirements. We demonstrate the framework's effectiveness with real-world CSP case studies derived from the Cloud Security Alliance's Security, Trust and Assurance Registry. © 2016 ACM.
KW - Cloud security
KW - Security quantification
KW - Security service level agreements
KW - Service dependencies
KW - Sales
KW - Cloud securities
KW - Cloud service providers
KW - Customer requirements
KW - Encryption key management
KW - Security requirements
KW - Security services
KW - Service dependency
KW - Customer satisfaction
U2 - 10.1145/2897845.2897911
DO - 10.1145/2897845.2897911
M3 - Conference contribution/Paper
SN - 9781450342339
SP - 329
EP - 340
BT - ASIA CCS '16 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security
PB - ACM
ER -