Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - A Framework for Ranking Cloud Security Services
AU - Taha, A.
AU - Trapero, R.
AU - Luna, J.
AU - Suri, Neeraj
A2 - X., Liu
A2 - U., Bellur
PY - 2017/6/25
Y1 - 2017/6/25
N2 - Although the use of Cloud services is proliferating, the notion of Cloud security remains ambiguous. This typically arises from two causes, namely (a) the limited awareness about security details by the average Cloud customer which results in the customers being unable to clearly express their security requirements, or (b) the lack of interfaces/tools that can meaningfully capture the customer requirements. In general, the Cloud customers are only able to provide qualitative requirements due to their inability to express precise security requirements. Nevertheless, Cloud customers still need to assess and benchmark various security services provided by different providers in order to select the most suitable Cloud provider that can satisfy their 'imprecise and uncertain' security requirements. This paper proposes a methodology for enhancing the security aspects of Cloud services by quantitatively comparing the customer security requirements with the security offered by Cloud providers. The novelty of our approach is based on the usage of a fuzzy logic schema to manage the uncertainty of those qualitative requirements. We validate our framework by applying it to real-world data that leverages the standardized Cloud service level agreements structure proposed in the ISO/IEC 19086 standard. © 2017 IEEE.
AB - Although the use of Cloud services is proliferating, the notion of Cloud security remains ambiguous. This typically arises from two causes, namely (a) the limited awareness about security details by the average Cloud customer which results in the customers being unable to clearly express their security requirements, or (b) the lack of interfaces/tools that can meaningfully capture the customer requirements. In general, the Cloud customers are only able to provide qualitative requirements due to their inability to express precise security requirements. Nevertheless, Cloud customers still need to assess and benchmark various security services provided by different providers in order to select the most suitable Cloud provider that can satisfy their 'imprecise and uncertain' security requirements. This paper proposes a methodology for enhancing the security aspects of Cloud services by quantitatively comparing the customer security requirements with the security offered by Cloud providers. The novelty of our approach is based on the usage of a fuzzy logic schema to manage the uncertainty of those qualitative requirements. We validate our framework by applying it to real-world data that leverages the standardized Cloud service level agreements structure proposed in the ISO/IEC 19086 standard. © 2017 IEEE.
KW - Cloud security
KW - Security quantification
KW - Security service level agreements
KW - Computation theory
KW - Cryptography
KW - Distributed database systems
KW - Fuzzy logic
KW - Sales
KW - Web services
KW - Cloud providers
KW - Cloud securities
KW - Cloud services
KW - Customer requirements
KW - Security aspects
KW - Security requirements
KW - Security services
KW - Customer satisfaction
U2 - 10.1109/SCC.2017.48
DO - 10.1109/SCC.2017.48
M3 - Conference contribution/Paper
SN - 9781538620069
SP - 322
EP - 329
BT - 2017 IEEE International Conference on Services Computing (SCC)
PB - IEEE
ER -