Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - A security metrics framework for the Cloud
AU - Luna, J.
AU - Ghani, H.
AU - Germanus, D.
AU - Suri, Neeraj
PY - 2011/7/18
Y1 - 2011/7/18
N2 - Cloud computing is redefining the on-demand usage of remotely-located, and highly available computing resources to the user. Unfortunately, while the many economic and technological advantages are apparent, the migration of key sector applications to the Cloud has been limited due to a major show-stopper: the paucity of quantifiable metrics to evaluate the tradeoffs (features, problems and the economics) of security. Despite the obvious value ofmetrics in different scenarios to evaluate such tradeoffs, a formal and standard-based approach for the addressing of security metrics in the Cloud is a much harder and very much an open issue. This paper presents our views on the importance and challenges for developing a security metrics framework for the Cloud, also taking into account our ongoing research with organizations like the Cloud Security Alliance and European projects like ABC4Trust, CoMiFin and INSPIRE. This paper also introduces the basic building blocks of a proposed security metrics framework for elements such as a Cloud provider's security assessment, taking into account the different service and deployment models of the Cloud.
AB - Cloud computing is redefining the on-demand usage of remotely-located, and highly available computing resources to the user. Unfortunately, while the many economic and technological advantages are apparent, the migration of key sector applications to the Cloud has been limited due to a major show-stopper: the paucity of quantifiable metrics to evaluate the tradeoffs (features, problems and the economics) of security. Despite the obvious value ofmetrics in different scenarios to evaluate such tradeoffs, a formal and standard-based approach for the addressing of security metrics in the Cloud is a much harder and very much an open issue. This paper presents our views on the importance and challenges for developing a security metrics framework for the Cloud, also taking into account our ongoing research with organizations like the Cloud Security Alliance and European projects like ABC4Trust, CoMiFin and INSPIRE. This paper also introduces the basic building blocks of a proposed security metrics framework for elements such as a Cloud provider's security assessment, taking into account the different service and deployment models of the Cloud.
KW - Cloud dependability
KW - Cloud security
KW - Security compliance
KW - Security measurements
KW - Security metrics
KW - Basic building block
KW - Cloud providers
KW - Computing resource
KW - Different services
KW - European project
KW - Security assessment
KW - Security measurement
KW - Cryptography
KW - Rating
KW - Regulatory compliance
KW - Cloud computing
M3 - Conference contribution/Paper
SP - 245
EP - 250
BT - Proceedings of the International Conference on Security and Cryptography 2011
PB - IEEE
ER -