Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Analyzing and improving customer-side cloud security certifiability
AU - Zhao, Shujie
AU - Chen, Yiqun
AU - Winter, Stefan
AU - Suri, Neeraj
PY - 2019/10/1
Y1 - 2019/10/1
N2 - © 2019 IEEE. Cloud services have become popular as an effective form to outsource computational resources. While providing cost efficiency on the one side, this outsourcing also causes a certain loss of control over the computational resources, which makes security risks difficult to predict and manage. To address such concerns, security service level agreements (secSLAs) have been proposed as contracts between Cloud service providers (CSPs) and Cloud service customers (CSCs) that cover security properties of Cloud services. SecSLAs cover a variety of different security properties, ranging from the availability of encrypted communication channels for accessing Cloud resources to the timely detection and removal of vulnerabilities in the CSP's infrastructure. As previous work [1] has shown, and as is evident for the example of timely vulnerability removal, not all of these security properties can be assessed by the CSC, which limits their utility as a contract basis. In this paper we propose a new monitoring framework for Cloud services to support the monitoring and validation of security properties on the customer side that require infrastructure-internal knowledge. To obtain the security properties to be monitored by our framework, we have manually investigated 97 different quantifiable properties in 5 standards from both industry and academia. We identified only 21 measurable properties from those standards, out of which we implement measurements for 13 representative ones and evaluated our measurements on the OPENSTACK platform.
AB - © 2019 IEEE. Cloud services have become popular as an effective form to outsource computational resources. While providing cost efficiency on the one side, this outsourcing also causes a certain loss of control over the computational resources, which makes security risks difficult to predict and manage. To address such concerns, security service level agreements (secSLAs) have been proposed as contracts between Cloud service providers (CSPs) and Cloud service customers (CSCs) that cover security properties of Cloud services. SecSLAs cover a variety of different security properties, ranging from the availability of encrypted communication channels for accessing Cloud resources to the timely detection and removal of vulnerabilities in the CSP's infrastructure. As previous work [1] has shown, and as is evident for the example of timely vulnerability removal, not all of these security properties can be assessed by the CSC, which limits their utility as a contract basis. In this paper we propose a new monitoring framework for Cloud services to support the monitoring and validation of security properties on the customer side that require infrastructure-internal knowledge. To obtain the security properties to be monitored by our framework, we have manually investigated 97 different quantifiable properties in 5 standards from both industry and academia. We identified only 21 measurable properties from those standards, out of which we implement measurements for 13 representative ones and evaluated our measurements on the OPENSTACK platform.
KW - Cloud Computing
KW - Runtime Monitoring
KW - Security Validation
UR - http://www.scopus.com/inward/record.url?scp=85080915778&partnerID=8YFLogxK
U2 - 10.1109/ISSREW.2019.00088
DO - 10.1109/ISSREW.2019.00088
M3 - Conference contribution/Paper
SP - 300
EP - 307
BT - Proceedings - 2019 IEEE 30th International Symposium on Software Reliability Engineering Workshops, ISSREW 2019
ER -