Amani S. Ibrahim scite author profile

Although the cloud computing model is considered to be a very promising internet-based computing platform, it results in a loss of security control over the cloud-hosted assets. This is due to the outsourcing of enterprise IT assets hosted on third-party cloud computing platforms. Moreover, the lack of security constraints in the Service Level Agreements between the cloud providers and consumers results in a loss of trust as well. Obtaining a security certificate such as ISO 27000 or NIST-FISMA would help cloud providers improve consumers trust in their cloud platforms' security. However, such standards are still far from covering the full complexity of the cloud computing model. We introduce a new cloud security management framework based on aligning the FISMA standard to fit with the cloud computing model, enabling cloud providers and consumers to be security certified. Our framework is based on improving collaboration between cloud providers, service providers and service consumers in managing the security of the cloud platform and the hosted services. It is built on top of a number of security standards that assist in automating the security management process. We have developed a proof of concept of our framework using .NET and deployed it on a testbed cloud platform. We evaluated the framework by managing the security of a multitenant SaaS application exemplar.

show abstract

CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model

Ibrahim

Hamlyn-Harris

Grundy

et al. 2011

View full text Add to dashboard Cite

Opportunistic Fog for IoT: Challenges and Opportunities

Fernando

Loke

Avazpour

et al. 2019

IEEE Internet Things J.

View full text Add to dashboard Cite

An Ensemble Oversampling Model for Class Imbalance Problem in Software Defect Prediction

et al. 2018

View full text Add to dashboard Cite

Automated software architecture security risk analysis using formalized signatures

Almorsy

Grundy

Ibrahim

2013

View full text Add to dashboard Cite

Adaptable, model-driven security engineering for SaaS cloud-based applications

2013

View full text Add to dashboard Cite

TOSSMA: A Tenant-Oriented SaaS Security Management Architecture

Almorsy

Grundy

Ibrahim

2012

View full text Add to dashboard Cite

Multi-tenancy helps service providers to save costs, improve resource utilization, and reduce service customization and maintenance time by sharing of resources and services. On the other hand, supporting multi-tenancy adds more complexity to the shared application's required capabilities. Security is a key requirement that must be addressed when engineering new SaaS applications or when re-engineering existing applications to support multi-tenancy. Traditional security (re)engineering approaches do not fit with the multitenancy application model where tenants and their security requirements emerge after the system was first developed. Enabling, runtime, adaptable and tenant-oriented application security customization on single service instance is a key challenging security goal in multi-tenant application engineering. In this paper we introduce TOSSMA, a Tenant-Oriented SaaS Security Management Architecture. TOSSMA allows service providers to enable their tenants in defining, customizing and enforcing their security requirements without having to go back to application developers for maintenance or security customizations. TOSSMA supports security management for both new and existing systems. Service providers are not required to write security integration code to use a specific security platform or mechanism. In this paper, we describe details of our approach and architecture, our prototype implementation of TOSSMA, give a usage example of securing a multi-tenant SaaS, and discuss our evaluation experiments of TOSSMA.

show abstract

Score-Based Automatic Detection and Resolution of Syntactic Ambiguity in Natural Language Requirements

Osama

Zaki-Ismail

Abdelrazek

et al. 2020

View full text Add to dashboard Cite

12 3 4 5

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Amani S. Ibrahim

Collaboration-Based Cloud Computing Security Management Framework

CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model

Opportunistic Fog for IoT: Challenges and Opportunities

An Ensemble Oversampling Model for Class Imbalance Problem in Software Defect Prediction

Automated software architecture security risk analysis using formalized signatures

Adaptable, model-driven security engineering for SaaS cloud-based applications

TOSSMA: A Tenant-Oriented SaaS Security Management Architecture

Score-Based Automatic Detection and Resolution of Syntactic Ambiguity in Natural Language Requirements

Contact Info

Product

Resources

About