2014 IEEE 6th International Conference on Cloud Computing Technology and Science 2014
DOI: 10.1109/cloudcom.2014.85
|View full text |Cite
|
Sign up to set email alerts
|

A Multi-layer and MultiTenant Cloud Assurance Evaluation Methodology

Abstract: Abstract-Data with high security requirements is being processed and stored with increasing frequency in the Cloud. To guarantee that the data is being dealt in a secure manner we investigate the applicability of Assurance methodologies. In a typical Cloud environment the setup of multiple layers and different stakeholders determines security properties of individual components that are used to compose Cloud applications. We present a methodology adapted from Common Criteria for aggregating information reflect… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
5

Citation Types

0
6
0

Year Published

2015
2015
2022
2022

Publication Types

Select...
5
1
1

Relationship

2
5

Authors

Journals

citations
Cited by 10 publications
(6 citation statements)
references
References 5 publications
0
6
0
Order By: Relevance
“…The results of this process can then be used as evidence in a possible lawsuit by establishing the level of security the system had when a fault occurred. In our previous work in the SECCRIT 1 project, we proposed a methodology for modeling high assurance, i.e. analyzing how high level security properties can be measured per component of a cloud service and define how continuous aggregation of measured information can be achieved [1], [2].…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…The results of this process can then be used as evidence in a possible lawsuit by establishing the level of security the system had when a fault occurred. In our previous work in the SECCRIT 1 project, we proposed a methodology for modeling high assurance, i.e. analyzing how high level security properties can be measured per component of a cloud service and define how continuous aggregation of measured information can be achieved [1], [2].…”
Section: Introductionmentioning
confidence: 99%
“…The aim of this work is to investigate how existing cloud monitoring solutions can offer a unified view on assurance related monitoring artifacts regardless of the tools in use for low level monitoring. An example of a security property in our existing approach [1], [2] is "strong password". It supports confidentiality by validating a set of characteristics (i.e.…”
Section: Introductionmentioning
confidence: 99%
“…The project aims to analyse and evaluate cloud computing technologies with respect to security risks in sensitive environments, and consequently to develop methodologies, technologies, and best practices for creating a secure, trustworthy, and high assurance cloud computing environment for critical infrastructures (Simpson et al, 2013). More precisely, the work presented here is oriented on cloud assurance activities and resilience management activities, which includes assurance and resilience management frameworks supported by monitoring of cloud services (Shirazi et al, 2015), (Hudic et al, 2014), (Scholler et al, 2013).…”
Section: Introductionmentioning
confidence: 99%
“…Users and service providers are in fact concerned about new risks threatening their data and applications once stored/deployed in the cloud. Research on assurance techniques has focused on enhancing cloud trust and transparency, and touched different aspects of assurance, such as audit, certification, compliance (e.g., [1], [2], [3], [4], [5]). …”
Section: Introductionmentioning
confidence: 99%