Skip to main content
SpringerLink
Log in

Security-Centric Evaluation Framework for IT Services

  • Conference paper
  • First Online:
Book cover Green, Pervasive, and Cloud Computing (GPC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10232))

Included in the following conference series:

  • 1923 Accesses

Abstract

Tremendous growth and adoption of cloud based services within IT enterprises has generated important requirements for security provisioning. Users need to evaluate the security characteristics of different providers and their offered services. This generates an additional requirement for methods to compare cloud service providers on the basis of their capabilities to meet security requirements. This paper proposes a novel framework to assess and compare cloud services on the basis of their security offerings, leveraging existing best practices and standards to develop new relevant metrics. We provide comparison yardsticks related to security to evaluate cloud services such that the security robustness of cloud services can be computed using easy to evaluate deconstructed metrics. This paper provides a framework that can be leveraged to provide security enhancement plans both for users and providers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Grozev, N., Buyya, R.: Inter-cloud architectures and application brokering: taxonomy and survey. Softw. Pract. Exper. 44(3), 369–390 (2014). http://dx.doi.org/10.1002/spe.2168

    Article  Google Scholar 

  2. Ali, M., Khan, S.U., Vasilakos, A.V.: Security in cloud computing: opportunities and challenges. Inf. Sci. 305, 357–383 (2015)

    Article  MathSciNet  Google Scholar 

  3. Cloud Security Alliance. https://cloudsecurityalliance.org/. Accessed 30 Jan 2017

  4. Cloud Computing Synopsis and Recommendations. https://www.nist.gov/sites/default/files/documents/itl/cloud/RATAX-CloudServiceMetricsDescription-DRAFT-20141111.pdf. Accessed 06 Feb 2017

  5. Motion Picture Association of America. http://www.mpaa.org/. Accessed 31 Jan 2017

  6. International Organization for Standardization. http://www.iso.org. Accessed 31 Jan 2017

  7. Control Objectives for Information and Related Technologies. http://www.isaca.org/cobit/pages/default.aspx. Accessed 31 Jan 2017

  8. Health Insurance Portability and Accountability Act of 1996. https://www.hhs.gov/hipaa/. Accessed 31 Jan 2017

  9. Family Educational Rights and Privacy Act. https://ed.gov/policy/gen/guid/fpco/ferpa/index.html. Accessed 31 Jan 2017

  10. Federal Risk and Authorization Management Program. https://www.fedramp.gov/. Accessed 31 Jan 2017

  11. Jericho Forum. https://collaboration.opengroup.org/jericho/index.htm. Accessed 31 Jan 2017

  12. Na, S.-H., Huh, E.-N.: A methodology of assessing security risk of cloud computing in user perspective for security-service-level agreements. In: 2014 Fourth International Conference on Innovative Computing Technology (INTECH), pp. 87–92, August 2014

    Google Scholar 

  13. Shaikh, R., Sasikumar, M.: Trust model for measuring security strength of cloud computing service. Procedia Comput. Sci. 45, 380–389 (2015)

    Article  Google Scholar 

  14. Luna Garcia, J., Langenberg, R., Suri, N.: Benchmarking cloud security level agreements using quantitative policy trees. In: Proceedings of the ACM Workshop on Cloud Computing Security Workshop, pp. 103–112. ACM (2012)

    Google Scholar 

  15. Garg, S.K., Versteeg, S., Buyya, R.: SMICloud: a framework for comparing and ranking cloud services. In: 2011 Fourth IEEE International Conference on Utility and Cloud Computing, pp. 210–218, December 2011

    Google Scholar 

  16. Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD), pp. 280–288. IEEE, July 2010. http://dx.doi.org/10.1109/cloud.2010.22

  17. Casola, V., Benedictis, A.D., Rak, M., Rios, E.: Security-by-design in clouds: a security-SLA driven methodology to build secure cloud applications. Procedia Comput. Sci. 97, 53–62 (2016). 2nd International Conference on Cloud Forward: From Distributed to Complete Computing. http://www.sciencedirect.com/science/article/pii/S1877050916320968

    Article  Google Scholar 

  18. Ferrarons-Llagostera, J., Gupta, S., Munts-Mulero, V., Larriba-Pey, J.-L., Matthews, P.: Scoring cloud services through digital ecosystem community analysis. In: Proceedings of the EC-Web 2016: 17th International Conference on Electronic Commerce and Web Technologies (2016)

    Google Scholar 

  19. NIST Cloud Computing Security Reference Architecture. http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/CloudSecurity/NIST_Security_Reference-_Architecture_2013.05.15_v1.0.pdf. Accessed 06 Feb 2017

  20. Cloud Controls Matrix. https://cloudsecurityalliance.org/group/cloud-controls-matrix/. Accessed 30 Jan 2017

  21. Consensus Assessments Initiative. https://cloudsecurityalliance.org/research-/initiatives/consensus-assessments-initiative/. Accessed 17 Feb 2017

  22. Habib, S.M., Ries, S., Mühlhäuser, M., Varikkattu, P.: Towards a trust management system for cloud computing marketplaces: using CAIQ as a trust information source. Secur. Commun. Netw. 7(11), 2185–2200 (2014)

    Article  Google Scholar 

  23. Shirey, R.: Internet security glossary, version 2 (rfc4949). https://www.ietf.org/rfc/rfc2828.txt (2007). Accessed 06 Feb 2017

  24. Gupta, S., Muntes-Mulero, V., Matthews, P., Dominiak, J., Omerovic, A., Aranda, J., Seycek, S.: Risk-driven framework for decision support in cloud service selection. In: 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp. 545–554, May 2015

    Google Scholar 

Download references

Acknowledgment

This work is partially supported by Secretaria de Universitats i Recerca of Generalitat de Catalunya (2014DI031) and conducted as a part of the MUSA project (Grant Agreement 644429) funded by the European Commission within call H2020-ICT-2014-1.

Author information

Authors and Affiliations

  1. CA Strategic Research, CA Technologies, 08940, Cornellà de Llobregat, Spain

    Smrati Gupta, Jaume Ferrarons-Llagostera, Jacek Dominiak, Victor Muntés-Mulero & Peter Matthews

  2. Tecnalia, Parque Tecnolóogico Bizkaia Edif. 700, 48160, Derio, Spain

    Erkuden Rios

Authors
  1. Smrati Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaume Ferrarons-Llagostera
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jacek Dominiak
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Victor Muntés-Mulero
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Peter Matthews
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Erkuden Rios
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Smrati Gupta .

Editor information

Editors and Affiliations

  1. Hong Kong Polytechnic University, Hong Kong, Hong Kong

    Man Ho Allen Au

  2. University of Salerno, Fisciano, Italy

    Arcangelo Castiglione

  3. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

  4. University of Salerno, Fisciano, Italy

    Francesco Palmieri

  5. Providence University, Taichung City, Taiwan

    Kuan-Ching Li

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Gupta, S., Ferrarons-Llagostera, J., Dominiak, J., Muntés-Mulero, V., Matthews, P., Rios, E. (2017). Security-Centric Evaluation Framework for IT Services. In: Au, M., Castiglione, A., Choo, KK., Palmieri, F., Li, KC. (eds) Green, Pervasive, and Cloud Computing. GPC 2017. Lecture Notes in Computer Science(), vol 10232. Springer, Cham. https://doi.org/10.1007/978-3-319-57186-7_53

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-57186-7_53

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-57185-0

  • Online ISBN: 978-3-319-57186-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation