ABSTRACT
Cloud computing is an emerging computing model that provides numerous advantages to organizations (both service providers and customers) in terms of massive scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. This paper describes some of the unique cloud computing security factors and subfactors that play a critical role in addressing cloud security and privacy concerns. To mitigate these concerns, we develop a security metric tool to provide information to cloud users about the security status of a given cloud vendor. The primary objective of the proposed metric is to produce a security index that describes the security level accomplished by an evaluated cloud computing vendor. The resultant security index will give confidence to different cloud stakeholders and is likely to help them in decision making, increase the predictability of the quality of service, and allow appropriate proactive planning if needed before migrating to the cloud. To show the practicality of the proposed metric, we provide two case studies based on the available security information about two well-known cloud service providers (CSP). The results of these case studies demonstrated the effectiveness of the security index in determining the overall security level of a CSP with respect to the security preferences of cloud users.
- Tariq, M. 2012. Towards information security metrics framework for cloud computing. International Journal of Cloud Computing and Services Science, 1(4), pp. 209--217, 2012.Google Scholar
- Park, J., Spetka, E., Rasheed, H., Ratazzi, P., and Han, K. 2012. Near-real-time cloud auditing for rapid response. In Proceedings of the 26th International Conference on Advanced Information Networking and Applications Workshops, 1252--1257. Google ScholarDigital Library
- Sen, J. 2013. Security and privacy issues in cloud computing. Architectures and Protocols for Secure Information Technology, IGI-Global, USA, Available at http://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdfGoogle Scholar
- Butler, B. 2013. What is Holding Back the Cloud Industry? Network World. Available at http://www.networkworld.com/article/2171297/cloud-computing/what-s-holding-back-the-cloud-industry-htmlGoogle Scholar
- "Cloud Security Survey," AccelOps, 2013. Available at: http://www.accelops.com/pdf/Cloud%20Security%20Survey%20Report.pdfGoogle Scholar
- Bender, D. 2012. Privacy and security issues in cloud computing. The Computer & Internet Lawyer, 29, 10 (October 2012), 1--15.Google Scholar
- Lionel Litty, H. Andrés Lagar-Cavilla, and David Lie. 2009. Computer meteorology: monitoring compute clouds. In Proceedings of the 12th conference on Hot topics in operating systems (HotOS'09). USENIX Association, Berkeley, CA, USA, 4--4. Google ScholarDigital Library
- "Xen Hypervisor: the open source standard for hardware virtualization," Xen.org, 2013, Available at: http://xen.org/products/xenhyp.htmlGoogle Scholar
- Tholeti, B. 2011. Hypervisors, virtualization, and the cloud: learn about hypervisors, system virtualization, and how it works in a cloud environment. IBM Developer Works, Available at: http://www.ibm.com/developerworks/cloud/library/cl-hypervisorcompare/Google Scholar
- Ali Sunyaev and Stephan Schneider. 2013. Cloud services certification. Commun. ACM 56, 2 (February 2013), 33--36. DOI=http://doi.acm.org/10.1145/2408776.2408789 Google ScholarDigital Library
- F. Lombardi and R. Pietro, "Transparent Security for Cloud," in Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 414--415, 2010. Google ScholarDigital Library
- Lombardi, F. and Pietro, R. 2010. Transparent security for cloud. In Proceedings of the 2010 ACM Symposium on Applied Computing (SAC '10). ACM, New York, NY, USA, 414--415. DOI= http://doi.acm.org/10.1145/1774088.1774176 Google ScholarDigital Library
- Modi, C., Patel, D., Borisaniya, B., Patel, A., and Rajarajan, M. 2013. A survey on security issues and solutions at different layers of cloud computing. Journal of Supercomputing, 63, 2, (February 2013), 561--592. Google ScholarDigital Library
- Boyle, R. and Panko, R. 2013. Corporate Computer Security. Upper Saddle River, NJ: Pearson, 2013. Google ScholarDigital Library
- Silva, C., Ferreira, A., and Geus, P. 2012. A methodology for management of cloud computing using security criteria. In Proceedings of the 2012 IEEE Latin America Conference on Cloud Computing and Communications, 49--54.Google Scholar
- Hayden, L. 2010. IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data. Osborne, McGraw-Hill, 2010.Google Scholar
- Juels, A. and Oprea, A. 2013. New approaches to security and availability for cloud data. Commun. ACM 56, 2 (February 2013), 64--73. DOI= http://doi.acm.org/10.1145/2408776.2408793 Google ScholarDigital Library
- Rees, R. 2011. PCI Virtualization SIG Releases Guidelines. InFocus, 2011. Available at: http://infocus.emc.com/richard_rees/pci-virtualization-sig-releases-guidelinesGoogle Scholar
- Pauley, P. 2010. Cloud provider transparency: an empirical evaluation. IEEE Security & Privacy, 8, 6 (Dec. 2010), 32--39. Google ScholarDigital Library
- A. McCormac et. al. 2012. Preventing and Profiling Malicious Insider Attacks. Australian Government Department of Defense, Defense Science and Technology Organization. April 2012.Google Scholar
- C. S. Alliance. 2013. Top threats to cloud computing, version 1.0. Cloud Security Alliance, Tech. Rep., Feb 2013.Google Scholar
- Top Threats Working Group. 2013. The Notorious Nine: Cloud Computing Top Threats in 2013. The Cloud Security Alliance (CSA), Feb 2013.Google Scholar
- Cappelli, D., Moore, A., and Trzeciak, R. 2012. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). SEI Series in Software Engineering. Addison-Wesley Professional. Google ScholarDigital Library
- Rocha, F. and Correia, M. 2011. Lucy in the sky without diamonds: Stealing confidential data in the cloud. In Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSNW '11). IEEE Computer Society, Washington, DC, USA, 129--134. DOI= http://dx.doi.org/10.1109/DSNW.2011.5958798 Google ScholarDigital Library
Index Terms
- A stakeholder-oriented assessment index for cloud security auditing
Recommendations
A security evaluation framework for cloud security auditing
Cloud computing is clearly one of today's most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the ...
Different facets of security in the cloud
CNS '12: Proceedings of the 15th Communications and Networking Simulation SymposiumCloud computing is a long fantasized visualization of computing as a utility, where data owners can remotely store and access their data in the cloud anytime and from anywhere. Using a shared pool of configurable resources, users can be relieved from ...
Definition of Security Metrics for the Cloud Computing and Security-Aware Virtual Machine Placement Algorithms
CYBERC '13: Proceedings of the 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge DiscoveryNowadays, Cloud Computing is becoming a key factor in computer science. Besides the great benefits it brought to the information technology and to the economy, Cloud Computing shows some weakness when looking at the security. An IaaS client should be ...
Comments