skip to main content
10.1145/2897845.2897911acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Identifying and Utilizing Dependencies Across Cloud Security Services

Published: 30 May 2016 Publication History

Abstract

Security concerns are often mentioned amongst the reasons why organizations hesitate to adopt Cloud computing. Given that multiple Cloud Service Providers (CSPs) offer similar security services (e.g., "encryption key management") albeit with different capabilities and prices, the customers need to comparatively assess the offered security services in order to select the best CSP matching their security requirements. However, the presence of both explicit and implicit dependencies across security related services add further challenges for Cloud customers to (i) specify their security requirements taking service dependencies into consideration and (ii) to determine which CSP can satisfy these requirements. We present a framework to address these challenges. For challenge (i), our framework automatically detects conflicts resulting from inconsistent customer requirements. Moreover, our framework provides an explanation for the detected conflicts allowing customers to resolve these conflicts. To tackle challenge (ii), our framework assesses the security level provided by various CSPs and ranks the CSPs according to the desired customer requirements. We demonstrate the framework's effectiveness with real-world CSP case studies derived from the Cloud Security Alliance's Security, Trust and Assurance Registry.

References

[1]
M. Almorsy, J. Grundy, and A. Ibrahim. Collaboration-based cloud computing security management framework. Proc. of Cloud Computing, pages 364--371, 2011.
[2]
T. Browning. Applying the design structure matrix to system decomposition and integration problems: a review and new directions. In Trans. on Engg. Management, 48(3):292--306, 2001.
[3]
V. Casola, A. Mazzeo, N. Mazzocca, and M. Rak. A sla evaluation methodology in service oriented architectures. In Quality of Protection, pages 119--130, 2006.
[4]
M. Charalambides, P. Flegkas, G. Pavlou, J. Rubio-Loyola, A. Bandara, E. Lupu, A. Russo, N. Dulay, and M. Sloman. Policy conflict analysis for diffserv quality of service management. In Network and Service Management, 6(1):15--30, 2009.
[5]
S. Chaves, C. Westphall, and F. Lamin. SLA perspective in security management for cloud computing. Proc. of Networking and Services, pages 212--217, 2010.
[6]
C. Chen, S. Yan, G. Zhao, B. Lee, and S. Singhal. A systematic framework enabling automatic conflict detection and explanation in cloud service selection for enterprises. Proc. of Cloud Computing, pages 883--890, 2012.
[7]
Cloud Security Alliance. The Open Certification Framework. https://cloudsecurityalliance.org/research/ocf/.
[8]
Cloud Security Alliance. The Security, Trust & Assurance Registry (STAR). https://cloudsecurityalliance.org/star/.
[9]
N. Dunlop, J. Indulska, and K. Raymond. Dynamic conflict detection in policy-based management systems. Proc. of the Enterprise Distributed Object Computing Conference, pages 15--26, 2002.
[10]
C. Ensel and A. Keller. Managing application service dependencies with xml and the resource description framework. Proc. of the Integrated Network Management Proceedings, pages 661--674, 2001.
[11]
G. Frankova and A. Yautsiukhin. Service and protection level agreements for business processes. Proc. of European Young Researchers Workshop on Service Oriented Computing, pages 38--43, 2007.
[12]
K. Garg, S. Versteeg, and R. Buyya. A framework for ranking of cloud computing services. In Future Generation Computer Systems, 29(4):1012--1023, 2013.
[13]
D. Gebala and S. Eppinger. Methods for analyzing design procedures. Proc. of Design Theory and Methodology, pages 227--233, 1991.
[14]
J. Luna, A. Taha, R. Trapero, and N. Suri. Quantitative reasoning about cloud security using service level agreements. In Trans. on Cloud Computing, (99), 2015.
[15]
L. Krautsevich, F. Martinelli, and A. Yautsiukhin. A general method for assessment of security in complex services. Proc. of Towards a Service-Based Internet, pages 153--164, 2011.
[16]
A. Li, X. Yang, S. Kandula, and M. Zhang. Cloudcmp: comparing public cloud providers. Proc. of Internet Measurement, pages 1--14, 2010.
[17]
A. Ludwig and B. Franczyk. Cosma--an approach for managing slas in composite services. Proc. of Service-Oriented Computing, pages 626--632, 2008.
[18]
J. Luna, R. Langenberg, and N. Suri. Benchmarking Cloud Security Level Agreements Using Quantitative Policy Trees. Proc. of Cloud Computing Security Workshop, pages 103--112, 2012.
[19]
D. Marca and C. McGowan. Sadt: structured analysis and design technique. McGraw-Hill, 1987.
[20]
R. Ramanathan. A note on the use of the analytic hierarchy process for environmental impact assessment. In Journal of Environmental Management, 63(1):27--35, 2001.
[21]
Z. Rehman, F. Hussain, and O. Hussain. Towards multi-criteria cloud service selection. Proc. of Innovative Mobile and Internet Services in Ubiquitous Computing, pages 44--48, 2011.
[22]
D. Ross. Structured analysis (SA): A language for communicating ideas. In Software Engineering, (1):16--34, 1977.
[23]
T. Saaty. How to make a decision: the analytic hierarchy process. In European journal of operational research, 48(1):9--26, 1990.
[24]
N. Sangal, E. Jordan, V. Sinha, and D. Jackson. Using dependency models to manage complex software architecture. In Sigplan Notices, 40(10):167--176, 2005.
[25]
J. Siegel and J. Perdue. Cloud services measures for global use: the service measurement index (smi). Proc. of Global Conference, pages 411--415, 2012.
[26]
D. Steward. The design structure system: a method for managing the design of complex systems. In Trans. on Engg. Management, (3):71--74, 1981.
[27]
A. Taha, R. Trapero, J. Luna, and N. Suri. AHP-Based Quantitative Approach for Assessing and Comparing Cloud Security. Proc. of Trust, Security and Privacy in Computing and Communications, pages 284--291, 2014.
[28]
J. Wiest and F. Levy. A management guide to PERT/CPM. Prentice-Hall, 1977.
[29]
M. Winkler and A. Schill. Towards dependency management in service compositions. Proc. of e-Business, pages 79--84, 2009.
[30]
M. Winkler, T. Springer, and A. Schill. Automating composite sla management tasks by exploiting service dependency information. Proc. of Web Services, pages 59--66, 2010.
[31]
M. Zeleny. Multiple Criteria Decision Making. McGraw Hill, 1982.

Cited By

View all
  • (2023)Quantifying Security Risks in Cloud Infrastructures: A Data-driven Approach2023 IEEE 9th International Conference on Network Softwarization (NetSoft)10.1109/NetSoft57336.2023.10175501(346-349)Online publication date: 19-Jun-2023
  • (2023)CAB:Cloud Security Assessment and Brokerage2023 International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC)10.1109/MIUCC58832.2023.10278308(1-6)Online publication date: 27-Sep-2023
  • (2023)Cloud Security Requirement Based Threat Analysis2023 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC57223.2023.10074275(506-510)Online publication date: 20-Feb-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security
May 2016
958 pages
ISBN:9781450342339
DOI:10.1145/2897845
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cloud security
  2. security quantification
  3. security service level agreements
  4. services dependencies

Qualifiers

  • Research-article

Funding Sources

  • DFG SFB CROSSING
  • ESCUDO-CLOUD
  • SPECS

Conference

ASIA CCS '16
Sponsor:

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)12
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Quantifying Security Risks in Cloud Infrastructures: A Data-driven Approach2023 IEEE 9th International Conference on Network Softwarization (NetSoft)10.1109/NetSoft57336.2023.10175501(346-349)Online publication date: 19-Jun-2023
  • (2023)CAB:Cloud Security Assessment and Brokerage2023 International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC)10.1109/MIUCC58832.2023.10278308(1-6)Online publication date: 27-Sep-2023
  • (2023)Cloud Security Requirement Based Threat Analysis2023 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC57223.2023.10074275(506-510)Online publication date: 20-Feb-2023
  • (2017)A Framework for Ranking Cloud Security Services2017 IEEE International Conference on Services Computing (SCC)10.1109/SCC.2017.48(322-329)Online publication date: Jun-2017
  • (2017)SLA-Based Service Selection for Multi-Cloud Environments2017 IEEE International Conference on Edge Computing (EDGE)10.1109/IEEE.EDGE.2017.17(65-72)Online publication date: Jun-2017

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media