A Multi-Layer and Multi-Tenant Cloud Assurance Evaluation Methodology

被引：7

作者：

Hudic, Aleksandar ^{[1
]}

Tauber, Markus ^{[1
]}

Loruenser, Thomas ^{[1
]}

Krotsiani, Maria ^{[2
]}

Spanoudakis, George ^{[2
]}

Mauthe, Andreas ^{[3
]}

Weippl, Edgar R. ^{[4
]}

机构：

[1] AIT, Vienna, Austria

[2] City Univ London, London, England

[3] Univ Lancaster, Lancaster LA1 4YW, England

[4] SBA Res, Vienna, Austria

来源：

2014 IEEE 6TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM) | 2014年

基金：

英国工程与自然科学研究理事会;

关键词：

critical infrastructures; assurance; cloud;

D O I：

10.1109/CloudCom.2014.85

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Data with high security requirements is being processed and stored with increasing frequency in the Cloud. To guarantee that the data is being dealt in a secure manner we investigate the applicability of Assurance methodologies. In a typical Cloud environment the setup of multiple layers and different stakeholders determines security properties of individual components that are used to compose Cloud applications. We present a methodology adapted from Common Criteria for aggregating information reflecting the security properties of individual constituent components of Cloud applications. This aggregated information is used to categorise overall application security in terms of Assurance Levels and to provide a continuous assurance level evaluation. It gives the service owner an overview of the security of his service, without requiring detailed manual analyses of log files.

引用

页码：386 / 393

页数：8

共 18 条

[1]

[Anonymous], 2012, COMM CRIT CC INF T 1

[2]

[Anonymous], 2009, P CLOUD WORKSH

[3]

[Anonymous], CLOUD CONTR MATR

[4]

[Anonymous], NOT 9 CLOUD COMP TOP

[5]

Busby Jerry, 2013, DELIVERABLE 3 1 METH

[6]

Buyya R., 2008, HPCC 08 10 IEEE INT

[7]

COBIT, 2007, IT ASS GUID US COBIT

[8]

CSA, 2013, NOT 9 CLOUD COMP TOP

[9]

CUMULUS Deliverable, 2013, CUMULUS DEL D2 1 SEC

[10]

ENISA, 2009, CLOUD COMP INF ASS F

← 1 2 →