Swinburne
Browse
- No file added yet -

Collaboration-Based Cloud Computing Security Management Framework

Download (477.56 kB)
conference contribution
posted on 2024-07-09, 14:21 authored by Mohamed Abdelrazek, John Grundy, Amani S. Ibrahim
Although the cloud computing model is considered to be a very promising internet-based computing platform, it results in a loss of security control over the cloud-hosted assets.This is due to the outsourcing of enterprise IT assets hosted on third-party cloud computing platforms. Moreover, the lack of security constraints in the Service Level Agreements between the cloud providers and consumers results in a loss of trust as well. Obtaining a security certificate such as ISO 27000 or NIST-FISMA would help cloud providers improve consumers trust in their cloud platforms’ security. However, such standards are still far from covering the full complexity of the cloud computing model. We introduce a new cloud security management framework based on aligning the FISMA standard to fit with the cloud computing model, enabling cloud providers and consumers to be security certified. Our framework is based on improving collaboration between cloud providers, service providers and service consumers in managing the security of the cloud platform and the hosted services. It is built on top of a number of security standards that assist in automating the security management process. We have developed a proof of concept of our framework using .NET and deployed it on a testbed cloud platform. We evaluated the framework by managing the security of a multitenant SaaS application exemplar.

History

Available versions

PDF (Accepted manuscript)

ISBN

9781457708367

Journal title

Proceedings of the 4th International Conference on Cloud Computing (CLOUD 2011)

Conference name

IEEE International Conference on Services Computing

Location

Washington, DC

Start date

2011-07-04

End date

2011-07-09

Volume

7651 LNCS

Issue

2

Pagination

7 pp

Publisher

IEEE

Copyright statement

Copyright © 2011 IEEE. The accepted manuscript is reproduced in accordance with the copyright policy of the publisher. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

Language

eng

Usage metrics

    Publications

    Categories

    No categories selected

    Keywords

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC