Hudic, A., Tauber, M., Lorünser, T., Krotsiani, M., Spanoudakis, G., Mauthe, A. & Weippl, E. (2014). A Multi-Layer and Multi-Tenant Cloud Assurance Evaluation Methodology. Paper presented at the 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), 15-18 Dec 2014, Singapore.
- Accepted Version
Download (1MB) | Preview
Data with high security requirements is being processed and stored with increasing frequency in the Cloud. To guarantee that the data is being dealt in a secure manner we investigate the applicability of Assurance methodologies. In a typical Cloud environment the setup of multiple layers and different stakeholders determines security properties of individual components that are used to compose Cloud applications. We present a methodology adapted from Common Criteria for aggregating information reflecting the security properties of individual constituent components of Cloud applications. This aggregated information is used to categorise overall application security in terms of Assurance Levels and to provide a continuous assurance level evaluation. It gives the service owner an overview of the security of his service, without requiring detailed manual analyses of log files.
|Item Type:||Conference or Workshop Item (Paper)|
|Additional Information:||© 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.|
|Subjects:||Q Science > QA Mathematics > QA75 Electronic computers. Computer science|
|Divisions:||School of Informatics > Department of Computing|
Actions (login required)
Downloads per month over past year