A 'cloud-free' security model for cloud computing

International Journal of Services and Standards

Volumn 5, Issue 4, 2009, Pages 354-375

  Yunis, Manal M ^a  

^a LEBANESE AMERICAN UNIVERSITY   (Lebanon)

Author keywords

AHP; Analytic hierarchy process; Availability; Cloud computing; Cloud computing services standards; Cloud free security model; Confidentiality; Information security; Integrity

Indexed keywords

EID: 77949776507     PISSN: 17408849     EISSN: 17408857     Source Type: Journal    
DOI: 10.1504/IJSS.2009.032177     Document Type: Article

References (50)

1. Abadi, D.J. (2009) 'Data management in the clouds: limitations and opportunities', IEEE Data Engineering, Vol. 32, No. 1, pp.3-12.
2. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I. and Zaharia, M. (2009) Above the Clouds: A Berkeley View of Cloud Computing, Technical Report No. UCB/EECS-2009-28, University of California at Berkley.
3. Baskerville, R. and Siponen, M. (2002) 'An information security meta-policy for emergent organizations', Logistics Information Management, Vol. 15, Nos. 5-6, pp.337-346.
4. Becker, S.A. (2004) 'A usability study of internet privacy policies for state and commercial websites', International Journal of Services and Standards, Vol. 1, No. 1, pp.52-68.
5. Brodkin, J. (2008) 'Gartner: seven cloud-computing security risks', Infoworld, pp.1-3.
6. Brenner, B. (2009) 'The curse of cloud security', NetWorkWorld. Available online at: http://www.networkworld.com/news/2009/102709-the-curse-of-cloud.html (accessed on 27 October 2009).
7. Colter, C. (2009) Cloud computing: impacting our world. Available online at: http://mason.gmu.edu/~ccolter/cloudcomputing/doc/cloud.pdf.
8. Dey, M. (2007) 'Information security management - a practical approach', IEEE, pp.1-6.
9. Dikaiakos, M.D., Pallis, G., Katsaros, D., Mehra, P. and Vakali, A. (2009) 'Cloud computing: distributed internet computing for IT and scientific research', IEEE Computer Society, Vol. 13, No. 5, pp.10-13.
10. Farahmand, F., Navathe, S.B., Enslow, P.H. and Sharp, G.P. (2003) 'Managing vulnerabilities of information systems to security incidents', Proceedings of the 5th International Conference on Electronic Commerce, ACM, pp.348-354.
11. Fisher, R. (1984) Information Systems Security, Prentice-Hall, New Jersey.
12. Foltz, B.C., Schwager, P.H. and Anderson, J.E. (2008) 'Why users (fail to) read computer usage policies', Industrial Management & Data Systems, Vol. 108, No. 6, pp.701-712.
13. Gens, F. (2009a) IDC survey: recession accelerating cloud computing. Available online at: http://blogs.idc.com/ie/?p=300.
14. Gens, F. (2009b) IDC's new IT cloud services forecast: 2009-2013. Available online at: http://blogs.idc.com/ie/?p=543(accessed on 5 October 2009).
15. Gourley, B. (2009) 'Cloud computing and cyber defense, white paper', National Security. Available online at: http://www.whitehouse.gov/files/ documents/cyber/Gourley-Cloud-Computing-and-Cyber-Defense-21-Mar-2009.pdf.
16. Green, K.W., Chakrabarty, S. and Whitten, D. (2007) 'Organizational culture of customer care: market orientation and service quality', International Journal of Services and Standards, Vol. 3, No. 2, pp.137-153.
17. Greenstein, M. and Vasarhelyi, M. (2002) Electronic Commerce: Security Risk Management and Control, 2nd ed., McGraw-Hill, NY.
18. Hanna, S. (2009) 'Cloud computing: finding the silver lining', Juniper Networks. Available online at: http://www.ists.dartmouth.edu/docs/ HannaCloudComputingv2.pdf.
19. Hayes, B. (2008) 'Cloud computing: a software migrates from local PCs to distant internet servers, users and developers alike go along for the ride', Communication of the ACM, Vol. 51, No. 7, pp.9-11.
20. He, R., Niu, J., Yuan, M. and Hu, J. (2004) 'A novel cloud-based trust model for pervasive computing, IEEE, pp.693-700.
21. Horrigan, J.B. (2008) Use of cloud computing applications and services, data memo, pew internet & American life project. Available online at: http://pewinternet.org/pdfs/PIP-Cloud.Memo.pdf.
22. Humphrey, T. (2006) 'State-of-the-art information security management systems with ISO/IEC 27001:2005', ISO Management Systems, January-February, pp.15-18.
23. Infosecurity Europe (2009) Cloud computing security survey results. Available online at: http://www.prosecurityzone.com/Customisation/News/ Education-Training-and-Professional-Services/Exhibitions-and-Trade-Shows/ Cloud-computing-security-survey-results.asp (accessed on 19 February 2009).
24. ISO, International Standards ISO/IEC 27001 (2005) Information technology security techniques - information security management systems requirements, 2005.
25. Jensen, M., Schwenk, J., Gruschka, N. and Iacono, L. (2009) 'On technical security issues in cloud computing', IEEE International Conference, IEEE, 2009.
26. Jones, A. (2007) 'A framework for the management of information security risks', BT Technology Journal, Vol. 25, No. 1, pp.30-36.
27. Leavitt, N. (2009, January) 'Is cloud computing really ready for prime time?', IEEE Computer Society, pp.15-20.
28. Lee, M-C. and Chang, T. (2007) 'Applying ISO 17799:2005 in information security management', International Journal of Services and Standards, Vol. 3, No. 3, pp.352-373.
29. Liu, C. (2007) 'Developing evaluation standards of e-learning courses by the analytic hierarchy process', International Journal of Services and Standards, Vol. 3, No. 4, pp.476-490.
30. Mather, I., Kumaraswamy, S. and Latif, S. (2009) Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, O'Reilly, Cambridge.
31. Oppliger, R. (2007) 'IT security: in search of the holy grail', Communications of the ACM, Vol. 50, No. 2, pp.96-98.
32. Rash, W. (2009) 'Is cloud computing secure? Prove it', eWeek, pp.1-3. Available online at: http://www.eweek.com/c/a/Cloud-Computing/Is-Cloud- Computing-Secure-Prove-It-849274/.
33. Ristenpart, T., Tromer, E., Shacham, H. and Savage, S. (2009) 'Hey, you. Get off of my cloud: exploring information leakage in third-party compute clouds', CCS'09, 9-13 November 2009, Chicago, Illinois.
34. Rosenfeld, S.N., Rus, I. and Cukier, M. (2007) 'Archetypal behavior in computer security', Journal of Systems and Software, Vol. 80, No. 10, pp.1594-1606.
35. Saaty, T.L. (1990) 'An exposition of the AHP in reply to the paper "remarks on the analytic hierarchy process"', Management Science, Vol. 36, No. 3, pp.259-268.
36. San Martin, C.V. (2009) Jurisdictional aspects of cloud computing. Available online at: http://www.coe.int/t/dghl/cooperation/economiccrime/ cybercrime/Documents/Reports-Presentations/2079%20if09%20pres%20cristos%20cloud. pdf.
37. Saunders, J. (2001, April) 'A risk management methodology for information security: the analytic hierarchy process (AHP)', SANS Institute. Available online at: http://www.johnsaunders.com/papers/risk-ahp/risk-ahp.htm.
38. Saunders, J. (2003) 'A dynamic risk model for information technology security in a critical infrastructure environment', Proceedings of the 10th Conference on Risk-Based Decision Making in Water Resources, ASCE, Santa Barbara, California. Available online at: http://www.johnsaunders.com/papers/ riskcip/RiskConference.htm.
39. Smith, A.D. (2007) 'Strategic aspects of electronic document encryption', International Journal of Services and Standards, Vol. 3, No. 2, pp.203-221.
40. Soo Hoo, K.J. (2000) How Much is Enough? A Risk-management Approach to Computer Security, Working Paper, Consortium for Research on Information Security and Policy (CRISP).
41. Stanley, N. (2009) 'Cloud computing and data security: looking before you leap', Bloor, 25 August 2009 Available online athttp://www.bloorresearch.com/ analysis/11466/cloud-computinglooking-before-you-leap.html.
42. Straub, D.W. (1990) 'Effective IS security: an empirical study', Information Systems Research, Vol. 1, No. 3, pp.255-276.
43. Tang, J. (2008) 'The implementation of Deming's system model to improve security management: a case study', International Journal of Management, Vol. 25, No. 1, pp.54-68.
44. Teknomo, K. (2006) Analytic hierarchy process tutorial. Available online at: http://people.revoledu.com/kardi/tutorial/AHP/index.html.
45. Vijayan, J. (2009) 'Google pursue government biz: security concern: loom', Business Week, 7 September 2009. Available online at: http://www.businessweek.com/technology/content/sep2009/tc20090917-122270.htm.
46. Vouk, M.A. (2008) 'Cloud computing - issues, research and implementations', Journal of Computing and Information technology, pp.235-246.
47. Wang, Q., Wang, C., Li, J., Ren, K. and Lou, W. (2009) 'Enabling public verifiability and data dynamics for storage security in cloud computing', ESORICS, pp.355-370.
48. Winkler, I. (2009) 'The real problems with cloud computing', CSO, 24 August 2009. Available online at: http://www.csoonline.com/article/500344/ Winkler-The-Real-Problems-With-Cloud-Computing.
49. Yeh, Q.J. and Chang, A.J.T. (2007) 'Threats and countermeasures for information system security: a cross-industry study', Information & Management, Vol. 44, No. 5, pp.480-491.
50. Yue, W. and Cakanyildrim, M. (2007) 'Intrusion prevention in information systems: reactive and proactive responses', Journal of Management Information Systems, Vol. 24, No. 1, pp.329-353.