Towards wider cloud service applicability by security, privacy and trust measurements

4th International Conference on Application of Information and Communication Technologies, AICT2010

Volumn , Issue , 2010, Pages

  Savola, Reijo M ^a   Juhola, Arto ^a   Uusitalo, Ilkka ^a  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

Author keywords

Cloud services; Privacy metrics; Security metrics

Indexed keywords

CLOUD SERVICES; CRITICAL APPLICATIONS; CRITICAL DATA; INTERVIEW STUDY; PRIVACY AND TRUSTS; PRIVACY METRICS; RESEARCH DIRECTIONS; SECURITY AND PRIVACY; SECURITY METRICS;

SECURITY OF DATA;

EID: 78649624954     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICAICT.2010.5612067     Document Type: Conference Paper

References (27)

1. R. Savola, "A security metrics taxonomization model for software-intensive systems," Journal of Information Processing Systems, Vol. 5, No. 4, Dec. 2009, pp. 197-206.
2. R. Savola, H. Pentikäinen, and M. Ouedraogo, "Towards security effectiveness measurement utilizing risk-based security assurance," ISSA '10, 2-4 Aug., 2010.
3. th National Information Systems Security Conference, Baltimore, MD, Oct. 1997, pp. 522-533.
4. R. Savola and H. Abie, "Development of measurable security for a distributed messaging system," International Journal on Advances in Security, Vol. 2, No. 4 (2009), 2010.
5. M. Howard, J. Pincus, and J. M. Wing, "Measuring relative attack surfaces", Workshop on Advanced Developments in Software and Systems Security, 2003.
6. E. Bulut, D. Khadraoui, and B. Marquet, "Multi-agent based security assurance monitoring system for telecommunication infrastructures", CNIS 2007, Berkeley, CA, USA Sep. 24-27, 2007, 6 p.
7. S. Chandra and R. A. Khan, "Object oriented software security estimation life cycle - Design phase perspective", Journal of Software Engineering, 2008, Vol. 2, Issue 1, pp. 39-46.
8. ISO/IEC 15408-1:2005, "Common Criteria for information technology security evaluation - Part 1: Introduction and general model", ISO/IEC, 2005.
9. W. Jansen, "Directions in security metrics research," U.S. National Institute of Standards and Technology, NISTIR 7564, Apr. 2009, 21 p.
10. V. Verendel, "Quantified security is a weak hypothesis," New Security Paradigms Workshop (NSPW '09), Oxford, U.K., 8-11, Sept. 2009.
11. D. S. Hermann, "Complete guide to security and privacy metrics -measuring regulatory compliance, operational resilience and ROI," Auerbach Publications, 2007.
12. A. Jaquith, "Security metrics: replacing fear, uncertainty and doubt," Addison-Wesley, 2007.
13. N. Bartol, B. Bates, K.M. Goertzel, and T. Winograd, "Measuring cyber security and information assurance: a state-of-the-art report," Information Assurance Technology Analysis Center IATAC, May 2009.
14. European Privacy Seal, "EuroPriSe criteria," Version 1.0. Available: www.european-privacy-seal.eu. [July 4, 2010].
15. P. Samarati and L. Sweeney, "Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression," Technical Report, CMU, SRI, 1998.
16. nd IEEE Int. Conf. on Data Engineering, 2006.
17. J. Reagle and L. F. Cranor, "The platform for privacy preferences," Communications of the ACM, 42(2), pp. 48-55, Feb. 1997.
18. L.-F. Pau, "Privacy metrics and boundaries," Research Paper ERS-2005-013-LIS, Erasmus Research Institute of Management (ERIM).
19. P. Mell and T. Grance, "The NIST definition of cloud computing," U.S. National Institute of Standards and Technology, Information Technology Laboratory. Version 15, 7 Oct. 2009.
20. S. Gadia, "Cloud computing: an auditor's perspective," ISACA Journal, Vol. 6, 2009.
21. R. Savola, "Towards a risk-driven methodology for privacy metrics development," Symposium on Privacy and Security Applications (PSA '10), 20-22 Aug., 2010.
22. R. Gellman, "Privacy in the clouds: risks to privacy and confidentiality from cloud computing," World Privacy Forum (WPF) Report, Feb. 23, 2009.
23. Cloud Security Alliance, "Top threats to cloud computing", Version 1.0. Downloaded from: www.cloudsecurityalliance.org [July 4, 2010].
24. M. Schiffman, G. Eschelbeck, D. Ahmad, A. Wright, and S. Romanosky, "CVSS: A Common Vulnerability Scoring System", National Infrastructure Advisory Council (NIAC), 2004.
25. M. Barrett, C. Johnson, P. Mell, S. Quinn, and K. Scarfone, "Guide to adopting and using the Security Content Automation Protocol (SCAP)", NIST Special Publ. 800-117 (Draft), U.S. National Institute of Standards and Technology, 2009.
26. R. Savola, "On the feasibility of utilizing security metrics in software-intensive systems," International Journal of Computer Science and Network Security, Vol. 10, No. 1, Jan. 2010, pp. 230-239.
27. Cloud Security Alliance. [July 4, 2010].