Collaboration-based cloud computing security management framework

Proceedings - 2011 IEEE 4th International Conference on Cloud Computing, CLOUD 2011

Volumn , Issue , 2011, Pages 364-371

  Almorsy, Mohemed ^a   Grundy, John ^a   Ibrahim, Amani S ^a  

^a SWINBURNE UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Cloud computing; Cloud computing security; Cloud computing security management

Indexed keywords

CLOUD COMPUTING SECURITY; CLOUD COMPUTING SECURITY MANAGEMENT; CLOUD PROVIDERS; COMPUTING PLATFORM; COMPUTING SECURITY; ENTERPRISE IT; INTERNET BASED COMPUTING; MULTI TENANTS; PROOF OF CONCEPT; SECURITY CERTIFICATE; SECURITY CONSTRAINT; SECURITY CONTROLS; SECURITY MANAGEMENT; SECURITY MANAGEMENT PROCESS; SECURITY STANDARDS; SERVICE LEVEL AGREEMENTS; SERVICE PROVIDER;

INDUSTRIAL MANAGEMENT; STANDARDS;

CLOUD COMPUTING;

EID: 80053151113     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CLOUD.2011.9     Document Type: Conference Paper

References (22)

1. International Data Corporate (IDC), "Ranking of issues of Cloud Computing model," 2010. Accessed Dec 2010.
2. M. Almorsy, J. Grundy, I. Mueller, "An analysis of the cloud computing security problem," In the proc. of the 2010 Asia Pacific Cloud Workshop, Colocated with APSEC2010, Australia, 2010.
3. Cloud Security Alliance Group, "CSA-GRC Stack," , Accessed Dec'10
4. Unofficial FedRAMP Community Collaboration, http://www.fedramp.net/tiki- index.php, Accessed in Aug 2010.
5. NIST, "Standards for Security Categorization of Federal Information and Information Systems. FIPS-199", , Accessed Dec 2010.
6. International Organization for Standardization (ISO), "ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary," ISO/IEC 27001:2005(E), 2009, , Accessed in July 2010.
7. M. Menzel, R. Warschofsky, et al, "The Service Security Lab: A Model-Driven Platform to Compose and Explore Service Security in the Cloud," 6th World Congress, SERVICES2010, pp.115-122.
8. M. Menzel and C. Meinel, "SecureSOA Modelling Security Requirements for Service-Oriented Architectures," IEEE International Conference on Services Computing, 2010.
9. S. Bertram, M. Boniface, et al., "On-Demand Dynamic Security for Risk-Based Secure Collaboration in Clouds," IEEE 3rd International Conference in Cloud Computing, pp. 518-525, 2010.
10. P. Saripalli and B. Walters, "QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security," IEEE 3rd International Conference on Cloud Computing, 2010, pp. 280-288.
11. Z. Xuan, N. Wuwong, et al., "Information Security Risk Management Framework for the Cloud Computing Environments," in 2010 IEEE 10th International Conference on Computer and Information Technology (CIT), 2010, pp. 1328-1334.
12. NIST, "Risk Management Guide for Information Technology Systems," 2002, , Accessed in June 2010.
13. P. Marek and J. Paulina, "The OCTAVE methodology as a risk analysis tool for business resources," presented at the International Multiconference Computer Science and IT, Hong Kong, 2006.
14. R. Fredriksen, M. Kristiansen, et al, "The CORAS Framework for a Model-Based Risk Management Process," in Computer Safety, Reliability and Security. vol. 2434, Springer, 2002, pp. 39-53.
15. C. Basile, A. Lioy, et al, "POSITIF: A Policy-Based Security Management System," in 8th IEEE International Workshop Policies for Distributed Systems and Networks, 2007, pp. 280-280, Italy.
16. H. Xu, X. Xia, et al "Towards Automation for Pervasive Network Security Management Using an Integration of Ontology-Based and Policy-Based Approach," 3rd International Conference Innovative Computing Information and Control, 2008, pp. 87-87, Dalian.
17. J. Albuquerque, H. Krumm and P. de Geus, "Model-based management of security services in complex network environments," in IEEE Network Operations and Management Symposium, 2008, pp. 1031-1036, Salvador.
18. S. de Chaves, C. Westphall and F. Lamin, "SLA Perspective in Security Management for Cloud Computing," in Sixth International Conference Networking and Services, 2010, pp. 212-217, Mexico.
19. P. Patel, A. Ranabahu and A. Sheth, "Service Level Agreement in Cloud Computing,", Conference on Object Oriented Programming Systems Languages and Applications, Orlando, Florida, 2009, USA.
20. NIST, "The Federal Information Security Management Act (FISMA)," U.S. Government Printing 2002,, Accessed on August 2010.
21. Mitre Corporation. (2010), Making Security Measurable, http://measurablesecurity.mitre.org/, Accessed on Jan 2011
22. NIST. National Vulnerabilities Database Home. http://nvd.nist.gov/, Accessed in Dec 2010.