Incremental certification of cloud services

SECURWARE 2013 - 7th International Conference on Emerging Security Information, Systems and Technologies

Volumn , Issue , 2013, Pages 72-80

  Krotsiani, Maria ^a   Spanoudakis, George ^a   Mahbub, Khaled ^a  

^a CITY UNIVERSITY   (United Kingdom)

Author keywords

Cloud services; Continuous monitoring; Security certification

Indexed keywords

EID: 84894222450     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (32)

1. A. Celesti, F. Tusa, M. Villari, and A. Puliafito, "Security and Cloud Computing: InterCloud Identity Management Infrastructure", In 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises, 2010, pp. 263-265.
2. B. Grobauer, T. Walloschek, and E. Stocker, "Understanding Cloud Computing Vulnerabilities" IEEE Security & Privacy, Vol. 9, 2011, pp. 50-57.
3. C. Cachin, I. Keider, and A. Shraer, "Trusting The Cloud", IBM Research, Zurich Research laboratory, 2009.
4. Cloud Security Alliance, Cloud Audit, Available from: https://cloudsecurityalliance.org/research/cloudaudit/
5. Cloud Security Alliance, Cloud Controls Matrix, Available from: https://cloudsecurityalliance.org/research/ccm/
6. Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing Vol. 2, available from: http://www.cloudsecurityalliance.org/ guidance/csaguide.v2.1.pdf [retrieved: June, 2013].
7. COBIT, http://wwwisaca.org
8. CUMULUS project, http://www.cumulus-project.eu/
9. D. Catteddu and G. Hogben, "Cloud Computing: Benefits, Risks and Recommendations for Information Security.", European Network and Information Security Agency (ENISA), 2009.
10. D. S. Herrmann, "Using the Common Criteria for IT security evaluation", Auerbach Publications, 2002.
11. E. Damiani, and A. Mana, "Toward WS-Certificate", In Proc. of the ACM Workshop on Secure Web Services (SWS 2009), 2009, pp. 1-2.
12. F Lombardi and R. Di Pietro, "Secure virtualization for cloud computing", J. Netw. Comput. Appl. 34, 4, July 2011, pp. 1113-1122.
13. F. Doelitzscher, C. Reich, M. H. Knahl, and N. L. Clarke, "Incident detection for cloud environments", Proc. of the Third International Conference on Emerging Network Intelligence, 2011, pp. 100-105.
14. F. Doelitzscher, C. Reich, M. Knahl, A. Passfall, and N. Clarke, "An agent based business aware incident detection system for cloud environments", Journal of Cloud Computing: Advances, Systems and Applications Vol. 1:9, 2012.
15. G. Spanoudakis, C. Kloukinas, and K. Mahbub, "The SERENITY Runtime Monitoring Framework", In Security and Dependability for Ambient Intelligence, Springer, 2009, pp. 213-238.
16. H. Foster and G. Spanoudakis, "Advanced Service Monitoring Configurations with SLA Decomposition and Selection", In Proc. of 26th Annual ACM Symposium on Applied Computing, 2011, pp. 1582-1589.
17. H. Li, Y. Dai, and B. Yang, "Identity-Based Cryptography for Cloud Security", IACR Cryptology ePrint Archive, 2011, pp. 169-169.
18. J. Heiser and M. Nicolett, "Assessing the Security Risks of Cloud Computing", Gartner technical report, June 2008.
19. th IEEE/ACM International Conference on Grid Computing, 2010, pp. 217-224.
20. K. Mahbub, G. Spanoudakis, and T. Tsigkritis, "Translation of SLAs into Monitoring Specifications", In Service Level Agreements for Cloud Computing, R. Yahyapour, P. Weider (Eds), Springer-verlag, 2011.
21. th World Congress on Services, 2012, pp. 184-191.
22. M. Anisetti et al., "ASSERT4SOA: Toward Security Certification of Service-Oriented Applications", OTM 2010 Woekshops, 2010, pp. 38-40.
23. th International Conference on Web Services, 2012, pp. 122-129.
24. M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono, "On Technical Security Issues in Cloud Computing", In Proc. of the IEEE International Conference on Cloud Computing, 2009, pp. 109-116.
25. M. L. Massie, B. N. Chun, and D. E. Culler, "The ganglia distributed monitoring system: design, implementation, and experience", Parallel Computing, Vol. 30, 2004, pp. 817-840.
26. Microsoft, The Economics of Cloud for the EU Public Sector, Paper, 2010:http://www.microsoft.eu/Portals/0/Document/EU-Public-Sector-Cloud- Economics-A4.pdf [retrieved: June, 2013].
27. Nagios, 2011. http://www.nagios.org/
28. Open Certification Framework, https://cloudsecurityalliance.org/research/ ocf/
29. Ovum, http://www.computing.co.uk/ctg/news/2113323/ovum-public-cloud- services-market-explode
30. PCI Security Standards Council, PCI DSS Quick Reference Guide: Understanding the Payment Card Industry Data Security Standard v2, https://www.pcisecuritystandards.org/documents/ PCI%20SSC%20Quick%20Reference%20Guide.pdf [retrieved: June, 2013]
31. th International Conference on Financial cryptograpy and data security, 2010, pp. 136-149.
32. V. C. Emeakaroha, R.N. Calheiros, M.A.S. Netto, I. Brandic, and C.A.F. De Rose, "DeSVi: An Architecture for Detecting SLA Violations in Cloud Computing Infrastructures" 2nd International ICST Conference on Cloud Computing, 2010.