Habib, Sheikh Mahbub ; Varadharajan, Vijay ; Mühlhäuser, Max (2013)
A Trust-aware Framework for Evaluating Security Controls of Service Providers in Cloud Marketplaces.
Melbourne, Australia
doi: 10.1109/TrustCom.2013.58
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Trustworthy selection of cloud services has become a significant issue in emerging cloud marketplaces. As a consequence, the Cloud Security Alliance (CSA) has formulated a self-assessment framework for cloud providers to publish their cloud platform's security controls and capabilities. This framework enables consumers to select a cloud service based on the capabilities and controls published by the providers. However, a fundamental question that arises is, how can consumers trust that the security controls are satisfied as claimed by the providers and are compliant with consumers' requirements. This paper proposes a trust-aware framework to verify and evaluate these security controls considering consumers' requirements. First, we model the security controls in the form of trust properties. Then, we introduce a taxonomy of these properties based on their semantics and identify the authorities who can validate the properties. The taxonomy of these properties is the basis of trust formalisation in our proposed framework. The framework rests on the notion of hybrid trust that combines hard and soft trust mechanisms for verifying the trust properties. Furthermore, a decision model is proposed as an integral part of the framework in order to empower consumers to determine trustworthiness of cloud providers. Finally, we demonstrate that the proposed trust-aware security evaluation framework could be potentially useful in practice for consumers to determine trustworthy cloud providers in a competitive marketplace
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2013 |
| Autor(en): | Habib, Sheikh Mahbub ; Varadharajan, Vijay ; Mühlhäuser, Max |
| Art des Eintrags: | Bibliographie |
| Titel: | A Trust-aware Framework for Evaluating Security Controls of Service Providers in Cloud Marketplaces |
| Sprache: | Englisch |
| Publikationsjahr: | Juli 2013 |
| Verlag: | IEEE |
| Buchtitel: | Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on |
| Veranstaltungsort: | Melbourne, Australia |
| DOI: | 10.1109/TrustCom.2013.58 |
| Kurzbeschreibung (Abstract): | Trustworthy selection of cloud services has become a significant issue in emerging cloud marketplaces. As a consequence, the Cloud Security Alliance (CSA) has formulated a self-assessment framework for cloud providers to publish their cloud platform's security controls and capabilities. This framework enables consumers to select a cloud service based on the capabilities and controls published by the providers. However, a fundamental question that arises is, how can consumers trust that the security controls are satisfied as claimed by the providers and are compliant with consumers' requirements. This paper proposes a trust-aware framework to verify and evaluate these security controls considering consumers' requirements. First, we model the security controls in the form of trust properties. Then, we introduce a taxonomy of these properties based on their semantics and identify the authorities who can validate the properties. The taxonomy of these properties is the basis of trust formalisation in our proposed framework. The framework rests on the notion of hybrid trust that combines hard and soft trust mechanisms for verifying the trust properties. Furthermore, a decision model is proposed as an integral part of the framework in order to empower consumers to determine trustworthiness of cloud providers. Finally, we demonstrate that the proposed trust-aware security evaluation framework could be potentially useful in practice for consumers to determine trustworthy cloud providers in a competitive marketplace |
| Freie Schlagworte: | - SST: CASED:;- SST: CASED;- SST - Area Smart Security and Trust;SPIN: Smart Protection in Infrastructures and Networks;Cloud Security |
| ID-Nummer: | TUD-CS-2013-0466 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 22 Jan 2017 18:57 |
| Letzte Änderung: | 14 Jun 2021 06:14 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum