TU Darmstadt / ULB / TUbiblio

A Framework for Evaluating Trust of Service Providers in Cloud Marketplaces

Habib, Sheikh Mahbub ; Varadharajan, Vijay ; Mühlhäuser, Max (2013)
A Framework for Evaluating Trust of Service Providers in Cloud Marketplaces.
Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC'13). Coimbra, Portugal (18.03.2013-22.03.2013)
doi: 10.1145/2480362.2480727
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self-assessments regarding security controls. The framework as it stands does not allow consumers to specify and check their own requirements, nor does it contain any means for verifying the capabilities claimed by the providers. From a customer perspective, both these aspects are essential for evaluating the trustworthiness of cloud providers and for making an informed decision. We propose a novel concept for verifying the capabilities captured in the CSA's framework, plus a decision model that checks consumer requirements against the verification results. Our capability verification combines hard trust based on rigid validation with soft trust based on evidence about past behaviour. Elaborate formal methods are applied in both fields and combined into a single concept.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2013
Autor(en): Habib, Sheikh Mahbub ; Varadharajan, Vijay ; Mühlhäuser, Max
Art des Eintrags: Bibliographie
Titel: A Framework for Evaluating Trust of Service Providers in Cloud Marketplaces
Sprache: Englisch
Publikationsjahr: 2013
Ort: Coimbra, Portugal
Verlag: ACM
Veranstaltungstitel: Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC'13)
Veranstaltungsort: Coimbra, Portugal
Veranstaltungsdatum: 18.03.2013-22.03.2013
DOI: 10.1145/2480362.2480727
URL / URN: http://doi.acm.org/10.1145/2480362.2480727
Zugehörige Links:
Kurzbeschreibung (Abstract):

The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self-assessments regarding security controls. The framework as it stands does not allow consumers to specify and check their own requirements, nor does it contain any means for verifying the capabilities claimed by the providers. From a customer perspective, both these aspects are essential for evaluating the trustworthiness of cloud providers and for making an informed decision. We propose a novel concept for verifying the capabilities captured in the CSA's framework, plus a decision model that checks consumer requirements against the verification results. Our capability verification combines hard trust based on rigid validation with soft trust based on evidence about past behaviour. Elaborate formal methods are applied in both fields and combined into a single concept.

Freie Schlagworte: SST - Area Smart Security and Trust;- SST: CASED:;Secure Services;Security
ID-Nummer: TUD-CS-2013-0054
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
20 Fachbereich Informatik > Telekooperation
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 13 Jun 2018 12:10
Letzte Änderung: 02 Jul 2024 10:09
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen