Towards Building an Automated Security Compliance Tool for the Cloud

Ullah, Kazi Wali; Ahmed, Abu Shohel; Ylitalo, Jukka

doi:10.1109/trustcom.2013.195

Cited by 38 publications

(28 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Much research has been done to develop effective approaches to protecting the critical cloud infrastructures [13,14] and power systems [15][16][17][18][19]. In [13], a technique was presented to leverage the elasticity and on-demand provisioning features of the critical cloud infrastructures to provide application resilience to failures and attacks.…”

Section: Current State Of the Artmentioning

confidence: 99%

“…In [13], a technique was presented to leverage the elasticity and on-demand provisioning features of the critical cloud infrastructures to provide application resilience to failures and attacks. In [14], a technique to develop an automated security compliance tool for critical cloud infrastructures was presented. This technique reduces human intervention by verifying the security compliance automatically based on the data collected from API, vulnerability scanning, log analysis and manual input entries.…”

Section: Current State Of the Artmentioning

confidence: 99%

“…This technique reduces human intervention by verifying the security compliance automatically based on the data collected from API, vulnerability scanning, log analysis and manual input entries. Both techniques [13,14] are reactive in nature and require all the used security mechanisms being actively applied all the time.…”

Section: Current State Of the Artmentioning

confidence: 99%

“…In recent years, organizations [13][14][15][16][17][18][19], especially those in the energy sector [15][16][17][18][19], have been adopting probabilistic techniques to proactively predict security breaches for better defense of their infrastructures. The technique presented in [15,16] has been incorporated in supervisory control and data acquisition (SCADA) systems of energy infrastructures, and uses a probabilistic inference engine to predict potential attack paths by estimating the probability of the occurrence of each attack within one-week period based on the domain knowledge of a professional penetration tester.…”

Section: Current State Of the Artmentioning

confidence: 99%

See 3 more Smart Citations

Protecting Critical Cloud Infrastructures with Predictive Capability

Yau¹,

Buduru

Nagaraja

2015

2015 IEEE 8th International Conference on Cloud Computing

View full text Add to dashboard Cite

Emerging trends in cyber system security breaches, including those in critical infrastructures involving cloud systems, such as in applications of military, homeland security, finance, utilities and transportation systems, have shown that attackers have abundant resources, including both human and computing power, to launch attacks. The sophistication and resources used in attacks reflect that the attackers may be supported by large organizations and in some cases by foreign governments. Hence, there is an urgent need to develop intelligent cyber defense approaches to better protecting critical cloud infrastructures. In order to have much better protection for critical cloud infrastructures, effective approaches with predictive capability are needed. Much research has been done by applying game theory to generating adversarial models for predictive defense of critical infrastructures. However, these approaches have serious limitations, some of which are due to the assumptions used in these approaches, such as rationality and Nash equilibrium, which may not be valid for current and emerging cloud infrastructures. Another major limitation of these approaches is that they do not capture probabilistic human behaviors accurately, and hence do not incorporate human behaviors. In order to greatly improve the protection of critical cloud infrastructures, it is necessary to predict potential security breaches on critical cloud infrastructures with accurate system-wide causal relationship and probabilistic human behaviors. In this paper, the challenges and our vision on developing such proactive protection approaches are discussed.

show abstract

Section: Current State Of the Artmentioning

confidence: 99%

Section: Current State Of the Artmentioning

confidence: 99%

Section: Current State Of the Artmentioning

confidence: 99%

Section: Current State Of the Artmentioning

confidence: 99%

See 2 more Smart Citations

Protecting Critical Cloud Infrastructures with Predictive Capability

Yau¹,

Buduru

Nagaraja

2015

2015 IEEE 8th International Conference on Cloud Computing

View full text Add to dashboard Cite

show abstract

“…While the ID-PKC has progressed substantially overcoming challenges with initial implementation like key-escrow, keyrevocation, it was observed that ID-PKC schemes had not been evaluated in multi-tenant cloud environment like OpenStack with exception [1] provides automated audit facility for clients. This paper presents a mechanism to secure data communication in OpenStack cloud environment by modifying its security architecture and builds upon recent advancements in ID-PKC schemes.…”

Section: Previous Workmentioning

confidence: 99%

Data Confidentiality in Public Cloud: A Method for Inclusion of ID-PKC Schemes in OpenStack Cloud

Gopularam¹,

Nalini²

2014

IJCA

View full text Add to dashboard Cite

The term data security refers to the degree of resistance of protection given to information from unintended or unauthorized access. The core principles of information security remain the same -Confidentiality, Integrity and Availability also referred as CIA triad. With cloud adoption the confidential enterprise data is moved from organization premises to untrusted public network and due to this the attack surface has increased manifold. Several cloud computing platforms like OpenStack, Eucalyptus, Amazon EC2 offer users to build and configure public, hybrid and private clouds. While the traditional encryption based on PKI infrastructure still works in cloud scenario the management of public-private keys and trust certificates is difficult. The Identity based Public Key Cryptography (also referred as ID-PKC) overcomes this problem by using publicly identifiable information for generating the keys and works well with decentralized systems. The users can exchange information securely without having to manage any trust information. Another advantage is that access control (role based access control policy) information can be embedded into data unlike in PKI where it is handled by separate component or system. In OpenStack cloud platform the keystone service acts as identity service for authentication and authorization and has support for public key infrastructure for auth services. The proposed approach explains cloud security model using OpenStack cloud platform and analyzes its security architecture for data confidentiality. It provides a method to integrate ID-PKC schemes for securing data when in transit and storage and explains the key measures for safe guarding data. The proposed approach uses JPBC crypto library for key-pair generation based on IEEE standard(s) P1636.3 for assuring data confidentiality in public cloud environment.

show abstract