S. Bertram, M. Boniface, M. Surridge, N. Briscombe, M. Hall-May
{"title":"On-Demand Dynamic Security for Risk-Based Secure Collaboration in Clouds","authors":"S. Bertram, M. Boniface, M. Surridge, N. Briscombe, M. Hall-May","doi":"10.1109/CLOUD.2010.83","DOIUrl":null,"url":null,"abstract":"Industrial adoption of cloud computing for collaborative business processes is limited by their ability to meet inter-enterprise security requirements. Although some clouds offerings comply with security standards, no solution today allows businesses to assess security compliance of applications at the business level and dynamically link to security countermeasures on-demand. In this paper, we present a Platform-as-a-Service infrastructure that combines semantic security risk management tools with dynamic web service policy frameworks to support the mitigation of security threats throughout the lifecycle of a service-oriented application deployed within the cloud. The platform address the need to model security requirements, dynamically provision and configure security services and link operational security events to vulnerabilities and impact assessments at the business level. The Platform has been evaluated using a collaborative engineering design scenario and a proof-of-concept deployed at a multi-tenant cloud as part of the UK CFMS project. The work is being further enhanced in the European Funded SERSCIS project.","PeriodicalId":375404,"journal":{"name":"2010 IEEE 3rd International Conference on Cloud Computing","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"31","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE 3rd International Conference on Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CLOUD.2010.83","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 31
Abstract
Industrial adoption of cloud computing for collaborative business processes is limited by their ability to meet inter-enterprise security requirements. Although some clouds offerings comply with security standards, no solution today allows businesses to assess security compliance of applications at the business level and dynamically link to security countermeasures on-demand. In this paper, we present a Platform-as-a-Service infrastructure that combines semantic security risk management tools with dynamic web service policy frameworks to support the mitigation of security threats throughout the lifecycle of a service-oriented application deployed within the cloud. The platform address the need to model security requirements, dynamically provision and configure security services and link operational security events to vulnerabilities and impact assessments at the business level. The Platform has been evaluated using a collaborative engineering design scenario and a proof-of-concept deployed at a multi-tenant cloud as part of the UK CFMS project. The work is being further enhanced in the European Funded SERSCIS project.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
