Skip to main content
SpringerLink
Log in
Book cover

European Conference on Service-Oriented and Cloud Computing 

ESOCC 2012: Service-Oriented and Cloud Computing pp 80–90Cite as

Much Ado about Security Appeal: Cloud Provider Collaborations and Their Risks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7592))

Abstract

The lack of capacity, unplanned outages of sub-contractors, a disaster recovery plan, acquisitions, or other financial goals may force cloud providers to enter into collaborations with other cloud providers. However, the cloud provider is not always fully aware of the security level of a potential collaborative cloud provider. This can lead to security breaches and customers’ data leakage, ending in court cases and financial penalties. In our paper, we analyze different types of cloud collaborations with respect to their security concerns and discuss possible solutions. We also outline trusted security entities as a feasible approach for managing security governance risks and propose our security broker solution for ad hoc cloud collaborations. Our work provides support in the cloud provider selection process and can be used by cloud providers as a foundation for their initial risk assessment.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Keahey, et al.: Sky Computing. IEEE Internet Computing, 43–51 (September/October 2009)

    Google Scholar 

  2. Bernstein, et al.: Intercloud Security Considerations. In: IEEE International Conference on Cloud Computing Technology and Services, pp. 537–544 (2010)

    Google Scholar 

  3. Wolf, et al.: A Message Meta Model for Federated Authentication in Service-oriented Architectures. In: IEEE International Conference on Service-Oriented Computing and Applications (SOCA), pp. 1–8 (2009)

    Google Scholar 

  4. Kretzschmar, et al.: Security management Spectrum in future Multi-Provider Inter-Cloud Environments – Method to highlight necessary further development. In: 5th International DMTF Academic Alliance Workshop on Systems and Virtualization Management (SVM), pp. 1–8 (2011)

    Google Scholar 

  5. Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., Ghafoor, A.: A Distributed Access control Architecture for Cloud Computing. IEEE Software 29(2), 36–44 (2012)

    Article  Google Scholar 

  6. CSA: Security Guidance for Critical Areas of Focus in Cloud Computing, V3.0, https://cloudsecurityalliance.org/research/security-guidance/

  7. CISSP Domains, https://www.isc2.org/cissp-domains/default.aspx

  8. European Data Protection Directive – Directive 9/46/EC, http://eurex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:1995:281:0031:0050:EN:PDF

  9. Canada’s Personal Information Protection and Electronic Document Act – PIPEDA, http://www.priv.gc.ca/leg_c/leg_c_p_e.asp

  10. Pearson, et al.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: IEEE 2nd International Conference on Cloud Computing Technology and Science (CloudCom), pp. 693–702 (2010)

    Google Scholar 

  11. Perkins, et al.: Multinational Data-Privacy Laws: An Introduction for IT Managers. IEEE Transactions on Professional Communication 47(2), 85–94 (2004)

    Article  MathSciNet  Google Scholar 

  12. Ho, et al.: A Guideline to Enforce Data Protection and Privacy Digital Laws in Malaysia. In: 2nd International Conference on Computer Research and Development, pp. 3–6 (2010)

    Google Scholar 

  13. Chen, et al.: Legal Issues on Public Access to Remote Sensing Data in Taiwan. In: Geosciences and Remote Sensing Symposium (2005)

    Google Scholar 

  14. ENISA: Security & Resilience in Governmental Clouds (2011), http://www.enisa.europa.eu/activities/risk-management/emerging-and-future-risk/deliverables/security-and-resilience-in-governmental-clouds

  15. Wood, K., Anderson, M.: Understanding the complexity surrounding multitenancy in cloud computing. In: IEEE 8th International Conference on e-Business Engineering (ICEBE), pp. 119–124 (2011)

    Google Scholar 

  16. Wolf, C.: The Role of Government in Commercial Cybersecurity. In: Telecom World (ITU WT), Technical Symposium at ITU, pp. 13–18 (2011)

    Google Scholar 

  17. NIST SP 800-145: The NIST Definition of Cloud Computing, http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

  18. Bernsmed, K., Jaatun, M.G., Meland, P.H., Undheim, A.: Security SLAs for Federated Cloud Services. In: 6th International Conference on Availability, Reliability and Security (ARES), pp. 202–209 (2011)

    Google Scholar 

  19. ISO/IEC 27001: International Standard (2005), http://www.iso.org/iso/catalogue_detail?csnumber=42103

  20. COBIT, http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx

  21. CSA Cloud Control Matrix, https://cloudsecurityalliance.org/research/ccm/

  22. BSI-Standard 100-1, Version1.5, https://www.bsi.bund.de/ContentBSI/Publikationen/BSI_Standard/

  23. The Shared Assessment Program: Evaluation Cloud Risk for the Enterprise: A Shared Assessment Guide (2010), http://sharedassessments.org/media/pdf-EnterpriseCloud-SA.pdf

  24. NIST: Guide for Security-Focused Configuration management of Information Systems (2011), http://csrc.nist.gov/publications/nistpubs/800-128/sp800-128.pdf

  25. ISACA: Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives (2011)

    Google Scholar 

  26. Watson, P.: A Multi-level Security Model for Partitioning Workflows over federated Clouds. In: IEEE 3rd International Conference on Cloud Computing Technology and Science (CloudCom), pp. 180–188 (2011)

    Google Scholar 

  27. Berger, et al.: Security for the Cloud Infrastructure: Trusted Virtual Data Center Implementation. IBM Journal of Research and Development 53(4), 6:1–6:12 ( (2009)

    Google Scholar 

  28. Wu, et al.: Alignment of Authentication Information for Trusted Federation. In: EDOC Conference Workshop, pp. 73–80 (2007)

    Google Scholar 

  29. Kandukuri, B.R., Paturi, V.R., Rakshit, A.: Cloud Security Issues. In: Services Computing, pp. 517–520 (2009)

    Google Scholar 

  30. OASIS-Security-Services, http://www.oasis-open.org/

  31. Sabahi, F.: Cloud Computing Security Threats and Responses. In: IEEE 3rd International Conference on Communication Software and Networks, pp. 245–249 (2011)

    Google Scholar 

  32. ENISA: Procure Secure: A guide to monitoring of security service levels (2012), http://www.enisa.europa.eu/activities/application-security/test/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts

  33. He, Y.H., Bin, W., Xiao, X.L., Jing, M.X.: Identity Federation Broker for Service Cloud. In: International Conference on Service Sciences (ICSS), pp. 115–120 (2010)

    Google Scholar 

  34. Goyal, P.: Application of a Distributed Security Method to End-2-End Services Security in Independent Heterogeneous Cloud Computing Environments. In: IEEE World Congress on Services (SERVICES), pp. 379–384 (2011)

    Google Scholar 

  35. Ates, M., Ravet, S., Ahmat, A.M., Fayolle, J.: An Identity-Centric Internet: Identity in the Cloud, Identity as a Service and other delights. In: 6th International Conference on Availability, Reliability and Security (ARES), pp. 555–560 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Multimedia Communication Lab (KOM), Technische Universität Darmstadt, Germany

    Olga Wenge, Melanie Siebenhaar, Ulrich Lampe, Dieter Schuller & Ralf Steinmetz

Authors
  1. Olga Wenge
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Melanie Siebenhaar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ulrich Lampe
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dieter Schuller
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ralf Steinmetz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics, Systems and Communication, University of Milano - Bicocca, Viale Sarca 336/14, 20126, Milano, Italy

    Flavio De Paoli

  2. Dept. Computer Science, University of Málaga, Málaga, Spain

    Ernesto Pimentel

  3. INRIA - FOCUS Research Team, University of Bologna, Italy

    Gianluigi Zavattaro

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wenge, O., Siebenhaar, M., Lampe, U., Schuller, D., Steinmetz, R. (2012). Much Ado about Security Appeal: Cloud Provider Collaborations and Their Risks. In: De Paoli, F., Pimentel, E., Zavattaro, G. (eds) Service-Oriented and Cloud Computing. ESOCC 2012. Lecture Notes in Computer Science, vol 7592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33427-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33427-6_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33426-9

  • Online ISBN: 978-3-642-33427-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation