Inlämning av Examensarbete / Submission of Thesis

Nia; Ramadianti Putri; Mganga; Medard Charles MCS-2011-03, pp. 75. COM/School of Computing, 2011.

The work

Författare / Author: Nia, Ramadianti Putri; Mganga, Medard Charles,
Titel / Title: Enhancing Information Security in Cloud Computing Services using SLA based metrics
Översatt titel / Translated title: Enhancing Information Security in Cloud Computing Services using SLA based metrics
Abstrakt Abstract:

Context: Cloud computing is a prospering technology that most organizations are considering for adoption as a cost effective strategy for managing IT. However, organizations also still consider the technology to be associated with many business risks that are not yet resolved. Such issues include security, privacy as well as legal and regulatory risks. As an initiative to address such risks, organizations can develop and implement SLA to establish common expectations and goals between the cloud provider and customer. Organizations can base on the SLA to measure the achievement of the outsourced service. However, many SLAs tend to focus on cloud computing performance whilst
neglecting information security issues.
Objective: We identify threats and security attributes applicable in cloud computing. We also select a framework suitable for identifying information security metrics. Moreover, we identify SLA based information security metrics in the cloud in line with the COBIT framework.
Methods: We conducted a systematic literature review (SLR) to identify studies focusing on information security threats in the cloud computing. We also used SLR to select frameworks available for identification of security metrics. We used Engineering Village and Scopus online citation
databases as primary sources of data for SLR. Studies were selected based on the inclusion/exclusion criteria we defined. A suitable framework was selected based on defined framework selection criteria.
Based on the selected framework and conceptual review of the COBIT framework we identified SLA based information security metrics in the cloud.
Results: Based on the SLR we identified security threats and attributes in the cloud. The Goal Question Metric (GQM) framework was selected as a framework suitable for identification of security metrics. Following the GQM approach and the COBIT framework we identified ten areas that are essential and related with information security in the cloud computing. In addition, covering the ten essential areas we identified 41 SLA based information security metrics that are relevant for measuring and monitoring security performance of cloud computing services.
Conclusions: Cloud computing faces similar threats as traditional computing. Depending on the service and deployment model adopted, addressing security risks in the cloud may become a more challenging and complex undertaking. This situation therefore appeals to the cloud providers the need to execute their key responsibilities of creating not only a cost effective but also a secure cloud
computing service. In this study, we assist both cloud provider and customers on the security issues that are to be considered for inclusion in their SLA. We have identified 41 SLA based information security metrics to aid both cloud providers and customers obtain common security performance expectations and goals. We anticipate that adoption of these metrics can help cloud providers in
enhancing security in the cloud environment. The metrics will also assist cloud customers in evaluating security performance of the cloud for improvements.

Ämnesord / Subject: Datavetenskap - Computer Science\Electronic Security
Datavetenskap - Computer Science\Distributed Computing
Datavetenskap - Computer Science\Computersystems
Nyckelord / Keywords: cloud computing, security metrics, security threats, security measurement frameworks

Publication info

Dokument id / Document id: houn-8fg82e
Program:/ Programme IT-säkerhet/Security Engineering
Registreringsdatum / Date of registration: 03/31/2011
Uppsatstyp / Type of thesis: Masterarbete/Master's Thesis (120 credits)


Handledare / Supervisor: Prof. Rune Gustavsson
Examinator / Examiner: Dr. Niklas Lavesson, Ph.D.
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: COM/School of Computing

+46 455 38 50 00

Files & Access

Bifogad uppsats fil(er) / Files attached: mcs-2011-03.pdf (734 kB, öppnas i nytt fönster)