A Semantic Approach to Cloud Security and Compliance
Loading...
Permanent Link
Author/Creator
Author/Creator ORCID
Date
2015-06-27
Type of Work
Department
Program
Citation of Original Publication
Amit Hendre and Karuna Pande Joshi, A Semantic Approach to Cloud Security and Compliance, 8th International Conference on Cloud Computing (CLOUD), https://ebiquity.umbc.edu/paper/html/id/703/A-Semantic-Approach-to-Cloud-Security-and-Compliance
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2015 IEEE
© 2015 IEEE
Abstract
Cloud services are becoming an essential part of many organizations. Cloud providers have to adhere to security and privacy policies to ensure their users' data remains confidential and secure. Though there are some ongoing efforts on developing cloud security standards, most cloud providers are implementing a mish-mash of security and privacy controls. This has led to confusion among cloud consumers as to what security measures they should expect from the cloud services, and whether these measures would comply with their security and compliance requirements. We have conducted a comprehensive study to review the potential threats faced by cloud consumers and have determined the compliance models and security controls that should be in place to manage the risk. Based on this study, we have developed an ontology describing the cloud security controls, threats and compliances. We have also developed an application that classifies the security threats faced by cloud users and automatically determines the high level security and compliance policy controls that have to be activated for each threat. The application also displays existing cloud providers that support these security policies. Cloud consumers can use our system to formulate their security policies and find compliant providers even if they are not familiar with the underlying technology.