A Semantic Approach to Cloud Security and Compliance

Author/Creator ORCID





Citation of Original Publication

Amit Hendre and Karuna Pande Joshi, A Semantic Approach to Cloud Security and Compliance, 8th International Conference on Cloud Computing (CLOUD), https://ebiquity.umbc.edu/paper/html/id/703/A-Semantic-Approach-to-Cloud-Security-and-Compliance


This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2015 IEEE


Cloud services are becoming an essential part of many organizations. Cloud providers have to adhere to security and privacy policies to ensure their users' data remains confidential and secure. Though there are some ongoing efforts on developing cloud security standards, most cloud providers are implementing a mish-mash of security and privacy controls. This has led to confusion among cloud consumers as to what security measures they should expect from the cloud services, and whether these measures would comply with their security and compliance requirements. We have conducted a comprehensive study to review the potential threats faced by cloud consumers and have determined the compliance models and security controls that should be in place to manage the risk. Based on this study, we have developed an ontology describing the cloud security controls, threats and compliances. We have also developed an application that classifies the security threats faced by cloud users and automatically determines the high level security and compliance policy controls that have to be activated for each threat. The application also displays existing cloud providers that support these security policies. Cloud consumers can use our system to formulate their security policies and find compliant providers even if they are not familiar with the underlying technology.