5,277 research outputs found

    Medina: Improving cloud services trustworthiness through continuous audit-based certification

    Get PDF
    One of the reasons of the still limited adoption of Cloud Computing in the EU is the EU customers' perceived lack of security and transparency in this technology. Cloud service providers (CSPs) usually rely on security certifications as a mean to improve transparency and trustworthiness, however European CSPs still face multiple challenges for certifying their services (e.g., fragmentation in the certification market, and lack of mutual recognition). In this context, the EU Cybersecurity Act (EU CSA) proposes improving customer's trust in the European ICT market through a European certification scheme (EUCS). The proposed cloud security certification scheme conveys new technological challenges including the notion of automated monitoring for the whole supply chain, which needs to be solved in order to bring all the expected benefits to EU cloud providers and customers. In this context, MEDINA proposes a framework for supporting a continuous audit-based certification for CSPs based on EU CSA's scheme for cloud security certification. MEDINA will tackle challenges in areas like security validation/ testing, machine-readable certification language, cloud security performance, and audit evidence management. MEDINA will provide and empirically validate sustainable outcomes in order to benefit EU adopters.This work has been partially funded by the European project MEDINA (Horizon 2020 research and innovation Programme, under grant agreement no 952633)

    What makes an industrial control system security testbed credible and acceptable? Towards a design consideration framework

    Get PDF
    The convergence of Industrial Control System (ICS) with Information Technologies (IT) coupled with the resulting and widely publicized cyber security incidents have made ICS security and resilience issues of critical concern to operators and governments. The inability to apply traditional IT security practice to ICSs further complicates the challenges of effectively securing critical industrial systems. To investigate these challenges without impacting upon live system operations, testbeds are being widely used as viable options to explore, develop and assess security risks and controls. However, how an ICS testbed is designed, and its attributes, can directly impact not only on its viability but also its credibility and acceptance for use as a whole. Through a systematic review and analysis of ICS security testbed design factors, a novel outline conceptual mapping of design factors for building credibility and acceptance is proposed. These design considerations include: design objectives, implementation approach, architectural component coverage, core operational characteristics, and evaluation approach

    A Framework for Hybrid Intrusion Detection Systems

    Get PDF
    Web application security is a definite threat to the world’s information technology infrastructure. The Open Web Application Security Project (OWASP), generally defines web application security violations as unauthorized or unintentional exposure, disclosure, or loss of personal information. These breaches occur without the company’s knowledge and it often takes a while before the web application attack is revealed to the public, specifically because the security violations are fixed. Due to the need to protect their reputation, organizations have begun researching solutions to these problems. The most widely accepted solution is the use of an Intrusion Detection System (IDS). Such systems currently rely on either signatures of the attack used for the data breach or changes in the behavior patterns of the system to identify an intruder. These systems, either signature-based or anomaly-based, are readily understood by attackers. Issues arise when attacks are not noticed by an existing IDS because the attack does not fit the pre-defined attack signatures the IDS is implemented to discover. Despite current IDSs capabilities, little research has identified a method to detect all potential attacks on a system. This thesis intends to address this problem. A particular emphasis will be placed on detecting advanced attacks, such as those that take place at the application layer. These types of attacks are able to bypass existing IDSs, increase the potential for a web application security breach to occur and not be detected. In particular, the attacks under study are all web application layer attacks. Those included in this thesis are SQL injection, cross-site scripting, directory traversal and remote file inclusion. This work identifies common and existing data breach detection methods as well as the necessary improvements for IDS models. Ultimately, the proposed approach combines an anomaly detection technique measured by cross entropy and a signature-based attack detection framework utilizing genetic algorithm. The proposed hybrid model for data breach detection benefits organizations by increasing security measures and allowing attacks to be identified in less time and more efficiently

    Evaluation Theory for Characteristics of Cloud Identity Trust Framework

    Get PDF
    Trust management is a prominent area of security in cloud computing because insufficient trust management hinders cloud growth. Trust management systems can help cloud users to make the best decision regarding the security, privacy, Quality of Protection (QoP), and Quality of Service (QoS). A Trust model acts as a security strength evaluator and ranking service for the cloud and cloud identity applications and services. It might be used as a benchmark to setup the cloud identity service security and to find the inadequacies and enhancements in cloud infrastructure. This chapter addresses the concerns of evaluating cloud trust management systems, data gathering, and synthesis of theory and data. The conclusion is that the relationship between cloud identity providers and Cloud identity users can greatly benefit from the evaluation and critical review of current trust models

    Security measurement as a trust in cloud computing service selection and monitoring

    Get PDF
    With the increase in the number of cloud service offerings by the cloud service providers nowadays, selecting the appropriate service provider becomes difficult for customers. This is true since most of the cloud service providers offer almost similar services at different costs. Thus, making cloud service selection a tedious process for customers. The selection of the cloud services from the security standpoint needs a distinct consideration from both the academia and the industry. Security is an important factor in cloud computing. Thus, any exploited vulnerability will have a negative effect on cloud computing adoption by customers. Hence, little attention has been paid to cloud service monitoring and selection from a security perspective. To solve this issue, we propose a security measurement as a trust (SMaaT) in the cloud computing selection. Finally, we propose Analytical Hierarchical Process (AHP) for service selection from the customers’ perspective

    Security, Trust and Privacy (STP) Model for Federated Identity and Access Management (FIAM) Systems

    Get PDF
    The federated identity and access management systems facilitate the home domain organization users to access multiple resources (services) in the foreign domain organization by web single sign-on facility. In federated environment the user’s authentication is performed in the beginning of an authentication session and allowed to access multiple resources (services) until the current session is active. In current federated identity and access management systems the main security concerns are: (1) In home domain organization machine platforms bidirectional integrity measurement is not exist, (2) Integrated authentication (i.e., username/password and home domain machine platforms mutual attestation) is not present and (3) The resource (service) authorization in the foreign domain organization is not via the home domain machine platforms bidirectional attestation

    Analysing Trust Issues in Cloud Identity Environments

    Get PDF
    Trust acts as a facilitator for decision making in environments, where decisions are subject to risk and uncertainty. Security is one of the factors contributing to the trust model that is a requirement for service users. In this paper we ask, What can be done to improve end user trust in choosing a cloud identity provider? Security and privacy are central issues in a cloud identity environment and it is the end user who determines the amount of trust they have in any identity system. This paper is an in-depth literature survey that evaluates identity service delivery in a cloud environment from the perspective of the service user
    • …
    corecore