A methodology for management of cloud computing using security criteria

Desirable requirements of cloud computing are to avoid wasting underused resources and increasing response time due to shortage of resources. We notice that recent literature in the field prioritizes the administration of resource provisioning and the allocation algorithms for an energy-efficient management of cloud computing environments. Security metrics can be seen as tools for providing information about the security status of a certain environment. With that in mind, we tackle the management of cloud computing security by using GQM methodology to develop a cloud computing security metrics hierarchy. The main goal of the proposed hierarchy is to produce a security index that describes the security level accomplished by an evaluated cloud computing environment. In a second step, this security index is used to compute an allocation index that helps in setting management priorities with a security bias. We also present a methodology for cloud computing management using security as a criterion.

[1]  H. D. Rombach,et al.  The Goal Question Metric Approach , 1994 .

[2]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[3]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics , 2007 .

[4]  Reijo Savola,et al.  Towards a taxonomy for information security metrics , 2007, QoP '07.

[5]  Roozbeh Farahbod,et al.  Dynamic Resource Allocation in Computing Clouds Using Distributed Multiple Criteria Decision Analysis , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[6]  Reijo Savola A Security Metrics Taxonomization Model for Software-Intensive Systems , 2009, J. Inf. Process. Syst..

[7]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .

[8]  Dwen-Ren Tsai,et al.  Integrated installing ISO 9000 and ISO 27000 management systems on an organization , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.

[9]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[10]  Carlos Becker Westphall,et al.  SLA Perspective in Security Management for Cloud Computing , 2010, 2010 Sixth International Conference on Networking and Services.

[11]  Daniel Mellado,et al.  A Systematic Review of Information Security Governance Frameworks in the Cloud Computing Environment , 2012, J. Univers. Comput. Sci..

[12]  Lance Hayden,et al.  It Security Metrics: A Practical Framework for Measuring Security & Protecting Data , 2010 .

[13]  Xavier Lorca,et al.  Entropy: a consolidation manager for clusters , 2009, VEE '09.

[14]  Chris Rose,et al.  A Break in the Clouds: Towards a Cloud Definition , 2011 .

[15]  Jie Xu,et al.  Quantification of Security for Compute Intensive Workloads in Clouds , 2009, 2009 15th International Conference on Parallel and Distributed Systems.

[16]  Ying Zhang,et al.  Integrating Resource Consumption and Allocation for Infrastructure Resources on-Demand , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[17]  Gregor von Laszewski,et al.  Efficient resource management for Cloud computing environments , 2010, International Conference on Green Computing.

[18]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[19]  Reijo Savola,et al.  Towards a Security Metrics Taxonomy for the Information and Communication Technology Industry , 2007, International Conference on Software Engineering Advances (ICSEA 2007).

[20]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[21]  Antonio Maña,et al.  Towards Formal Specification of Abstract Security Properties , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[22]  Barry O'Sullivan,et al.  Multilevel Security and Quality of Protection , 2006, Quality of Protection.

[23]  Rajkumar Buyya,et al.  SLA-oriented resource provisioning for cloud computing: Challenges, architecture, and solutions , 2011, 2011 International Conference on Cloud and Service Computing.

[24]  Fabio Martinelli,et al.  Formal approach to security metrics.: what does "more secure" mean for you? , 2010, ECSA '10.

[25]  Kimmo Hätönen,et al.  Towards holistic security management through coherent measuring , 2010, ECSA '10.