论文信息 - Building a Security Aware Cloud by Extending Internal Control to Cloud

Building a Security Aware Cloud by Extending Internal Control to Cloud

Faced with today's innovative blow-up of cloud technologies, we are forced to rebuild services in terms of cloud. In the rebuilding, considering a facet of cloud as social infrastructure, security is a critical problem. Most of insecurity against clouds can be summarized as insecurity of management, which is classified into the multiple stakeholder problem, and the open space security problem. As a solution to these problems, we extend ISMS internal control to cloud by implementing trust base of security on IAM and key management. Because ISMS internal control is a source of trust, its extension to cloud can be an essential solution of security. Moreover, by controlling levels of quality of service and security by contract, we can optimize cost on service and security delegated to a cloud.

[1] Randy H. Katz,et al. Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[2] P. Mell,et al. The NIST Definition of Cloud Computing , 2011 .

[3] Sato Hiroyuki. A Service Framework based on Grades of IdPs and SPs , 2009, Security and Management.

[4] William E. Burr,et al. Electronic Authentication Guideline | NIST , 2004 .

[5] Hovav Shacham,et al. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[6] P. Mell,et al. SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[7] Warwick Ford,et al. Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 1999, RFC.

[8] Hiroyuki Sato,et al. N+/-epsilon: Reflecting Local Risk Assessment in LoA , 2009, OTM Conferences.

[9] Hiroyuki Sato,et al. A Cloud Trust Model in a Security Aware Cloud , 2010, 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet.