Enhancing cloud security and privacy: Time for a new approach?

Achieving cloud security is not a trivial problem and developing and enforcing good cloud security controls is a fundamental requirement if this is to succeed. The very nature of cloud computing can add additional problem layers for cloud security to an already complex problem area. We discuss why this is such an issue, consider what desirable characteristics should be aimed for and propose a novel means of effectively and efficiently achieving these goals through the use of unikernel based systems. The main thrust of this paper is to discuss the key issues which need to be addressed, noting which of those might be covered by our proposed approach. We discuss how our proposed approach may help better address the key security issues we have identified.

[1]  John Peloza,et al.  How does corporate social responsibility create value for consumers , 2011 .

[2]  Robert A. K. Duncan,et al.  Enhancing Cloud Security and Privacy: The Power and the Weakness of the Audit Trail , 2016, CLOUD 2016.

[3]  R. Eccles,et al.  How to Become a Sustainable Company , 2012 .

[4]  M. Delmas,et al.  Triangulating Environmental Performance: What Do Corporate Social Responsibility Ratings Really Capture? , 2013 .

[5]  Frederick P. Brooks,et al.  The Mythical Man-Month: Essays on Softw , 1978 .

[6]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[7]  Surendra Arjoon,et al.  Corporate Governance: An Ethical Perspective , 2005 .

[8]  Abhishek Verma,et al.  Large-scale cluster management at Google with Borg , 2015, EuroSys.

[9]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[10]  Robert Anderson Keith Duncan,et al.  Enhancing Cloud Security and Privacy: The Cloud Audit Problem , 2016, CLOUD 2016.

[11]  Edward Humphreys,et al.  Information security management standards: Compliance, governance and risk management , 2008, Inf. Secur. Tech. Rep..

[12]  Jonas Hagmann,et al.  Measuring resilience: methodological and political challenges of a trend security concept , 2014 .

[13]  Virgilio Cruz-Machado,et al.  Agile and resilient approaches to supply chain management: influence on performance and competitiveness , 2012, Logist. Res..

[14]  Ting Sang,et al.  A Log Based Approach to Make Digital Forensics Easier on Cloud Computing , 2013, 2013 Third International Conference on Intelligent System Design and Engineering Applications.

[15]  B. Monahan,et al.  Meaningful Security SLAs , 2005 .

[16]  Christos Ioannidis,et al.  SUSTAINABILITY IN INFORMATION STEWARDSHIP: , 2013 .

[17]  J. Moon,et al.  Corporate Social Responsibility , 2004 .

[18]  Michael Norris,et al.  The Sustainability Accounting Standards Board , 2014 .

[19]  Arnold M. Wright,et al.  The Effectiveness of Alternative Risk Assessment and Program Planning Tools in a Fraud Setting , 2004 .

[20]  Ioannis Ioannou,et al.  The Impact of Corporate Sustainability on Organizational Processes and Performance , 2012, Manag. Sci..

[21]  A. Spiller,et al.  The reliability of third-party certification in the food chain: From checklists to risk-oriented auditing, Food control, 20, . , 2009 .

[22]  Ans Kolk,et al.  Sustainability, Accountability and Corporate Governance: Exploring Multinationals' Reporting Practices , 2008 .

[23]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[24]  M. Tahar Kechadi,et al.  Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results , 2013, Digit. Investig..

[25]  Frank Figge,et al.  [Editorial] Trade-offs in corporate sustainability: you can't have your cake and eat it , 2010 .

[26]  Siani Pearson,et al.  Towards Greater Accountability in Cloud Computing through Natural-Language Analysis and Automated Po , 2011 .

[27]  Noushi Rahman,et al.  Measurement Issues in Environmental Corporate Social Responsibility (ECSR): Toward a Transparent, Reliable, and Construct Valid Instrument , 2012 .

[28]  Bob Duncan,et al.  Compliance with standards, assurance and audit: does this equal security? , 2014, SIN.

[29]  F. Chapin,et al.  Principles of ecosystem stewardship : resilience-based natural resource management in a changing world , 2009 .

[30]  Bob Duncan,et al.  Reflecting on Whether Checklists Can Tick the Box for Cloud Security , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[31]  Deb Bodeau,et al.  Cyber Resiliency Metrics, Version 1.0, Rev. 1 , 2012 .

[32]  Ivan Montiel,et al.  Defining and Measuring Corporate Sustainability , 2014 .

[33]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[34]  Samuel Kounev,et al.  Resilience Benchmarking , 2012, Resilience Assessment and Evaluation of Computing Systems.

[35]  Siani Pearson,et al.  Privacy Risk, Security, Accountability in the Cloud , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[36]  Thomas A Smith Secure design. , 2012, Health facilities management.

[37]  Bob Duncan,et al.  Company Management Approaches — Stewardship or Agency: Which Promotes Better Security in Cloud Ecosystems? , 2015, IEEE CLOUD 2015.

[38]  Graeme Auld,et al.  The New Corporate Social Responsibility , 2008 .

[39]  Indrajit Ray,et al.  Towards a Forensic-Based Service Oriented Architecture Framework for Auditing of Cloud Logs , 2013, 2013 IEEE Ninth World Congress on Services.

[40]  Barack Obama,et al.  Executive Order 13636: Improving Critical Infrastructure Cybersecurity , 2013 .

[41]  Igor Linkov,et al.  Resilience metrics for cyber systems , 2013, Environment Systems and Decisions.

[42]  Enrico Zio,et al.  Reliability engineering: Old problems and new challenges , 2009, Reliab. Eng. Syst. Saf..

[43]  Seleshi Sisaye,et al.  Corporate sustainability: historical development and reporting practices , 2012 .

[44]  David J. Pym,et al.  Developing a Conceptual Framework for Cloud Security Assurance , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[45]  Christopher J. Novak,et al.  2009 Data Breach Investigations Report , 2009 .

[46]  Dolores Butler,et al.  Accounting Standards Board , 2017 .

[47]  Erica Seville,et al.  Developing a Tool to Measure and Compare Organizations’ Resilience , 2013 .

[48]  Andrew Charlesworth,et al.  Accountability as a Way Forward for Privacy Protection in the Cloud , 2009, CloudCom.

[49]  D. Wood Measuring Corporate Social Performance: A Review , 2010 .

[50]  Igor Linkov,et al.  Measurable resilience for actionable policy. , 2013, Environmental science & technology.

[51]  Bob Duncan,et al.  Information Security in the Cloud: Should We be Using a Different Approach? , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[52]  Industrial Strategy Information security breaches survey , 2013 .

[53]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[54]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[55]  Kaja Prislan,et al.  Risk management with ISO 27000 standards in information security , 2010 .

[56]  Bob Duncan,et al.  The Importance of Proper Measurement for a Cloud Security Assurance Model , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[57]  S. Shiu,et al.  Enterprise Information Risk Management: Dealing with Cloud Computing , 2013 .

[58]  Morten Huse,et al.  Accountability and Creating Accountability: A Framework for Exploring Behavioural Perspectives of Corporate Governance , 2005 .

[59]  Christopher Millard,et al.  Who is Responsible for 'Personal Data' in Cloud Computing? The Cloud of Unknowing, Part 2 , 2011 .

[60]  Bob Duncan,et al.  Enhancing Cloud Security and Privacy: Broadening the Service Level Agreement , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[61]  Paal E. Engelstad,et al.  IncludeOS: A Minimal, Resource Efficient Unikernel for Cloud Services , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[62]  George T. Willingmyre Section 11. International standards at the crossroads , 1997, STAN.

[63]  Amiram Gill,et al.  Corporate Governance as Social Responsibility: A Research Agenda , 2007 .

[64]  Jin Tong,et al.  US Government Cloud Computing Technology Roadmap , 2014 .

[65]  Robert P. Goldberg,et al.  Formal requirements for virtualizable third generation architectures , 1973, SOSP 1973.

[66]  P. Kidwell,et al.  The mythical man-month: Essays on software engineering , 1996, IEEE Annals of the History of Computing.

[67]  Robert Anderson Keith Duncan,et al.  Enhancing Cloud Security and Privacy: The Unikernel Solution , 2017 .