论文信息 - Enforcing confidentiality in a SaaS cloud environment

Enforcing confidentiality in a SaaS cloud environment

Achieving confidentiality is a critical concern that deters enterprises from using public cloud services. In the environment of Public Software as a Service (SaaS) it is even more serious because customers lose their system controls, and rigid service level agreements do not state detail security protection methods and provide sufficient legal guarantees. To resolve these issues, this paper proposes the concept of a SaaS Confidentiality Risk Management (SCoRiM) Framework as a holistic and flexible approach to enable small and medium sized enterprises to protect their critical data. It is aimed to enhance the data confidentiality management with and without support from the providers throughout the entire SaaS integrated system development life cycle.

[1] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[2] Daniele Micciancio,et al. A first glimpse of cryptography's Holy Grail , 2010, CACM.

[3] Boûo Nikoli ć,et al. Risk Assessment of Information Technology Systems , 2009 .

[4] Daniel J. Solove. A Taxonomy of Privacy , 2006 .

[5] Annie I. Antón,et al. The Use of Goals to Extract Privacy and Security Requirements from Policy Statements , 2003 .

[6] Robert W. Shirey,et al. Internet Security Glossary , 2000, RFC.

[7] Axel van Lamsweerde,et al. Reasoning about confidentiality at requirements engineering time , 2005, ESEC/FSE-13.

[8] Martijn Warnier,et al. Privacy Regulations for Cloud Computing: Compliance and Implementation in Theory and Practice , 2011, Computers, Privacy and Data Protection.

[9] Bozo Nikolic,et al. Risk Assessment of Information Technology Systems , 2009 .

[10] Yuyu Chou,et al. Risk Assessment for Cloud-Based IT Systems , 2011, Int. J. Grid High Perform. Comput..

[11] Gerald V. Post,et al. A Stochastic Dominance Approach to Risk Analysis of Computer Systems , 1986, MIS Q..

[12] Daniele Catteddu,et al. Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[13] Houston H. Carr,et al. Risk Analysis for Information Technology , 1991, J. Manag. Inf. Syst..

[14] Craig Gentry,et al. Fully homomorphic encryption using ideal lattices , 2009, STOC '09.