Toward risk assessment as a service in cloud environments

Authors:
Burton S. Kaliski, Jr.;Wayne Pauley
Affiliations:
EMC Corporation, Hopkinton, MA;EMC Corporation, Hopkinton, MA
Venue:
HotCloud'10 Proceedings of the 2nd USENIX conference on Hot topics in cloud computing
Year:
2010

Citing 14
Cited 3

The Vision of Autonomic Computing

Computer
Automated SLA Monitoring for Web Services

DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
Automated and Safe Vulnerability Assessment

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
A framework for comparing different information security risk analysis methodologies

SAICSIT '05 Proceedings of the 2005 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries
Context-aware privacy protection with profile management

WMASH '06 Proceedings of the 4th international workshop on Wireless mobile applications and services on WLAN hotspots
Pors: proofs of retrievability for large files

Proceedings of the 14th ACM conference on Computer and communications security
A survey of autonomic computing—degrees, models, and applications

ACM Computing Surveys (CSUR)
Dynamic privacy assessment in a smart house environment using multimodal sensing

ACM Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP)
Guidelines for secure software development

Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology
Multi-tenant Cloud Computing: From Cruise Liners to Container Ships

APTC '08 Proceedings of the 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference
Trusting the cloud

ACM SIGACT News
A client-based privacy manager for cloud computing

Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Proceedings of the 16th ACM conference on Computer and communications security
An ontology-based approach to information systems security management

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security

Trustworthy clouds underpinning the future internet

The future internet
Designing a Secure Cloud Architecture: The SeCA Model

International Journal of Information Security and Privacy
A framework for SLA management in cloud computing for informed decision making

Cluster Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security and privacy assessments are considered a best practice for evaluating a system or application for potential risks and exposures. Cloud computing introduces several characteristics that challenge the effectiveness of current assessment approaches. In particular, the on-demand, automated, multi-tenant nature of cloud computing is at odds with the static, human process-oriented nature of the systems for which typical assessments were designed. This paper describes these challenges and recommends addressing them by introducing risk assessment as a service.