Published: September 18, 2017
Author(s)
Cihan Tunc (NIST), Salim Hariri (University of Arizona), Mheni Merzouki (NIST), Charif Mahmoudi (NIST), Frederic de Vaulx (NIST), Jaafar Chbili (NIST), Robert Bohn (NIST), Abdella Battou (NIST)
Conference
Name: 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS*W)
Dates: 09/18/2017 - 09/22/2017
Location: Tucson, Arizona, United States
Citation: 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS*W), pp. 307-312
Cloud services have gained tremendous attention as a utility paradigm and have been deployed extensively across a wide range of fields. However, Cloud security is not catching up to the fast adoption of its services and remains one of the biggest challenges for Cloud Service Providers (CSPs) and Cloud Service Consumers (CSCs) from the industry, government, and academia. These institutions are increasingly faced with threats such as DoS/DDoS attacks, ransomware attacks, and data breaches that are affecting the confidentiality, integrity, and availability of the cloud system resources. In the current cloud systems, security requires manual translation of security requirements into controls. Such an approach can be for the most part labor intensive, tedious, and error-prone leading to inevitable misconfigurations rendering the system-at-hand vulnerable to misuse, either malicious or unintentional. Therefore, it is of utmost importance to automate the configuration of the cloud systems per the client's security requirements steering clear from the caveats of the manual approach. Furthermore, cloud systems need to be continuously monitored for any misconfigurations. This paper presents a methodology allowing for cloud security automation and demonstrates how a cloud environment can be automatically configured to implement a set of NIST SP 800-53 security controls. In addition, this paper shows how the implementation of these controls in the cloud systems can be continuously monitored and validated.
Cloud services have gained tremendous attention as a utility paradigm and have been deployed extensively across a wide range of fields. However, Cloud security is not catching up to the fast adoption of its services and remains one of the biggest challenges for Cloud Service Providers (CSPs) and...
See full abstract
Cloud services have gained tremendous attention as a utility paradigm and have been deployed extensively across a wide range of fields. However, Cloud security is not catching up to the fast adoption of its services and remains one of the biggest challenges for Cloud Service Providers (CSPs) and Cloud Service Consumers (CSCs) from the industry, government, and academia. These institutions are increasingly faced with threats such as DoS/DDoS attacks, ransomware attacks, and data breaches that are affecting the confidentiality, integrity, and availability of the cloud system resources. In the current cloud systems, security requires manual translation of security requirements into controls. Such an approach can be for the most part labor intensive, tedious, and error-prone leading to inevitable misconfigurations rendering the system-at-hand vulnerable to misuse, either malicious or unintentional. Therefore, it is of utmost importance to automate the configuration of the cloud systems per the client's security requirements steering clear from the caveats of the manual approach. Furthermore, cloud systems need to be continuously monitored for any misconfigurations. This paper presents a methodology allowing for cloud security automation and demonstrates how a cloud environment can be automatically configured to implement a set of NIST SP 800-53 security controls. In addition, this paper shows how the implementation of these controls in the cloud systems can be continuously monitored and validated.
Hide full abstract
Keywords
cloud computing; cybersecurity; automation
Control Families
None selected