TY - GEN
T1 - Cloud Security Automation Framework
AU - Tunc, Cihan
AU - Hariri, Salim
AU - Merzouki, Mheni
AU - Mahmoudi, Charif
AU - Vaulx, Frederic J.De
AU - Chbili, Jaafar
AU - Bohn, Robert
AU - Battou, Abdella
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/10/9
Y1 - 2017/10/9
N2 - Cloud services have gained tremendous attentionas a utility paradigm and have been deployed extensively across awide range of fields. However, Cloud security is not catching upto the fast adoption of its services and remains one of the biggestchallenges for Cloud Service Providers (CSPs) and Cloud ServiceConsumers (CSCs) from the industry, government, andacademia. These institutions are increasingly faced with threatssuch as DoS/DDoS attacks, ransomware attacks, and databreaches that are affecting the confidentiality, integrity, andavailability of the cloud system resources. In the current cloudsystems, security requires manual translation of securityrequirements into controls. Such an approach can be for themost part labor intensive, tedious, and error-prone leading toinevitable misconfigurations rendering the system-At-handvulnerable to misuse, either malicious or unintentional.Therefore, it is of utmost importance to automate theconfiguration of the cloud systems per the client's securityrequirements steering clear from the caveats of the manualapproach. Furthermore, cloud systems need to be continuouslymonitored for any misconfigurations. This paper presents amethodology allowing for cloud security automation anddemonstrates how a cloud environment can be automaticallyconfigured to implement a set of NIST SP 800-53 securitycontrols. In addition, this paper shows how the implementationof these controls in the cloud systems can be continuouslymonitored and validated.
AB - Cloud services have gained tremendous attentionas a utility paradigm and have been deployed extensively across awide range of fields. However, Cloud security is not catching upto the fast adoption of its services and remains one of the biggestchallenges for Cloud Service Providers (CSPs) and Cloud ServiceConsumers (CSCs) from the industry, government, andacademia. These institutions are increasingly faced with threatssuch as DoS/DDoS attacks, ransomware attacks, and databreaches that are affecting the confidentiality, integrity, andavailability of the cloud system resources. In the current cloudsystems, security requires manual translation of securityrequirements into controls. Such an approach can be for themost part labor intensive, tedious, and error-prone leading toinevitable misconfigurations rendering the system-At-handvulnerable to misuse, either malicious or unintentional.Therefore, it is of utmost importance to automate theconfiguration of the cloud systems per the client's securityrequirements steering clear from the caveats of the manualapproach. Furthermore, cloud systems need to be continuouslymonitored for any misconfigurations. This paper presents amethodology allowing for cloud security automation anddemonstrates how a cloud environment can be automaticallyconfigured to implement a set of NIST SP 800-53 securitycontrols. In addition, this paper shows how the implementationof these controls in the cloud systems can be continuouslymonitored and validated.
KW - automation
KW - cloud computing
KW - cybersecurity
UR - https://www.scopus.com/pages/publications/85035194453
UR - https://www.scopus.com/pages/publications/85035194453#tab=citedBy
U2 - 10.1109/FAS-W.2017.164
DO - 10.1109/FAS-W.2017.164
M3 - Conference contribution
AN - SCOPUS:85035194453
T3 - Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
SP - 307
EP - 312
BT - Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2nd IEEE International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
Y2 - 18 September 2017 through 22 September 2017
ER -