Research Outputs

2016 2016 0.0 0.0 0.5 0.5 1.0 1.0 1.5 1.5 2.0 2.0 2.5 2.5 3.0 3.0
Now showing 1 - 3 of 3
  • Publication
    Harmonized Monitoring for High Assurance Clouds
    (IEEE, 2016-04-18) ;
    Balaban, Silvia 
    ;
    ;
    Hudic, Aleksandar 
    ;
    Mauthe, Andreas 
    ;
    Hutchison, David 
    Due to a lack of transparency in cloud based services well-defined security levels cannot be assured within current cloud infrastructures. Hence sectors with stringent security requirements hesitate to migrate their services to the cloud. This applies especially when considering services where high security requirements are combined with legal constraints. To tackle this challenge this paper presents an extension to our existing work on assurance methodologies in cloud based environments by investigating how current state of the art monitoring solutions can be used to support assurance throughout the entire infrastructure. A case study is used in which monitoring information representing a set of relevant security properties is being collected. As result, we propose that a combination of existing tools should be used to harmonize existing monitoring artifacts. We describe and evaluate an Evidence Gathering Mechanism (EGM) that provides this harmonization and show how this can support assurance. This can also underpin legal proceedings from an evidence law perspective.
      165Scopus© Citations 8
  • Publication
    Towards Resilience Metrics for Future Cloud Applications
    (2016)
    Novak, Marko 
    ;
    Shirazi, Syed Noorulhassan 
    ;
    Hudic, Aleksandar 
    ;
    Hecht, Thomas 
    ;
    ;
    Hutchison, David 
    ;
    ;
    An analysis of new technologies can yield insight into the way these technologies will be used. Inevitably, new technologies and their uses are likely to result in new security issues regarding threats, vulnerabilities and attack vectors. In this paper, we investigate and analyse technological and security trends and their potential to become future threats by systematically examining industry reports on existing technologies. Using a cloud computing use case we identify potential resilience metrics that can shed light on the security properties of the system.
      146Scopus© Citations 4