Tauber, Markus

Thumbnail Image
Official Name
Tauber, Markus
Akademische Titel
Ehemaliger FH Mitarbeiter
Web Site
Scopus Author ID
37058207900
Status
exstaff

Research Outputs

2016 2016 2015 2015 2014 2014 0.0 0.0 0.5 0.5 1.0 1.0 1.5 1.5 2.0 2.0 2.5 2.5 3.0 3.0

Filters

2
6
Reset filters

Settings

Now showing 1 - 6 of 6
  • No Thumbnail Available
    Publication
    Harmonized Monitoring for High Assurance Clouds
    (IEEE, 2016-04-18)
    Bicaku, Ani 
    ;
    Balaban, Silvia 
    ;
    Tauber, Markus 
    ;
    Hudic, Aleksandar 
    ;
    Mauthe, Andreas 
    ;
    Hutchison, David 
    Due to a lack of transparency in cloud based services well-defined security levels cannot be assured within current cloud infrastructures. Hence sectors with stringent security requirements hesitate to migrate their services to the cloud. This applies especially when considering services where high security requirements are combined with legal constraints. To tackle this challenge this paper presents an extension to our existing work on assurance methodologies in cloud based environments by investigating how current state of the art monitoring solutions can be used to support assurance throughout the entire infrastructure. A case study is used in which monitoring information representing a set of relevant security properties is being collected. As result, we propose that a combination of existing tools should be used to harmonize existing monitoring artifacts. We describe and evaluate an Evidence Gathering Mechanism (EGM) that provides this harmonization and show how this can support assurance. This can also underpin legal proceedings from an evidence law perspective.
      165  1Scopus© Citations 8
  • No Thumbnail Available
    Publication
    Impact of Critical Infrastructure Requirements on Service Migration Guidelines to the Cloud
    (IEEE, 2015)
    Wagner, Christian 
    ;
    Hudic, Aleksandar 
    ;
    Maksuti, Silia 
    ;
    Tauber, Markus 
    ;
    Pallas, Frank 
    A high level of information security in critical infrastructure IT systems and services has to be preserved when migrating their IT services to the cloud. Often various legislative and security constraints have to be met in line with best practice guidelines and international standards to perform the migration. To support the critical infrastructure providers in migrating their services to the cloud we are developing a process based migration guideline for critical infrastructure providers focusing on information security. First of all we investigate, via questionnaires, how the importance of individual security topics covered in such guidelines differentiates between industry stakeholders and critical infrastructure providers. This supports the selection of relevant security topics and the considered guidelines and standards, which we survey in search for common relevant security topics. Subsequently we present the analysis of the above-mentioned security requirements and how they affect a here developed taxonomy for a process-based security guideline. Furthermore we present potential service migration use cases and how our methodology would affect the migration of secure critical infrastructure services.
      151  1Scopus© Citations 4
  • No Thumbnail Available
    Publication
    Towards continuous Cloud Service Assurance for Critical Infrastructure IT
    (2014-08-27)
    Hudic, A. 
    ;
    Mauthe, A. 
    ;
    Caceres, S. 
    ;
    Hecht, T. 
    ;
    Tauber, Markus 
    The momentum behind Cloud Computing has revolutionized how ICT services are provided, adopted and delivered. Features such as high scalability, fast provisioning, on demand resource availability makes it an attractive proposition for deploying complex and demanding systems. Clouds are also very suitable for deploying systems with unpredictable load patterns including Critical infrastructure services. Though, the major obstacle in hosting Critical infrastructures is often a lack of assurance. The transparency and flexibility offered by the Cloud, abstracts per definition over e.g. data placement, hardware, service migration. This makes it very hard to assure security properties. We present an investigation of assurance approaches, an analysis of their suitability for Critical Infrastructure Services being deployed in the Cloud and presents our approach.
      119  1Scopus© Citations 8
  • No Thumbnail Available
    Publication
    Categorization of Standards, Guidelines and Tools for Secure System Design for Critical Infrastructure IT in the Cloud
    (2015)
    Paudel, S. 
    ;
    Tauber, Markus 
    ;
    Wagner, C. 
    ;
    Hudic, A. 
    ;
    Ng, Wee-Kong 
    With the increasing popularity of cloud computing, security in cloud-based applications is gaining awareness and is regarded as one of the most crucial factors for the long term success of such applications. Despite all benefits of cloud computing, its fate lies in its success in gaining trust from its users achieved by ensuring cloud services being built in a safe and secure manner. This work evaluates existing security standards and tools for creating Critical Infrastructure (CI) services in cloud environments -- often implemented as cyber physical systems (CPS). We also identify security issues from a literature review and from a show case analysis. Furthermore, we analyse and evaluate how mitigation options for identified open security issues for CI in the cloud point to individual aspects of standards and guidelines to support the creation of secure CPS/CI in the cloud. Additionally, we presented the results in a multidimensional taxonomy based on the mapping of the issues and the standards and tools. We show which areas require the attention as they are currently not covered completely by existing standards, guidelines and tools.
      138  1Scopus© Citations 2
  • No Thumbnail Available
    Publication
    Towards Resilience Metrics for Future Cloud Applications
    (2016)
    Novak, Marko 
    ;
    Shirazi, Syed Noorulhassan 
    ;
    Hudic, Aleksandar 
    ;
    Hecht, Thomas 
    ;
    Tauber, Markus 
    ;
    Hutchison, David 
    ;
    Maksuti, Silia 
    ;
    Bicaku, Ani 
    An analysis of new technologies can yield insight into the way these technologies will be used. Inevitably, new technologies and their uses are likely to result in new security issues regarding threats, vulnerabilities and attack vectors. In this paper, we investigate and analyse technological and security trends and their potential to become future threats by systematically examining industry reports on existing technologies. Using a cloud computing use case we identify potential resilience metrics that can shed light on the security properties of the system.
      147  1Scopus© Citations 4
  • No Thumbnail Available
    Publication
    A Multi-Layer and Multi-Tenant Cloud Assurance Evaluation Methodology
    (2015)
    Hudic, A. 
    ;
    Tauber, Markus 
    ;
    Loruenser, T. 
    ;
    Krotsiani, M. 
    ;
    Spanoudakis, G. 
    ;
    Mauthe, A. 
    ;
    Weippl, E. 
    Data with high security requirements is being processed and stored with increasing frequency in the Cloud. To guarantee that the data is being dealt in a secure manner we investigate the applicability of Assurance methodologies. In a typical Cloud environment the setup of multiple layers and different stakeholders determines security properties of individual components that are used to compose Cloud applications. We present a methodology adapted from Common Criteria for aggregating information reflecting the security properties of individual constituent components of Cloud applications. This aggregated information is used to categorise overall application security in terms of Assurance Levels and to provide a continuous assurance level evaluation. It gives the service owner an overview of the security of his service, without requiring detailed manual analyses of log files.
      153  3Scopus© Citations 8