Change search
ReferencesLink to record
Permanent link

Direct link
Automated Security Compliance Tool for the Cloud
Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Telematics.
2012 (English)MasteroppgaveStudent thesis
Abstract [en]

Security, especially security compliance, is a major concern that is slowing down the large scale adoption of cloud computing in the enterprise environment. Business requirements, governmental regulations and trust are among the reasons why the enterprises require certain levels of security compliance from cloud providers. So far, this security compliance or auditing information has been generated by security specialists manually. This process involves manual data collection and assessment which is slow and incurs a high cost. Thus, there is a need for an automated compliance tool to verify and express the compliance level of various cloud providers. Such a tool can reduce the human intervention and eventually reduce the cost and time by verifying the compliance automatically. Also, the tool will enable the cloud providers to share their security compliance information using a common framework. In turn, the common framework allows clients to compare various cloud providers based on their security needs. Having these goals in mind, we have developed an architecture to build an automated security compliance tool for a cloud computing platform. We have also outlined four possible approaches to achieve this automation. These possible four approaches refer to four design patterns to collect data from the cloud system and these are: API, vulnerability scanning, log analysis and manual entry. Finally, we have implemented a proof-of-concept prototype of this automated security compliance tool using the proposed architecture. This prototype implementation is integrated with OpenStack cloud platform, and the results are exposed to the users of the cloud following the CloudAudit API structure defined by Cloud Security Alliance.

Place, publisher, year, edition, pages
Institutt for telematikk , 2012. , 75 p.
Keyword [no]
ntnudaim:7219, MSSECMOB Master in Security and Mobile Computing
URN: urn:nbn:no:ntnu:diva-19104Local ID: ntnudaim:7219OAI: diva2:566478
Available from: 2012-11-08 Created: 2012-11-08

Open Access in DiVA

fulltext(1320 kB)418 downloads
File information
File name FULLTEXT01.pdfFile size 1320 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(184 kB)25 downloads
File information
File name COVER01.pdfFile size 184 kBChecksum SHA-512
Type coverMimetype application/pdf

By organisation
Department of Telematics

Search outside of DiVA

GoogleGoogle Scholar
Total: 418 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 519 hits
ReferencesLink to record
Permanent link

Direct link