search query: @instructor Ylitalo, Jukka / total: 3
reference: 1 / 3
« previous | next »
Author: | Ullah, Kazi Wali |
Title: | Automated security compliance tool for the cloud |
Publication type: | Master's thesis |
Publication year: | 2012 |
Pages: | viii + 64 s. + liitt. 3 Language: eng |
Department/School: | Tietotekniikan laitos |
Main subject: | Tietokoneverkot (T-110) |
Supervisor: | Aura, Tuomas ; Gligoroski, Danilo |
Instructor: | Ylitalo, Jukka ; Abu Shohel, Ahmed |
Electronic version URL: | http://urn.fi/URN:NBN:fi:aalto-201409252670 |
OEVS: | Electronic archive copy is available via Aalto Thesis Database.
Instructions Reading digital theses in the closed network of the Aalto University Harald Herlin Learning CentreIn the closed network of Learning Centre you can read digital and digitized theses not available in the open network. The Learning Centre contact details and opening hours: https://learningcentre.aalto.fi/en/harald-herlin-learning-centre/ You can read theses on the Learning Centre customer computers, which are available on all floors.
Logging on to the customer computers
Opening a thesis
Reading the thesis
Printing the thesis
|
Location: | P1 Ark Aalto 6933 | Archive |
Keywords: | security compliance cloud audit cloud control matrix CCM OpenStack OpenVAS |
Abstract (eng): | Security, especially security compliance, is a major concern that is slowing down the large scale adoption of cloud computing in the enterprise environment. Business requirements, governmental regulations and trust are among the reasons why the enterprises require certain levels of security compliance from cloud providers. So far, this security compliance or auditing information has been generated by security specialists manually. This process involves manual data collection and assessment which is slow and incurs a high cost. Thus, there is a need for an automated compliance tool to verify and express the compliance level of various cloud providers. Such a tool can reduce the human intervention and eventually reduce the cost and time by verifying the compliance automatically. Also, the tool will enable the cloud providers to share their security compliance information using a common framework. In turn, the common framework allows clients to compare various cloud providers based on their security needs. Having these goals in mind, we have developed architecture to build an automated security compliance tool for a cloud computing platform. We have also outlined four possible approaches to achieve this automation. These possible four approaches refer to four design patterns to collect data from the cloud system and these are: API, vulnerability scanning, log analysis and manual entry. Finally, we have implemented a proof-of-concept prototype of this automated security compliance tool using the proposed architecture. This prototype implementation is integrated with OpenStack cloud platform, and the results are exposed to the users of the cloud following the CloudAudit API structure defined by Cloud Security Alliance. |
ED: | 2012-09-04 |
INSSI record number: 45206
+ add basket
« previous | next »
INSSI