File(s) under permanent embargo

Collaboration-based cloud computing security management framework

conference contribution
posted on 2011-09-29, 00:00 authored by M Almorsy, John Grundy, Amani Ibrahim
Although the cloud computing model is considered to be a very promising internet-based computing platform, it results in a loss of security control over the cloud-hosted assets. This is due to the outsourcing of enterprise IT assets hosted on third-party cloud computing platforms. Moreover, the lack of security constraints in the Service Level Agreements between the cloud providers and consumers results in a loss of trust as well. Obtaining a security certificate such as ISO 27000 or NIST-FISMA would help cloud providers improve consumers trust in their cloud platforms' security. However, such standards are still far from covering the full complexity of the cloud computing model. We introduce a new cloud security management framework based on aligning the FISMA standard to fit with the cloud computing model, enabling cloud providers and consumers to be security certified. Our framework is based on improving collaboration between cloud providers, service providers and service consumers in managing the security of the cloud platform and the hosted services. It is built on top of a number of security standards that assist in automating the security management process. We have developed a proof of concept of our framework using .NET and deployed it on a testbed cloud platform. We evaluated the framework by managing the security of a multi-tenant SaaS application exemplar.



Cloud Computing. International Conference (4th : 2011 : Washington, D.C.)


364 - 371




Washington, D.C.

Place of publication

Piscataway, N.J.

Start date


End date






Publication classification

E Conference publication; E1.1 Full written paper - refereed

Copyright notice

2011, IEEE

Title of proceedings

CLOUD 2011 : Change We Are Leading : Proceedings of the IEEE 4th International Conference on Cloud Computing 2011