Cloud Security Automation Framework

Cihan Tunc, Salim A Hariri, Mheni Merzouki, Charif Mahmoudi, Frederic J.De Vaulx, Jaafar Chbili, Robert Bohn, Abdella Battou

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Cloud services have gained tremendous attentionas a utility paradigm and have been deployed extensively across awide range of fields. However, Cloud security is not catching upto the fast adoption of its services and remains one of the biggestchallenges for Cloud Service Providers (CSPs) and Cloud ServiceConsumers (CSCs) from the industry, government, andacademia. These institutions are increasingly faced with threatssuch as DoS/DDoS attacks, ransomware attacks, and databreaches that are affecting the confidentiality, integrity, andavailability of the cloud system resources. In the current cloudsystems, security requires manual translation of securityrequirements into controls. Such an approach can be for themost part labor intensive, tedious, and error-prone leading toinevitable misconfigurations rendering the system-At-handvulnerable to misuse, either malicious or unintentional.Therefore, it is of utmost importance to automate theconfiguration of the cloud systems per the client's securityrequirements steering clear from the caveats of the manualapproach. Furthermore, cloud systems need to be continuouslymonitored for any misconfigurations. This paper presents amethodology allowing for cloud security automation anddemonstrates how a cloud environment can be automaticallyconfigured to implement a set of NIST SP 800-53 securitycontrols. In addition, this paper shows how the implementationof these controls in the cloud systems can be continuouslymonitored and validated.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages307-312
Number of pages6
ISBN (Electronic)9781509065585
DOIs
StatePublished - Oct 9 2017
Externally publishedYes
Event2nd IEEE International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017 - Tucson, United States
Duration: Sep 18 2017Sep 22 2017

Other

Other2nd IEEE International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
CountryUnited States
CityTucson
Period9/18/179/22/17

Fingerprint

Automation
Personnel
Industry
Malware

Keywords

  • automation
  • cloud computing
  • cybersecurity

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Computational Mechanics

Cite this

Tunc, C., Hariri, S. A., Merzouki, M., Mahmoudi, C., Vaulx, F. J. D., Chbili, J., ... Battou, A. (2017). Cloud Security Automation Framework. In Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017 (pp. 307-312). [8064140] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/FAS-W.2017.164

Cloud Security Automation Framework. / Tunc, Cihan; Hariri, Salim A; Merzouki, Mheni; Mahmoudi, Charif; Vaulx, Frederic J.De; Chbili, Jaafar; Bohn, Robert; Battou, Abdella.

Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 307-312 8064140.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Tunc, C, Hariri, SA, Merzouki, M, Mahmoudi, C, Vaulx, FJD, Chbili, J, Bohn, R & Battou, A 2017, Cloud Security Automation Framework. in Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017., 8064140, Institute of Electrical and Electronics Engineers Inc., pp. 307-312, 2nd IEEE International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017, Tucson, United States, 9/18/17. https://doi.org/10.1109/FAS-W.2017.164
Tunc C, Hariri SA, Merzouki M, Mahmoudi C, Vaulx FJD, Chbili J et al. Cloud Security Automation Framework. In Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 307-312. 8064140 https://doi.org/10.1109/FAS-W.2017.164
Tunc, Cihan ; Hariri, Salim A ; Merzouki, Mheni ; Mahmoudi, Charif ; Vaulx, Frederic J.De ; Chbili, Jaafar ; Bohn, Robert ; Battou, Abdella. / Cloud Security Automation Framework. Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 307-312
@inproceedings{3cf32e225fd24249b7f80b8eb6775578,
title = "Cloud Security Automation Framework",
abstract = "Cloud services have gained tremendous attentionas a utility paradigm and have been deployed extensively across awide range of fields. However, Cloud security is not catching upto the fast adoption of its services and remains one of the biggestchallenges for Cloud Service Providers (CSPs) and Cloud ServiceConsumers (CSCs) from the industry, government, andacademia. These institutions are increasingly faced with threatssuch as DoS/DDoS attacks, ransomware attacks, and databreaches that are affecting the confidentiality, integrity, andavailability of the cloud system resources. In the current cloudsystems, security requires manual translation of securityrequirements into controls. Such an approach can be for themost part labor intensive, tedious, and error-prone leading toinevitable misconfigurations rendering the system-At-handvulnerable to misuse, either malicious or unintentional.Therefore, it is of utmost importance to automate theconfiguration of the cloud systems per the client's securityrequirements steering clear from the caveats of the manualapproach. Furthermore, cloud systems need to be continuouslymonitored for any misconfigurations. This paper presents amethodology allowing for cloud security automation anddemonstrates how a cloud environment can be automaticallyconfigured to implement a set of NIST SP 800-53 securitycontrols. In addition, this paper shows how the implementationof these controls in the cloud systems can be continuouslymonitored and validated.",
keywords = "automation, cloud computing, cybersecurity",
author = "Cihan Tunc and Hariri, {Salim A} and Mheni Merzouki and Charif Mahmoudi and Vaulx, {Frederic J.De} and Jaafar Chbili and Robert Bohn and Abdella Battou",
year = "2017",
month = "10",
day = "9",
doi = "10.1109/FAS-W.2017.164",
language = "English (US)",
pages = "307--312",
booktitle = "Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Cloud Security Automation Framework

AU - Tunc, Cihan

AU - Hariri, Salim A

AU - Merzouki, Mheni

AU - Mahmoudi, Charif

AU - Vaulx, Frederic J.De

AU - Chbili, Jaafar

AU - Bohn, Robert

AU - Battou, Abdella

PY - 2017/10/9

Y1 - 2017/10/9

N2 - Cloud services have gained tremendous attentionas a utility paradigm and have been deployed extensively across awide range of fields. However, Cloud security is not catching upto the fast adoption of its services and remains one of the biggestchallenges for Cloud Service Providers (CSPs) and Cloud ServiceConsumers (CSCs) from the industry, government, andacademia. These institutions are increasingly faced with threatssuch as DoS/DDoS attacks, ransomware attacks, and databreaches that are affecting the confidentiality, integrity, andavailability of the cloud system resources. In the current cloudsystems, security requires manual translation of securityrequirements into controls. Such an approach can be for themost part labor intensive, tedious, and error-prone leading toinevitable misconfigurations rendering the system-At-handvulnerable to misuse, either malicious or unintentional.Therefore, it is of utmost importance to automate theconfiguration of the cloud systems per the client's securityrequirements steering clear from the caveats of the manualapproach. Furthermore, cloud systems need to be continuouslymonitored for any misconfigurations. This paper presents amethodology allowing for cloud security automation anddemonstrates how a cloud environment can be automaticallyconfigured to implement a set of NIST SP 800-53 securitycontrols. In addition, this paper shows how the implementationof these controls in the cloud systems can be continuouslymonitored and validated.

AB - Cloud services have gained tremendous attentionas a utility paradigm and have been deployed extensively across awide range of fields. However, Cloud security is not catching upto the fast adoption of its services and remains one of the biggestchallenges for Cloud Service Providers (CSPs) and Cloud ServiceConsumers (CSCs) from the industry, government, andacademia. These institutions are increasingly faced with threatssuch as DoS/DDoS attacks, ransomware attacks, and databreaches that are affecting the confidentiality, integrity, andavailability of the cloud system resources. In the current cloudsystems, security requires manual translation of securityrequirements into controls. Such an approach can be for themost part labor intensive, tedious, and error-prone leading toinevitable misconfigurations rendering the system-At-handvulnerable to misuse, either malicious or unintentional.Therefore, it is of utmost importance to automate theconfiguration of the cloud systems per the client's securityrequirements steering clear from the caveats of the manualapproach. Furthermore, cloud systems need to be continuouslymonitored for any misconfigurations. This paper presents amethodology allowing for cloud security automation anddemonstrates how a cloud environment can be automaticallyconfigured to implement a set of NIST SP 800-53 securitycontrols. In addition, this paper shows how the implementationof these controls in the cloud systems can be continuouslymonitored and validated.

KW - automation

KW - cloud computing

KW - cybersecurity

UR - http://www.scopus.com/inward/record.url?scp=85035194453&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85035194453&partnerID=8YFLogxK

U2 - 10.1109/FAS-W.2017.164

DO - 10.1109/FAS-W.2017.164

M3 - Conference contribution

AN - SCOPUS:85035194453

SP - 307

EP - 312

BT - Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -