Automated security compliance tool for the cloud

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Ylitalo, Jukka
dc.contributor.advisor Abu Shohel, Ahmed
dc.contributor.author Ullah, Kazi Wali
dc.date.accessioned 2014-09-25T08:35:26Z
dc.date.available 2014-09-25T08:35:26Z
dc.date.issued 2012
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/14042
dc.description.abstract Security, especially security compliance, is a major concern that is slowing down the large scale adoption of cloud computing in the enterprise environment. Business requirements, governmental regulations and trust are among the reasons why the enterprises require certain levels of security compliance from cloud providers. So far, this security compliance or auditing information has been generated by security specialists manually. This process involves manual data collection and assessment which is slow and incurs a high cost. Thus, there is a need for an automated compliance tool to verify and express the compliance level of various cloud providers. Such a tool can reduce the human intervention and eventually reduce the cost and time by verifying the compliance automatically. Also, the tool will enable the cloud providers to share their security compliance information using a common framework. In turn, the common framework allows clients to compare various cloud providers based on their security needs. Having these goals in mind, we have developed architecture to build an automated security compliance tool for a cloud computing platform. We have also outlined four possible approaches to achieve this automation. These possible four approaches refer to four design patterns to collect data from the cloud system and these are: API, vulnerability scanning, log analysis and manual entry. Finally, we have implemented a proof-of-concept prototype of this automated security compliance tool using the proposed architecture. This prototype implementation is integrated with OpenStack cloud platform, and the results are exposed to the users of the cloud following the CloudAudit API structure defined by Cloud Security Alliance. en
dc.format.extent viii + 67 s.
dc.format.mimetype application/pdf
dc.language.iso en en
dc.title Automated security compliance tool for the cloud en
dc.type G2 Pro gradu, diplomityö fi
dc.contributor.school Perustieteiden korkeakoulu fi
dc.contributor.department Tietotekniikan laitos fi
dc.subject.keyword security compliance en
dc.subject.keyword cloud audit en
dc.subject.keyword cloud control matrix en
dc.subject.keyword CCM en
dc.subject.keyword OpenStack en
dc.subject.keyword OpenVAS en
dc.identifier.urn URN:NBN:fi:aalto-201409252670
dc.type.dcmitype text en
dc.programme.major Tietokoneverkot fi
dc.programme.mcode T-110
dc.type.ontasot Diplomityö fi
dc.type.ontasot Master's thesis en
dc.contributor.supervisor Aura, Tuomas
dc.contributor.supervisor Gligoroski, Danilo


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive


Advanced Search

article-iconSubmit a publication

Browse

My Account