Automated security compliance tool for the cloud

Thumbnail Image

Files

master_ullah_kazi_wali_2012.pdf (1.13 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2012

Department

Tietotekniikan laitos

Major/Subject

Tietokoneverkot

Mcode

T-110

Degree programme

Language

en

Pages

viii + 67 s.

Series

Abstract

Security, especially security compliance, is a major concern that is slowing down the large scale adoption of cloud computing in the enterprise environment. Business requirements, governmental regulations and trust are among the reasons why the enterprises require certain levels of security compliance from cloud providers. So far, this security compliance or auditing information has been generated by security specialists manually. This process involves manual data collection and assessment which is slow and incurs a high cost. Thus, there is a need for an automated compliance tool to verify and express the compliance level of various cloud providers. Such a tool can reduce the human intervention and eventually reduce the cost and time by verifying the compliance automatically. Also, the tool will enable the cloud providers to share their security compliance information using a common framework. In turn, the common framework allows clients to compare various cloud providers based on their security needs. Having these goals in mind, we have developed architecture to build an automated security compliance tool for a cloud computing platform. We have also outlined four possible approaches to achieve this automation. These possible four approaches refer to four design patterns to collect data from the cloud system and these are: API, vulnerability scanning, log analysis and manual entry. Finally, we have implemented a proof-of-concept prototype of this automated security compliance tool using the proposed architecture. This prototype implementation is integrated with OpenStack cloud platform, and the results are exposed to the users of the cloud following the CloudAudit API structure defined by Cloud Security Alliance.

Description

Supervisor

Aura, Tuomas
Gligoroski, Danilo

Thesis advisor

Ylitalo, Jukka
Abu Shohel, Ahmed

Keywords

security compliance, cloud audit, cloud control matrix, CCM, OpenStack, OpenVAS

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-201409252670

Collections

[dipl] Perustieteiden korkeakoulu / SCI