Next Article in Journal
CMCC: Misuse Resistant Authenticated Encryption with Minimal Ciphertext Expansion
Previous Article in Journal
Redundancy in Key Management for WSNs
Article Menu

Export Article

Open AccessArticle
Cryptography 2018, 2(4), 41; https://doi.org/10.3390/cryptography2040041

Security Incident Information Exchange for Cloud Service Provisioning Chains

SINTEF Digital, Postbox 4760 Torgarden, 7465 Trondheim, Norway
Current address: Strindvegen 4, 7034 Trondheim, Norway.
*
Author to whom correspondence should be addressed.
Received: 30 October 2018 / Revised: 23 November 2018 / Accepted: 5 December 2018 / Published: 11 December 2018
(This article belongs to the Special Issue Cloud, IoT and Software Defined Networks Security)
Full-Text   |   PDF [4699 KB, uploaded 11 December 2018]   |  

Abstract

Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, we argue the need for commonly agreed-upon incident information exchanges between providers to improve accountability of CSPs, and present both such a format and a prototype implementing it. The solution can handle simple incident information natively as well as embed standard representation formats for incident-sharing, such as IODEF and STIX. Preliminary interviews show a desire for such a solution. The discussion considers both technical challenges and non-technical aspects related to improving the situation for incident response in cloud-computing scenarios. Our solution holds the potential of making incident-sharing more efficient. View Full-Text
Keywords: incident response; cloud computing; accountability incident response; cloud computing; accountability
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Frøystad, C.; Tøndel, I.A.; Jaatun, M.G. Security Incident Information Exchange for Cloud Service Provisioning Chains. Cryptography 2018, 2, 41.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Cryptography EISSN 2410-387X Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top