To main content

Security Incident Information Exchange for Cloud Service Provisioning Chains

Security Incident Information Exchange for Cloud Service Provisioning Chains

Category
Journal publication
Abstract
Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, we argue the need for commonly agreed-upon incident information exchanges between providers to improve accountability of CSPs, and present both such a format and a prototype implementing it. The solution can handle simple incident information natively as well as embed standard representation formats for incident-sharing, such as IODEF and STIX. Preliminary interviews show a desire for such a solution. The discussion considers both technical challenges and non-technical aspects related to improving the situation for incident response in cloud-computing scenarios. Our solution holds the potential of making incident-sharing more efficient
Client
  • EC/FP7 / 317550
Language
English
Author(s)
Affiliation
  • SINTEF Digital / Software Engineering, Safety and Security
Year
2018
Published in
Cryptography
ISSN
2410-387X
Volume
2
Issue
4