Article: A user oriented cloud security evaluation framework Journal: International Journal of Trust Management in Computing and Communications (IJTMCC) 2015 Vol.3 No.2 pp.168 - 192 Abstract: Recent trends within the IT industry have led to a tectonic shift in the way organisations utilise information systems to yield maximum efficiency. Cloud services are the cornerstone of the aforementioned paradigm permutation. The advent of cloud computing has brought with it a multitude of new and exciting concepts that can complicate security demands exponentially. These security demands must be met to ensure user trust. This paper presents a user-oriented security auditing framework to establish the user trust by: a) allowing the cloud users to provide their security preferences for the desired cloud services; b) providing an auditing mechanism to validate the security controls and internal security policies of cloud service providers (CSPs) published in the cloud security alliance (CSA) STAR database; c) maintaining a database of CSPs along with their responses to the consensus assessments initiative questionnaire (CAIQ) as well as the certificates issued by the certificate authorities. Inderscience Publishers - linking academia, business and industry through research

Title: A user oriented cloud security evaluation framework

Authors: Syed Rizvi; Kelsey Karpinski; Brennen Kelly; Taryn Walker

Addresses: Department of Information Sciences and Technology, Pennsylvania State University, Altoona PA, 16601, USA ' Department of Information Sciences and Technology, Pennsylvania State University, Altoona PA, 16601, USA ' Department of Information Sciences and Technology, Pennsylvania State University, Altoona PA, 16601, USA ' Department of Information Sciences and Technology, Pennsylvania State University, Altoona PA, 16601, USA

Abstract: Recent trends within the IT industry have led to a tectonic shift in the way organisations utilise information systems to yield maximum efficiency. Cloud services are the cornerstone of the aforementioned paradigm permutation. The advent of cloud computing has brought with it a multitude of new and exciting concepts that can complicate security demands exponentially. These security demands must be met to ensure user trust. This paper presents a user-oriented security auditing framework to establish the user trust by: a) allowing the cloud users to provide their security preferences for the desired cloud services; b) providing an auditing mechanism to validate the security controls and internal security policies of cloud service providers (CSPs) published in the cloud security alliance (CSA) STAR database; c) maintaining a database of CSPs along with their responses to the consensus assessments initiative questionnaire (CAIQ) as well as the certificates issued by the certificate authorities.

Keywords: cloud computing; trust; security validation; third party auditor; TPA; cloud service providers; CSP; cloud service users; CSU; user oriented cloud security; security evaluation; security auditing; security preferences.

DOI: 10.1504/IJTMCC.2015.076966

International Journal of Trust Management in Computing and Communications, 2015 Vol.3 No.2, pp.168 - 192

Received: 04 Jul 2015
Accepted: 02 Feb 2016
Published online: 08 Jun 2016 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: A user oriented cloud security evaluation framework

Keep up-to-date