Cloud computing has been adopted widely, providing on-demand computing resources to improve performance and reduce operational costs. However, these new functionalities also bring new ways to exploit the cloud computing environment. To assess the security of the cloud, graphical security models can be used, such as Attack Graphs and Attack Trees. However, existing models do not consider all types of threats, and also automating the security assessment functions are difficult. In this paper, we propose a new security assessment tool for the cloud named CloudSafe, an automated security assessment for the cloud. The CloudSafe tool collates various tools and frameworks to automate the security assessment process. To demonstrate the applicability of the CloudSafe, we conducted security assessment in Amazon AWS, where our experimental results showed that we can effectively gather security information of the cloud and carry out security assessment to produce security reports. Users and cloud service providers can use the security report generated by the CloudSafe to understand the security posture of the cloud being used/provided.
|Title of host publication||Proceedings 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)|
|Place of Publication||United States|
|Publisher||IEEE, Institute of Electrical and Electronics Engineers|
|Number of pages||8|
|Publication status||Published - 2019|
|Event||18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE 2019) - Rotorua, New Zealand|
Duration: 5 Aug 2019 → 8 Aug 2019
|Conference||18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE 2019)|
|Abbreviated title||TrustCom/BigDataSE 2019|
|Period||5/08/19 → 8/08/19|
|Other||The 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications / 13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE) 2019 Conference and Exhibition will be held in Rotorua, New Zealand from 5 - 8 August, 2019.|
It follows the success of TrustCom’18 in New York, United States of America, TrustCom'17 in Sydney, Australia, TrustCom'16 in Tianjin, China, TrustCom'15 in Helsinki, Finland, TrustCom'14 in Beijing, China, TrustCom'13 in Melbourne, Australia, TrustCom'12 in Liverpool, United Kingdom, and so on. The conference aims at bringing together researchers and practitioners in the world working on trusted computing and communications, with regard to trust, security, privacy, reliability, dependability, survivability, availability, and fault tolerance aspects of computer systems and networks, and providing a forum to present and discuss emerging ideas and trends in this highly challenging research field.