[Back]

S. Paudel:
"Security Engineering and Software Development for Critical Infrastructure IT in the Cloud";
Supervisor: I. Brandic, M. Tauber; Institut für Informationssysteme, Distributed Systems Group, 2014.

With the increasing popularity of cloud computing, security in cloud-based applications is gaining awareness and security is regarded as one of the most crucial factors for the long-term success
of such applications. Despite all the benefits of cloud computing, its fate lies in its success in gaining trust from its users that can be achieved only by ensuring safe and secure cloud environments.
The objective of this research is to evaluate currently existing security standards and tools for Critical Infrastructure (CI) in cloud computing with focus on software development standards and tools to discuss their applicability in this context and to discuss how they support development of secure software and system engineering. A show case for a surveillance video or image storage system is used to experiment with a software development tool. We have identified security issues from literature review and experimentation with the show case. We have developed a multidimensional taxonomy based on the identified security issues and the existing standards and tools. The development of a multidimensional taxonomy is based on open security issues for CI in the Cloud, points out multiple standards and tools, and map security
requirements to the available standards and tools. This multidimensional taxonomy will help software developers to identify appropriate means for creating secure cloud applications in CI
domain.
Publications
As part of this work two articles have been published and are available in IEEE digital library, one position paper about motivational aspects for this work and other paper regarding the show
case scenario focusing on multilayer cloud compliance considering technical and legal aspects.
A Journal paper is currently in preparation.
Sarita Paudel, Markus Tauber, Ivona Brandic. Security Standards Taxonomy for Cloud Applications in Critical Infrastructure IT. In: The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013). IEEE; 2013.
Markus Florian, Sarita Paudel, Markus Tauber. Trustworthy Evidence Gathering Mechanism for Multilayer Cloud Compliance. In: The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013). IEEE; 2013.