期刊论文详细信息
Cryptography | |
Security Incident Information Exchange for Cloud Service Provisioning Chains | |
Frøystad, Christian1  | |
关键词: incident response; cloud computing; accountability; | |
DOI : 10.3390/cryptography2040041 | |
学科分类:工程和技术(综合) | |
来源: mdpi | |
![]() |
【 摘 要 】
Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, we argue the need for commonly agreed-upon incident information exchanges between providers to improve accountability of CSPs, and present both such a format and a prototype implementing it. The solution can handle simple incident information natively as well as embed standard representation formats for incident-sharing, such as IODEF and STIX. Preliminary interviews show a desire for such a solution. The discussion considers both technical challenges and non-technical aspects related to improving the situation for incident response in cloud-computing scenarios. Our solution holds the potential of making incident-sharing more efficient.【 授权许可】
CC BY
【 预 览 】
Files | Size | Format | View |
---|---|---|---|
RO201901221460898ZK.pdf | 4699KB | ![]() |