Abstract | ||
---|---|---|
Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, we argue the need for commonly agreed-upon incident information exchanges between providers to improve accountability of CSPs, and present both such a format and a prototype implementing it. The solution can handle simple incident information natively as well as embed standard representation formats for incident-sharing, such as IODEF and STIX. Preliminary interviews show a desire for such a solution. The discussion considers both technical challenges and non-technical aspects related to improving the situation for incident response in cloud-computing scenarios. Our solution holds the potential of making incident-sharing more efficient. |
Year | DOI | Venue |
---|---|---|
2018 | 10.3390/cryptography2040041 | CRYPTOGRAPHY |
Keywords | DocType | Volume |
incident response, cloud computing, accountability | Journal | 2 |
Issue | Citations | PageRank |
4 | 0 | 0.34 |
References | Authors | |
0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Christian Frøystad | 1 | 0 | 0.68 |
Inger Anne Tøndel | 2 | 120 | 20.81 |
Martin Gilje Jaatun | 3 | 482 | 63.81 |