Model for IaaS Security Model: MISP Framework

2021 International Conference on Intelligent Technologies (CONIT) Pub Date : 2021-06-25 DOI:10.1109/CONIT51480.2021.9498375

Indra Kumar Sahu, M. Nene

{"title":"Model for IaaS Security Model: MISP Framework","authors":"Indra Kumar Sahu, M. Nene","doi":"10.1109/CONIT51480.2021.9498375","DOIUrl":null,"url":null,"abstract":"Cloud computing offers plenty of services having benefits of cost cutting, flexibility, availability, elasticity and pay per use for cloud users and centralized control, safety and management for Cloud Service Providers (CSP). Out of several service models, Infrastructure-as-a-Service (IaaS) preludes by offering access to computing resources like CPUs, servers, network devices through software like APIs, UIs and GUIs over the internet. Along with numerous merits of IaaS, there exist several security and privacy issues and threats to Confidentiality, Integrity and Authentication (CIA) triad. In this paper, we explore security and privacy issues related to IaaS components through rigorous study and determine counter measures for the same. Furthermore, with the help of MITRE ATT&CK knowledge base, a Model for IaaS Security and Privacy: MISP framework is proposed. The framework is exhibited as a multidimensional structure, each dimension having different parameters. This leads to addition of important features currently missing in the existing models. The proposed framework enhances security and privacy in IaaS model and guides for safer adoption of the delivery model by organizations and enterprises.","PeriodicalId":426131,"journal":{"name":"2021 International Conference on Intelligent Technologies (CONIT)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Intelligent Technologies (CONIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CONIT51480.2021.9498375","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Cloud computing offers plenty of services having benefits of cost cutting, flexibility, availability, elasticity and pay per use for cloud users and centralized control, safety and management for Cloud Service Providers (CSP). Out of several service models, Infrastructure-as-a-Service (IaaS) preludes by offering access to computing resources like CPUs, servers, network devices through software like APIs, UIs and GUIs over the internet. Along with numerous merits of IaaS, there exist several security and privacy issues and threats to Confidentiality, Integrity and Authentication (CIA) triad. In this paper, we explore security and privacy issues related to IaaS components through rigorous study and determine counter measures for the same. Furthermore, with the help of MITRE ATT&CK knowledge base, a Model for IaaS Security and Privacy: MISP framework is proposed. The framework is exhibited as a multidimensional structure, each dimension having different parameters. This leads to addition of important features currently missing in the existing models. The proposed framework enhances security and privacy in IaaS model and guides for safer adoption of the delivery model by organizations and enterprises.

查看原文本刊更多论文

IaaS安全模型:MISP框架

云计算为云用户提供了大量具有成本削减、灵活性、可用性、弹性和按次付费等优点的服务，并为云服务提供商(CSP)提供了集中控制、安全性和管理。在几种服务模型中，基础设施即服务(IaaS)首先通过互联网上的api、ui和gui等软件提供对cpu、服务器、网络设备等计算资源的访问。除了IaaS的众多优点之外，还存在一些安全和隐私问题，以及对机密性、完整性和身份验证(CIA)三元组的威胁。在本文中，我们通过严格的研究，探讨了与IaaS组件相关的安全和隐私问题，并确定了相应的对策。在此基础上，利用MITRE at&ck知识库，提出了IaaS安全与隐私:MISP框架模型。该框架表现为一个多维结构，每个维度都有不同的参数。这将导致添加现有模型中当前缺失的重要特性。建议的框架增强了IaaS模型中的安全性和隐私性，并为组织和企业更安全地采用交付模型提供了指导。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 International Conference on Intelligent Technologies (CONIT)

自引率

0.00%

发文量