CSSR: Cloud Services Security Recommender


The emerging paradigm of cloud computing (CC) presents many security risks that can potentially and adversely impact any one of the plethora of stakeholders. The widespread deployment and service models of CC in addition to the wide variety of stakeholders make it difficult to comprehend security and privacy (S&P). In this paper, we present CSSR1, a Cloud Services Security Recommender tool. CSSR codifies a stakeholder-oriented taxonomy. The goal for CSSR is to identify the various S&P risks for the kaleidoscope of different CC models from the stakeholder's perspective. CSSR will recommend a comprehensive list of S&P attributes that must be considered as controls necessary to minimize the CC attack surface. By identifying the S&P concerns that are unique to the particular usage scenarios (again from a stakeholder perspective), CSSR provides a comprehensive basis from which to choose alternative security solutions. This model then provides a structured and well-informed process of mitigating risk as envisioned by each and every stakeholder based on their needs.

Publication Title

Proceedings - 2016 IEEE World Congress on Services, SERVICES 2016