Journal of Information Technology and Architecture (정보화연구)

Korea Institute of Enterprise Architecture (한국엔터프라이즈아키텍처학회)
권호 표지

Vulnerability and Security Management System from the Perspective of the Cloud Service Users

클라우드 서비스 사용자 관점에서의 취약점과 보안관리체계

  • Choi, Young-Jin (Department of Medicine Management, Eulji University) ;
  • Ra, Jong-Hei (Department of Logistics & Distribution Management, Gwangju University) ;
  • Ky, Hong Pil (Department of Management, Korea Digital University) ;
  • Lee, Sang-Hak (National Information Society Agency)
  • 최영진 (을지대학교 의료경영학과) ;
  • 나종회 (광주대학교 물류유통경영학과) ;
  • 홍필기 (서울디지털대학교 경영학과) ;
  • 이상학 (한국정보화진흥원 스마트워크지원부)
  • Published : 2012.12.30
⟨ Previous Next ⟩

Abstract

There has been increased interest for cloud computing services that can promote cost savings while increasing investment in information resources. Cloud computing, however, has a disadvantage physically located in the external information resources to take advantage of the economic benefits, the advantages and increase the vulnerability of information protection and control of information assets. In this study, due to the unique properties of the new services, including vulnerability, the vulnerability of cloud computing derive the vulnerability of cloud computing and control items were derived through the mapping between vulnerability and control items, that are not being managed to identify vulnerabilities Cloud computing risk factors are presented.

정보자원에 대한 투자가 증가하면서 비용절감을 도모할 수 있는 클라우드 컴퓨팅 서비스에 대한 관심이 증가하고 있다. 그러나 클라우드 컴퓨팅은 경제적 이득이라는 장점과 함께 물리적으로 외부에 위치한 정보자원을 활용함에 의해 정보자산 통제와 정보보호의 취약점을 증가시킨다는 단점을 지니고 있다. 이에 본 연구에서는 클라우드 서비스의 고유속성으로 인한 새로운 취약점을 포함하여 클라우드 컴퓨팅의 취약점 도출과 클라우드 컴퓨팅의 취약점 통제항목을 도출한 후, 취약점과 통제항목간의 매핑을 통하여 관리되고 있지 않은 취약점을 파악하여 클라우드 컴퓨팅의 위험요인을 제시하였다.

Keywords

References

  1. 한국인터넷진흥원, "모바일 클라우드 서비스 보안 침해 대응방안 연구," 2010.
  2. Armbrust, Michael, Armando Fox, and Rean Griffith, "Above the Clouds: A Berkeley View of Cloud Computing," Berkeley EECS Department, University of California, 2008.
  3. Buyya, Rajkumar, Chee Shin Yeo, and Srikumar Venugopal, "Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities," International Conference on High Performance Computing and Communications, 2008.
  4. CIO Council, "Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies', 2010.
  5. Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1," December 2009.
  6. Cloud Security Alliance SecaaS, "Defined Categories of Service 2011," 2011.
  7. Danish Jamil, and Hassan Zaki, "Cloud Computing Security," International Journal of Engineering Science and Technology, Vol. 3 No. 4, pp. 3478- 3483, 2011.
  8. ENISA, "Cloud computing: benefits, risks and recommendations for information security," November 2009 (http://www.enisa.europa.eu)
  9. IDC, "IT Cloud Services User Survey, pt.2: Top Benefits & Challenges," 2008.
  10. J. Brodkin, "Gartner: Seven cloud-computing security risks," Infoworld, 2009.
  11. L Ertual, S Singhal, and G. Saldamli, "Security challenges in cloud computing," WORLDCOMP 2010, 2010.
  12. NIST Special Publication 500-293, "US Government Cloud Computing Technology Roadmap," 2011.
  13. NIST Special Publication 800-145, "The NIST Definition of Cloud Computing," 2011.
  14. NIST Special Publication 800-53A, "Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans," 2010.
  15. Pearson, S., "Taking account of privacy when designing cloud computing services," In ICSE Workshop on Software Engineering Challenges of Cloud Computing, Vancouver, Canada, May 2009, pp. 44-52.
  16. R. Chow, P. Golle, M. Jakobsson, E. Shi, et al., "Controlling data in the cloud: outsourcing computation without outsourcing control," Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW 2009), 2009.
  17. Vaquero, L., Rodero-Merino, L., and Mor, D., "Locking the sky: a survey on IaaS cloud security," Computing, 91, pp. 93-118, 2011. https://doi.org/10.1007/s00607-010-0140-x
  18. Wang, Wang, Tao Tao, and Marcel Kunze, "Scientific Cloud Computing: Early Definition and Experience," High Performance Computing and Communications, 2008.
  19. Yuefa, D. W. Bo, G. Yaqiang, Z. Quan, and T. Chaojing, "Data Security Model for Cloud Computing," Proceeding of the 2009 International Workshop on Information Security and Application (IWISA 2009) Qingdao, China, 2009.