Security Incident Information Exchange for Cloud Services

Christian Frøystad, Erlend Andreas Gjære, Inger Anne Tøndel, Martin Gilje Jaatun


The complex provider landscape in cloud computing makes incident handling difficult, as Cloud Service Providers (CSPs) with end-user customers do not necessarily get sufficient information about incidents that occur at upstream CSPs. In this paper, we argue the need for commonly agreed-upon incident information exchanges between providers as a means to improve accountability of CSPs. The discussion considers several technical challenges and non-technical aspects related to improving the situation for incident response in cloud computing scenarios. In addition, we propose a technical implementation which can embed standard representation formats for incidents in notification messages, built over a publish-subscribe architecture, and a web-based dashboard for handling the incident workflow.


  1. Bandyopadhyay, T., Mookerjee, V. S., and Rao, R. C. (2009). Why it managers don't go for cyber-insurance products. Commun. ACM, 52(11):68-73.
  2. Barnum, S. (2012). Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX). Technical report, The MITRE Corporation.
  3. Cain, P. and Jevans, D. (2010). Extensions to the IODEFDocument Class for Reporting Phishing. Technical report, IETF.
  4. Cichonski, P., Millar, T., Grance, T., and Scarfone, K. (2012). Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology, 800-61. Revision 2. Technical report, National Institute of Standards and Technology.
  5. Cusick, J. J. and Ma, G. (2010). Creating an ITIL inspired Incident Management approach: Roots, response, and results. In Network Operations and Management Symposium Workshops (NOMS Wksps), 2010 IEEE/IFIP, pages 142-148. Ieee.
  6. Danyliw, R., Meijer, J., and Demchenko, Y. (2007). The Incident Object Description Exchange Format.
  7. ENISA (2015). Information disclosure.
  8. EuropeanUnion (2013). Commission regulation (eu) no 611/2013 of 24 june 2013 on the measures applicable to the notification of personal data breaches under directive 2002/58/ec of the european parliament and of the council on privacy and electronic communications. Technical report.
  9. Floodeen, R., Haller, J., and Tjaden, B. (2013). Identifying a shared mental model among incident responders. Proceedings - 7th International Conference on IT Security Incident Management and IT Forensics, IMF 2013, pages 15-25.
  10. Frøystad, C. (2014). Exchange of security incident information in the context of cloud services. NTNU Minor Thesis Report.
  11. Gamma, E., Helm, R., Johnson, R., and Vlissides, J. (1994). Design patterns: elements of reusable object-oriented software. Pearson Education.
  12. Gjaere, E. A., Per, H., and Vilarinho, T. (2014). Notification Support Infrastructure for Self-Adapting Composite Services. In DEPEND 2014, The Seventh International Conference on Dependability, number c, pages 17-24, Lisbon, Portugal.
  13. Greenleaf, G. (2012). The influence of European data privacy standards outside Europe: implications for globalization of Convention 108. International Data Privacy Law, 2(2):68-92.
  14. Grobauer, B. and Schreck, T. (2010). Towards Incident Handling in the Cloud :. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, pages 77-85, Chicago, Illinois, USA. ACM.
  15. Horne, B. (2014). On Computer Security Incident Response Teams. Security & Privacy, IEEE, 12(October 2014):13-15.
  16. Jaatun, M. G. and Tøndel, I. A. How much cloud can you handle? In ARES 2015.
  17. Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S., Gritzalis, S., and Kavakli, E. (2014). Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts. Computer Standards & Interfaces, 36(4):759-775.
  18. Metzger, S., Hommel, W., and Reiser, H. (2011). Integrated Security Incident Management - Concepts and RealWorld Experiences. In 2011 Sixth International Conference on IT Security Incident Management and IT Forensics, pages 107-121. Ieee.
  19. Schneier, B. (2014). The Future of Incident Response. Security & Privacy, IEEE, 12(October):95-96.
  20. SINTEF-Infosec (2016). SINTEF-Infosec/IncidentInformation-Sharing-Tool. [Online; accessed 2015-12-14.
  21. The MITRE Corporation (2015). CybOX - Cyber Observable eXpression.
  22. Torres, A. (2014). Incident Response : How to Fight Back A SANS Survey.
  23. US-CERT (2014). Federal incident notification guidelines. Technical report.
  24. US-CERT (2015). Traffic Light Protocol (TLP) Matrix and Frequently Asked Questions.

Paper Citation

in Harvard Style

Frøystad C., Gjære E., Tøndel I. and Jaatun M. (2016). Security Incident Information Exchange for Cloud Services . In Proceedings of the International Conference on Internet of Things and Big Data - Volume 1: IoTBD, ISBN 978-989-758-183-0, pages 391-398. DOI: 10.5220/0005953803910398

in Bibtex Style

author={Christian Frøystad and Erlend Andreas Gjære and Inger Anne Tøndel and Martin Gilje Jaatun},
title={Security Incident Information Exchange for Cloud Services},
booktitle={Proceedings of the International Conference on Internet of Things and Big Data - Volume 1: IoTBD,},

in EndNote Style

JO - Proceedings of the International Conference on Internet of Things and Big Data - Volume 1: IoTBD,
TI - Security Incident Information Exchange for Cloud Services
SN - 978-989-758-183-0
AU - Frøystad C.
AU - Gjære E.
AU - Tøndel I.
AU - Jaatun M.
PY - 2016
SP - 391
EP - 398
DO - 10.5220/0005953803910398