Visible to the public Evidence-Based Security Configurations for Cloud Datastores

TitleEvidence-Based Security Configurations for Cloud Datastores
Publication TypeConference Paper
Year of Publication2017
AuthorsPallas, Frank, Bermbach, David, Müller, Steffen, Tai, Stefan
Conference NameProceedings of the Symposium on Applied Computing
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4486-9
Keywordscloud storage, composability, data in transit security, Human Behavior, Metrics, performance benchmarking, pubcrawl, relational database security, resilience, Resiliency, security configurations, Trade-Offs

Cloud systems offer a diversity of security mechanisms with potentially complex configuration options. So far, security engineering has focused on achievable security levels, but not on the costs associated with a specific security mechanism and its configuration. Through a series of experiments with a variety of cloud datastores conducted over the last years, we gained substantial knowledge on how one desired quality like security can have a significant impact on other system qualities like performance. In this paper, we report on select findings related to security-performance trade-offs for three prominent cloud datastores, focusing on data in transit encryption, and propose a simple, structured approach for making trade-off decisions based on factual evidence gained through experimentation. Our approach allows to rationally reason about security trade-offs.

Citation Keypallas_evidence-based_2017