%0 Journal Article
%T Security Incident Information Exchange for Cloud Service Provisioning Chains
%A Christian Fr£¿ystad
%A Inger Anne T£¿ndel
%A Martin Gilje Jaatun
%J -
%D 2018
%R https://doi.org/10.3390/cryptography2040041
%X Abstract Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, we argue the need for commonly agreed-upon incident information exchanges between providers to improve accountability of CSPs, and present both such a format and a prototype implementing it. The solution can handle simple incident information natively as well as embed standard representation formats for incident-sharing, such as IODEF and STIX. Preliminary interviews show a desire for such a solution. The discussion considers both technical challenges and non-technical aspects related to improving the situation for incident response in cloud-computing scenarios. Our solution holds the potential of making incident-sharing more efficient. View Full-Tex
%K incident response
%K cloud computing
%K accountability
%U https://www.mdpi.com/2410-387X/2/4/41