Skip to main content
SpringerLink
Log in
Book cover

Summer School on Accountability and Security in the Cloud

A4Cloud 2014: Accountability and Security in the Cloud pp 275–288Cite as

Standards for Accountability in the Cloud

  • Chapter
  • First Online:

  • 1408 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8937))

Abstract

This paper examines the role of standards in the cloud with a particular focus on accountability, in the context of the A4Cloud Project (Accountability for the Cloud). To this end, we first provide a general overview of standards, what they are and how we can categorize them, as illustrated by a few cloud-specific examples. Next, we examine the intersection between standards and accountability, by highlighting how standards influence the A4Cloud Project and reciprocally how the A4Cloud Project aims to influence accountability related standards. We argue that specification standards can foster interoperability for the purpose of accountability, thereby making accountability more automated and pervasive. Finally, we take a closer look at a particular accountability requirement: the continuous monitoring of the compliance of cloud services. This is an area of great interest for standardization, which faces many research challenges.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://www.ieee.org/education_careers/education/standards/standards_glossary.html.

  2. 2.

    https://en.wikipedia.org/wiki/Videotape_format_war.

  3. 3.

    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF.

  4. 4.

    http://www.cencenelec.eu/research/innovation/standardstypes/Pages/default.aspx.

  5. 5.

    See for example the ISO/IEC 27017 or ISO/IEC 17788 discussed in Sect. 3.1.

  6. 6.

    For example http://www.asd.gov.au/publications/Mitigation_Strategies_2014.pdf.

  7. 7.

    https://cloudsecurityalliance.org/research/ccm/.

  8. 8.

    https://cloudsecurityalliance.org/star/.

  9. 9.

    https://aws.amazon.com/ec2/.

  10. 10.

    https://aws.amazon.com/s3/.

  11. 11.

    See http://www.openstack.org/, https://www.eucalyptus.com/, http://opennebula.org/ and https://cloudstack.apache.org/.

  12. 12.

    http://openid.net/.

  13. 13.

    http://www.realvnc.com/docs/rfbproto.pdf.

  14. 14.

    http://occi-wg.org/.

  15. 15.

    http://techblog.netflix.com/search/label/cloud%20architecture.

  16. 16.

    From the IEEE Standards Glossary. https://www.ieee.org/education_careers/education/standards/standards_glossary.html.

  17. 17.

    http://ec.europa.eu/digital-agenda/en/european-cloud-computing-strategy.

  18. 18.

    https://cloudsecurityalliance.org/research/ctp/.

  19. 19.

    See the SPECS Fp7 project. http://specs-project.eu/.

  20. 20.

    See the CUMULUS FP7 project. http://www.cumulus-project.eu/.

  21. 21.

    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF

References

  1. ISO/IEC/IEEE 29119-1:2013, Software and systems engineering—Software testing—Part 1: Concepts and definitions, Aug 2013

    Google Scholar 

  2. International Organization for Standardization. ISO/IEC 27002: Information Technology, Security Techniques, Code of Practice for Information Security Management. ISO/IEC 2005

    Google Scholar 

  3. International Organization for Standardization. ISO/IEC 27001:2013 Information technology—Security techniques—Information security management systems-Requirements. ISO/IEC 2013

    Google Scholar 

  4. Hogben, G., Dekker, M. (eds.) Procure Secure, A guide to monitoring of security service levels in cloud contracts, ENISA 2012

    Google Scholar 

  5. Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: NIST cloud computing reference architecture. NIST special publication, 500, 292 (2011)

    Google Scholar 

  6. Hogben, G., Pannetrat, A.: Mutant Apples: A critical examination of cloud SLA availability definitions. In: IEEE 5th international conference Cloud Computing Technology and Science (CloudCom), Dec 2013

    Google Scholar 

  7. Ardagna, C.A., Bussard, L., De Capitani Di Vimercati, S., Neven, G., Paraboschi, S., Pedrini, E., Preiss, S., Raggett, D., Samarati, P., Trabelsi, S., Verdicchio, M.: Primelife policy language (2009). http://www.w3.org/2009/policy-ws/papers/Trabelisi.pdf

  8. OASIS Standard. eXtensible Access Control Markup Language (XACML) Version 3.0, 22 Jan 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html

  9. ISO/IEC NP 19086, Information technology – Distributed application platforms and services – Cloud computing – Service level agreement (SLA) framework and terminology, under development, Nov 2013

    Google Scholar 

  10. European Commision: Cloud Service Level Agreement Standardisation Guidelines. Technical Report, Cloud Select Industry Group (C-SIG), June 2014. https://ec.europa.eu/digital-agenda/en/news/cloud-service-level-agreement-standardisation-guidelines

  11. National Institute of Standards and Technology: NIST Cloud Computing: Cloud Service Metrics Description (RATAX). Working document 2014

    Google Scholar 

  12. International Organization for Standardization. ISO/IEC 19464:2014 Information technology – Advanced Message Queuing Protocol (AMQP) v1.0 specification. ISO/IEC, 2014

    Google Scholar 

  13. Network Working Group of the IETF, Jan 2006, RFC 4252, The Secure Shell (SSH) Authentication Protocol

    Google Scholar 

  14. International Organization for Standardization. ISO/IEC 17203:2011 “Open Virtualization Format”. ISO/IEC 2011

    Google Scholar 

  15. Storage Networking Industry Association, “Cloud Data Management Interface”, Version 1, 12 April 2010

    Google Scholar 

  16. A4Cloud: Deliverable D:A-5.1 Report on A4Cloud contribution to standards, Sept 2014

    Google Scholar 

  17. ETSI: Cloud Standards Coordination – Final Report, Version 1, Nov 2013

    Google Scholar 

  18. International Organization for Standardization. ISO/IEC DIS 17788: Information technology—Cloud computing—Overview and vocabulary, Under development. ISO/IEC JTC 1/SC 38

    Google Scholar 

  19. International Organization for Standardization. ISO/IEC DIS 17789: Information technology – Cloud computing – Reference architecture, Under development. ISO/IEC JTC 1/SC 38

    Google Scholar 

  20. Drago, I., Mellia, M., Munafo, M.M., Sperotto, A., Sadre, R., Pras, A.: Inside dropbox: Understanding personal cloud storage services. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference (IMC 2012), pp. 481–494. ACM, New York (2012)

    Google Scholar 

  21. Alain, P., Vasilis, T., Daniele C. D:C-3.1 Requirements for cloud interoperability. A4Cloud public deliverable. Nov 2013

    Google Scholar 

  22. European Commission: Cloud Service Level Agreement Standardisation Guidelines. Technical Report, Cloud Select Industry Group (C-SIG), June 2014

    Google Scholar 

  23. Massimo, F., Theofrastos, K., Siani, P.: Accountability for data governance in cloud ecosystems. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2, pp. 327–332, 2–5 Dec 2013

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cloud Security Alliance, Edinburgh, Scotland, UK

    Alain Pannetrat & Jesus Luna

Authors
  1. Alain Pannetrat
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jesus Luna
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alain Pannetrat .

Editor information

Editors and Affiliations

  1. HP Labs, Bristol, United Kingdom

    Massimo Felici

  2. University of Malaga, Malaga, Spain

    Carmen Fernández-Gago

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Pannetrat, A., Luna, J. (2015). Standards for Accountability in the Cloud. In: Felici, M., Fernández-Gago, C. (eds) Accountability and Security in the Cloud. A4Cloud 2014. Lecture Notes in Computer Science(), vol 8937. Springer, Cham. https://doi.org/10.1007/978-3-319-17199-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17199-9_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17198-2

  • Online ISBN: 978-3-319-17199-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation