Skip to main content
SpringerLink
Log in

Security Certification for the Cloud: The CUMULUS Approach

  • Chapter
  • First Online:
Guide to Security Assurance for Cloud Computing

Part of the book series: Computer Communications and Networks ((CCN))

  • 997 Accesses

Abstract

This chapter presents a certification-based assurance solution for the cloud, which has been developed as part of the FP7 EU Project CUMULUS. It provides an overview of the CUMULUS certification models, which are at the basis of the certification processes implemented and managed by the CUMULUS certification framework. Certification models drive the collection of evidence used by the framework to assess whether the system under certification supports required security properties, and generate and manage certificates proving compliance to such properties (certification process). Collected evidence can be of different types (i.e., test-based, monitoring-based, and trusted computing-based evidence) and addresses the peculiarities of cloud environments. The framework also supports continuous and incremental evaluation of services in the production cloud.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Anisetti M, Ardagna CA, Damiani E (2015) A test-based incremental security certification scheme for cloud-based systems. In: Proceedings of the 12th IEEE international conference on services computing (SCC 2015), New York, June–July 2015

    Google Scholar 

  2. Anisetti M, Ardagna CA, Damiani E (2014) A certification-based trust model for autonomic cloud computing systems. In: Proceedings of the IEEE conference on cloud autonomic computing (CAC 2014), London, Sept 2014

    Google Scholar 

  3. CUMULUS Consortium (2015) Deliverable D5.3 – CUMULUS framework architecture v2. Available at http://www.cumulus-project.eu/index.php/public-deliverables

  4. Harjani R, Arjona M, Espinar J, Maña A, Muñoz A, Koshutanski H (2014) An integrated framework for multi-layer certification-based assurance. In: Proceedings of the 8th layered assurance workshop (LAW 2014), New Orleans, Dec 2014

    Google Scholar 

  5. CUMULUS Consortium (2015) Deliverable D4.3 – CUMULUS-aware engineering process specification v2. Available at http://www.cumulus-project.eu/index.php/public-deliverables

  6. CUMULUS Consortium (2015) Deliverable D3.3 – certification mechanisms for incremental and hybrid certification. Available at http://www.cumulus-project.eu/index.php/public-deliverables

  7. Trusted Computing Group, TPM main specification. http://www.trustedcomputinggroup.org/resources/tpm_main_specification

  8. CUMULUS Consortium (2015) Deliverable D2.4 – final CUMULUS certification models. Available at http://www.cumulus-project.eu/index.php/public-deliverables

  9. CUMULUS Consortium (2013) Deliverable D2.1 – security-aware SLA specification language and cloud security dependency model. Available at http://www.cumulus-project.eu/index.php/public-deliverables

  10. Spanoudakis G, Kloukinas C, Mahbub K (2009) The serenity runtime monitoring framework. In: Spanoudakis G, Kokolakis S (eds) Security and dependability for ambient intelligence. Springer, New York/US, pp 213–237

    Chapter  Google Scholar 

  11. Shanahan M The event calculus explained (1999) In: Wooldridge MJ, Veloso M (eds) Artificial intelligence today. Springer, Berlin Heidelberg, Germany, pp 409–430

    Google Scholar 

  12. Krotsiani M, Spanoudakis G, Mahbub K (2013) Incremental certification of cloud services. In: Proceedings of the 7th international conference on emerging security information, systems and technologies (SECURWARE-2013), Barcelona, Aug 2013

    Google Scholar 

  13. Krotsiani M, Spanoudakis G (2014) Continuous certification of non-repudiation in cloud storage services. In: Proceedings of the 4th IEEE international symposium on trust and security in cloud computing (IEEE TSCloud 2014), Beijing, Sept 2014

    Google Scholar 

  14. Irvine C, Levin T (1999) Toward a taxonomy and costing method for security services. In: Proceedings of the 15th annual conference on computer security applications (ACSAC 1999), Phoenix, Dec 1999

    Google Scholar 

  15. Chung L, Nixon BA (1995) Dealing with non-functional requirements: three experimental studies of a process-oriented approach. In: Proceedings of the 17th international conference on software engineering (ICSE 1995), Seattle, Apr 1995

    Google Scholar 

  16. Chung L, Leite JCP (2009) Conceptual modeling: foundations and applications. chapter on non-functional requirements in software engineering. Springer, Berlin/Heidelberg, pp 363–379

    Google Scholar 

  17. Anisetti M, Ardagna CA, Damiani E, Saonara F (2013) A test-based security certification scheme for web services. ACM Trans Web (TWEB) 7(2):1–41

    Article  Google Scholar 

  18. Trusted Computing Group (2011) Virtualized trusted platform architecture specification, Sept 2011. http://www.trustedcomputinggroup.org/resources/virtualized_trusted_platform_architecture_specification

  19. Katopodis S, Spanoudakis G, Mahbub K (2014) Towards hybrid cloud service certification models. In: Proceedings of the IEEE international conference on services computing (SCC 2014), Anchorage, June–July 2014

    Google Scholar 

  20. Anisetti M, Ardagna CA, Damiani E (2013) Security certification of composite services: a test-based approach. In: Proceedings of the 20th IEEE international conference on Web services (ICWS 2013), San Francisco, June–July 2013

    Google Scholar 

  21. Pearson S (2011) Toward accountability in the cloud. IEEE Internet Comput 15(4):64–69

    Article  Google Scholar 

  22. Rasheed H (2013) Data and infrastructure security auditing in cloud computing environments. Int J Inf Manag 34(3):364–368

    Article  MathSciNet  Google Scholar 

  23. Doelitzscher F, Reich C, Knahl M, Passfall A, Clarke N (2012) An agent based business aware incident detection system for cloud environments. J Cloud Comput 1(1):1–19

    Article  Google Scholar 

  24. Rajkumar MN, Kumar VV, Sivaramakrishnan R (2013) Efficient integrity auditing services for cloud computing using raptor codes. In: Proceedings of the ACM international conference on research in adaptive and convergent systems (RACS 2013), Montreal, Oct 2013

    Google Scholar 

  25. Yang K, Jia X (2013) An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Trans Parallel Distrib Syst 24(9):1717–1726

    Article  Google Scholar 

  26. Wang B, Li B, Li H (2014) Oruta: privacy-preserving public auditing for shared data in the cloud. IEEE Trans Cloud Comput 2(1):43–56

    Article  Google Scholar 

  27. CSA (2014) CloudAudit: automated audit, assertion, assessment, and assurance. https://cloudsecurityalliance.org/research/cloudaudit/

  28. Wieder P, Butler JM, Theilmann W, Yahyapour R (2011) Service level agreements for cloud computing. Springer, Dortmund, Germany

    Book  Google Scholar 

  29. Ye L, Zhang H, Shi J, Du X (2012) Verifying cloud service level agreement. In: Proceedings of IEEE GLOBECOM 2012, Anaheim, Dec 2012

    Google Scholar 

  30. Casalicchio E, Silvestri L (2013) Mechanisms for sla provisioning in cloud-based service providers. Comput Netw 57(3):795–810

    Article  Google Scholar 

  31. Marinescu DC, Paya A, Morrison JP, Healy PD (2013) An auction-driven self-organizing cloud delivery model. CoRR, abs/1312.2998

    Google Scholar 

  32. USA Department of Defence (1985) Department Of defense trusted computer system evaluation criteria, Dec 1985

    Google Scholar 

  33. Herrmann DS (2002) Using the common criteria for IT security evaluation. Auerbach publications/CRC press, London

    Book  Google Scholar 

  34. Kourtesis D, Ramollari E, Dranidis D, Paraskakis I (2010) Increased reliability in SOA environments through registry-based conformance testing of web services. Prod Plan Control 21(2):130–144

    Article  Google Scholar 

  35. Ryu SH, Casati F, Skogsrud H, Betanallah B, Saint-Paul R (2008) Supporting the dynamic evolution of Web service protocols in service-oriented architectures. ACM Trans Web 2(2):13:1–13:46

    Google Scholar 

  36. Papazoglou MP, Andrikopoulos V, Benbernou S (2011) Managing evolving services. IEEE Softw 28(3):49–55

    Article  Google Scholar 

  37. Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Priv 9(2):50–57

    Article  Google Scholar 

  38. Sunyaev A, Schneider S (2013) Cloud services certification. Commun ACM 56(2):33–36

    Article  Google Scholar 

  39. Khan KM, Malluhi Q (2010) Establishing trust in cloud computing. IT Prof 12(5):20–27

    Article  Google Scholar 

  40. Bertholon B, Varrette S, Bouvry P (2011) Certicloud: a novel tpm-based approach to ensure cloud iaas security. In: Proceedings of the 4th IEEE international conference on cloud computing (CLOUD 2011), Washington, July 2011

    Google Scholar 

Download references

Acknowledgements

The work presented in this chapter has been partially funded by the EU FP7 project CUMULUS (grant no 318580).

Author information

Authors and Affiliations

  1. DI – Università degli Studi di Milano, Milano, Italy

    Marco Anisetti, Claudio A. Ardagna & Ernesto Damiani

  2. University of Malaga, Malaga, Spain

    Antonio Maña & Hristo Koshutanski

  3. City University of London, London, UK

    George Spanoudakis & Luca Pino

Authors
  1. Marco Anisetti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Claudio A. Ardagna
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ernesto Damiani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Antonio Maña
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. George Spanoudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Luca Pino
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Hristo Koshutanski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marco Anisetti .

Editor information

Editors and Affiliations

  1. University of Derby, Department of Computing and Mathematics, Derby, United Kingdom

    Shao Ying Zhu

  2. University of Derby, Department of Computing and Mathematics, Derby, United Kingdom

    Richard Hill

  3. University of Derby, Department of Computing and Mathematics, Derby, United Kingdom

    Marcello Trovati

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Anisetti, M. et al. (2015). Security Certification for the Cloud: The CUMULUS Approach. In: Zhu, S., Hill, R., Trovati, M. (eds) Guide to Security Assurance for Cloud Computing. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-25988-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25988-8_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25986-4

  • Online ISBN: 978-3-319-25988-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation