Abstract
Cloud- and service-oriented computing paradigms are intrinopaque to their users, as they cannot inspect providers’ implementations, and important concerns about aspects like security, compliance, dependability can arise. Therefore, users have to make trust decisions with respect to software providers, with the hope that there will not be any detrimental consequences. To contrast this situation, the paper proposes a framework to define, assess, monitor and make explicit the elements of a service that render it trustworthy. This paper relies on a number of recent scientific contributions, and aims at supporting informed decisions on obscure service implementations by machine-understandable statements about their objective (trustworthiness) characteristics. Such statements would innovate upon many aspects of service operations, from discovery to composition, deployment and monitoring. To demonstrate this, the paper presents a concept for a Trustworthy Service Marketplace.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
see for examples http://www.commoncriteriaportal.org/pps/
References
Gartner: Forecast overview: Public cloud services, report G00234817 (2012)
Lotz, V., Kaluvuri, S., Di Cerbo, F., Sabetta, A.: Towards security certification schemas for the internet of services. In: 5th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5 (2012)
Gol Mohammadi, N., Paulus, S., Bishr, M., Metzger, A., Koennecke, H., Hartenstein, S., Pohl, K.: An analysis of software quality attributes and their contribution to trustworthiness. In: 3rd International Conference on Cloud Computing and Service Science (CLOSER), Special Session on Security Governance and SLAs in Cloud Computing-CloudSecGov, available in SCITEPRESS Digital Library, to appear in Springer, SSRI, Aachen (2013)
Paulus, S., Gol Mohammadi, N., Weyer, T.: Trustworthy software development. In: De Decker, B., Dittmann, J., Kraetzer, C., Vielhauer, C. (eds.) CMS 2013. LNCS, vol. 8099, pp. 233–247. Springer, Heidelberg (2013)
Kaluvuri, S., Koshutanski, H., Di Cerbo, F., Mãna, A.: Security assurance of services through digital security certificates. In: 2013 IEEE 20th International Conference on Web Services (ICWS), pp. 539–546. IEEE (2013)
Mei, H., Huang, G., Xie, T.L.: Internetware: a software paradigm for internet computing. Computer 45(6), 2631 (2012) [Online]. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6197170
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)
Li, M., Li, J., Song, H., Wu, D.: Risk management in the trustworthy software process: a novel risk and trustworthiness measurement model framework. In: Fifth International Joint Conference on INC, IMS and IDC, 2009. NCM’09, pp. 214–219 (2009)
Basili, V.R., Rombach, H.D.: The TAME project: towards improvement-oriented software environments. IEEE Trans. Softw. Eng. 14(6), 758–773 (1988)
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering, vol. 7. Wiley, New York (2006)
Paulus, S.: Basiswissen sichere software, report (2010)
Szyperski, C., Gruntz, D., Murer, S.: Component Software: Beyond Object-Oriented Programming. Addison-Wesley, New York (2002)
The Common Criteria Recognition Agreement: Part 1: Introduction and general model, September 2012, version 3.1 revision 4. NIST, vol. 49, p. 93 (2012) [Online]. http://www.commoncriteriaportal.org/cc
IBM Corporation: An architectural blueprint for autonomic computing, report (2006)
Acknowledgment.
This work was partly supported by the EU-funded project OPTET [grant no. 317631].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Di Cerbo, F. et al. (2013). Towards Trustworthiness Assurance in the Cloud. In: Felici, M. (eds) Cyber Security and Privacy. CSP 2013. Communications in Computer and Information Science, vol 182. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41205-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-41205-9_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41204-2
Online ISBN: 978-3-642-41205-9
eBook Packages: Computer ScienceComputer Science (R0)