Abstract
In this paper, we present a novel approach to cloud service security certification. This approach could be used to: (a) define and execute automatically certification models, which can continuously and incrementally acquire and analyse evidence regarding the provision of services on cloud infrastructures through continuous monitoring; (b) use this evidence to assess whether the provision is compliant with required security properties; and (c) generate and manage digital certificates confirming the compliance of services if the acquired evidence supports this. We also present the results of an initial experimental evaluation of our approach based on the MySQL server and RUBiS benchmark.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anisetti, M., Ardagna, C. A. and Damiani, E.: A certification-based trust model for autonomic cloud computing systems. In: Int. Conf. on Cloud and Autonomic Computing (CAC 2014), London, UK (2014)
Ardagna, C.A., Asal, R., Damiani, E., Vu, Q.V.: From Security to Assurance in the Cloud: A Survey. ACM Computing Surveys (CSUR) 48(1), Article 2, July 2015
Barham, P., et al.: Xen and the art of virtualization. ACM SIGOPS Operating Systems Review 37(5) (2003). ACM
Bezzi, M., Sabetta, A., Spanoudakis, G.: An architecture for certification-aware service discovery. In: 1st Int. IEEE Workshop on Securing Services on the Cloud, pp. 14–21 (2011)
Cloud Security Alliance, Cloud Controls Matrix. https://cloudsecurityalliance.org/research/ccm/
COBIT, IT Assurance Guide: Using COBIT, Control Objectives for Information and related Technology. Information Systems Audit and Control Association (2007)
Common Criteria (CC) for Information Technology Security Evaluation, CCDB USB Working Group, 2012, part 1-3. http://www.commoncriteriaportal.org
CSA: Open Certification Framework. https://cloudsecurityalliance.org/research/ocf/
Database Management System Protection Profile, Issue 2.1, May 2000. http://www.commoncriteriaportal.org/files/ppfiles/T129%20-%20PP%20v2.1%20%28dbms.pp%5B1%5D%29.pdf
Egea, M., Mahbub, K., Spanoudakis, G., Vieira, M.R.: A certification framework for cloud security properties: the monitoring path. In: Felici, M., Fernández-Gago, C. (eds.) A4Cloud 2014. LNCS, vol. 8937, pp. 63–77. Springer, Heidelberg (2015)
ENISA, Security Certification Practice in the EU: Information Security Management Systems– A Case Study, v1, October 2013. https://www.enisa.europa.eu/
Grobauer, B., Walloschek, T., Stocker, E.: Understanding Cloud Computing Vulnerabilities. Security & Privacy, IEEE 9(2), 50–57 (2011)
Heiser, J., Nicolett, M.: Assessing the Security Risks of Cloud Computing. Gartner TR (2008)
Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing, 1–6 (2008)
IT Baseline Protection Catalogs. http://www.bsi.de/gshb/index.htm
Katopodis, S., Spanoudakis, G., Mahbub, K.: Towards hybrid cloud service certification models. In: 2014 IEEE International Conference on Services Computing, pp. 394–399
Krotsiani, M., Spanoudakis, G.: Continuous certification of non-repudiation in cloud storage services. In: 4th IEEE Int. Symp. on rust and Security in Cloud Computing (2014)
Krotsiani, M., Spanoudakis, G., Mahbub, K.: Incremental certification of cloud services. In: 7th Int. Conf. on Emerging Security Information, Systems and Technologies (2013)
Lagazio, M., Barnard-Wills, D., Rodrigues, R., Wright, D.: Certification Schemes for Cloud Computing. EU Commission Report, ISBN 978-92-79-39392-1, doi:10.2759/64404
McAfee MySQL AUDIT Plugin. https://github.com/mcafee/mysql-audit
MySQL server. http://www.mysql.com/
National Institute of Standards and Technology: Information Security Handbook: A Guide for Managers. NIST Special Publication 800-100, October 2006
Payment Card Industry Data Security Standard (PCI DSS). https://www.pcisecuritystandards.org/security_standards/documents.php?document=dss_cloud_computing_guidelines
RUBiS Benchmark. http://rubis.ow2.org/
Shanahan, M.: The event calculus explained. In: Veloso, M.M., Wooldridge, M.J. (eds.) Artificial Intelligence Today. LNCS (LNAI), vol. 1600, pp. 409–430. Springer, Heidelberg (1999)
Spanoudakis, G., Kloukinas C., Mahbub K.: The serenity runtime monitoring framework. In: Security and Dependability for Ambient Intelligence, pp. 213–237. Springer (2009)
STAR Certification, Cloud Security Alliance. https://cloudsecurityalliance.org/star/
Emeakaroha, V.C., et al.: DeSVi: an architecture for detecting SLA violations in cloud computing infrastructures. In: 2nd Int. ICST Conference on Cloud Computing (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Krotsiani, M., Spanoudakis, G., Kloukinas, C. (2015). Monitoring-Based Certification of Cloud Service Security. In: Debruyne, C., et al. On the Move to Meaningful Internet Systems: OTM 2015 Conferences. OTM 2015. Lecture Notes in Computer Science(), vol 9415. Springer, Cham. https://doi.org/10.1007/978-3-319-26148-5_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-26148-5_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26147-8
Online ISBN: 978-3-319-26148-5
eBook Packages: Computer ScienceComputer Science (R0)