Towards Automatic Comparison of Cloud Service Security Certifications
Cloud service providers who offer services to their users traditionally signal security of their offerings through certifications based on various certification schemes. Currently, a vast number of schemes and standards exists on one side (cloud service certifications), while another large set of security requirements stemming from internal needs or laws and regulations stand on the other side (users of cloud services). Determining whether a service with an arbitrary certificate in one country fulfills requirements imposed by the user in another country is a difficult task and therefore a project (EU-SEC) was started focusing on allowing cross-border usage of cloud services. In this paper, we propose automated comparison of cloud service security certification schemes and, subsequently, security of cloud services certified using these schemes. In the presented method, we map requirements in schemes, standards, laws, and regulations into a proposed cloud service security ontology. Due to the free-form text nature of these items, we also describe a supporting method for semi-automated conversion of free text into this ontology using natural language processing. The requirements described in ontology format are then easily compared against each other. We also describe an implementation of a prototype system supporting the conversion and comparison with preliminary results on describing and comparing two well-known schemes.
KeywordsCloud service certification Natural language processing Certification scheme ontology
This work was partially supported by the project EU 731845 – EU-SEC.
- 1.Androcec, D., Vrcek, N., Seva, J.: Cloud computing ontologies: a systematic review. In: MOPAS 2012: The Third International Conference on Models and Ontology-Based Design of Protocols, Architectures and Services Cloud. IARIA, pp. 9–14 (2012)Google Scholar
- 2.Singh, V., Pandey, S.K.: A comparative study of cloud security ontologies. In: Proceedings of 3rd International Conference on Reliability, Infocom Technologies and Optimization. IEEE (2014)Google Scholar
- 3.Zhang, M., Ranjan, R., Haller, A., et al.: An ontology-based system for cloud infrastructure services’ discovery. In: 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). IEEE, Pittsburgh, pp. 524–530 (2012)Google Scholar
- 5.Hooi, Y.K., Hassan, M.F., Shariff, A.M.: A survey on ontology mapping techniques. In: Jeong, H.Y., S. Obaidat, M., Yen, N.Y., Park, J.J.(Jong Hyuk) (eds.) Advances in Computer Science and its Applications. LNEE, vol. 279, pp. 829–836. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-41674-3_118CrossRefGoogle Scholar
- 6.Pedrinaci, C., Cardoso, J., Leidig, T.: Linked USDL: a vocabulary for web-scale service trading. In: Presutti, V., d’Amato, C., Gandon, F., d’Aquin, M., Staab, S., Tordai, A. (eds.) ESWC 2014. LNCS, vol. 8465, pp. 68–82. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07443-6_6CrossRefGoogle Scholar
- 8.Veloudis, S., Paraskakis, I.: Ontological templates for modelling security policies in cloud environments. In: Proceedings of the 20th Pan-Hellenic Conference on Informatics - PCI 2016. ACM Press, New York (2016)Google Scholar
- 10.Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cybersecurity in cloud computing. In: Proceedings of the 3rd International Conference on Security of Information and Networks - SIN 2010. ACM Press, New York, pp. 100–109 (2010)Google Scholar
- 11.Marcus, M.P., Marcinkiewicz, M.A., Santorini, B.: Building a large annotated corpus of English: the Penn treebank. Comput. Linguist. 19, 313–330 (1993)Google Scholar
- 12.Manning, C., Surdeanu, M., Bauer, J., et al.: The Stanford CoreNLP natural language processing toolkit. In: Proceedings of 52nd Annual Meeting of the Association for Computational Linguistics: System Demonstrations. Association for Computational Linguistics, Stroudsburg, pp. 55–60 (2014)Google Scholar