Standards for Accountability in the Cloud

Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8937)

Abstract

This paper examines the role of standards in the cloud with a particular focus on accountability, in the context of the A4Cloud Project (Accountability for the Cloud). To this end, we first provide a general overview of standards, what they are and how we can categorize them, as illustrated by a few cloud-specific examples. Next, we examine the intersection between standards and accountability, by highlighting how standards influence the A4Cloud Project and reciprocally how the A4Cloud Project aims to influence accountability related standards. We argue that specification standards can foster interoperability for the purpose of accountability, thereby making accountability more automated and pervasive. Finally, we take a closer look at a particular accountability requirement: the continuous monitoring of the compliance of cloud services. This is an area of great interest for standardization, which faces many research challenges.

Keywords

Cloud Standards Accountability Interoperability Security Monitoring 

References

  1. 1.
    ISO/IEC/IEEE 29119-1:2013, Software and systems engineering—Software testing—Part 1: Concepts and definitions, Aug 2013Google Scholar
  2. 2.
    International Organization for Standardization. ISO/IEC 27002: Information Technology, Security Techniques, Code of Practice for Information Security Management. ISO/IEC 2005Google Scholar
  3. 3.
    International Organization for Standardization. ISO/IEC 27001:2013 Information technology—Security techniques—Information security management systems-Requirements. ISO/IEC 2013Google Scholar
  4. 4.
    Hogben, G., Dekker, M. (eds.) Procure Secure, A guide to monitoring of security service levels in cloud contracts, ENISA 2012Google Scholar
  5. 5.
    Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: NIST cloud computing reference architecture. NIST special publication, 500, 292 (2011)Google Scholar
  6. 6.
    Hogben, G., Pannetrat, A.: Mutant Apples: A critical examination of cloud SLA availability definitions. In: IEEE 5th international conference Cloud Computing Technology and Science (CloudCom), Dec 2013Google Scholar
  7. 7.
    Ardagna, C.A., Bussard, L., De Capitani Di Vimercati, S., Neven, G., Paraboschi, S., Pedrini, E., Preiss, S., Raggett, D., Samarati, P., Trabelsi, S., Verdicchio, M.: Primelife policy language (2009). http://www.w3.org/2009/policy-ws/papers/Trabelisi.pdf
  8. 8.
    OASIS Standard. eXtensible Access Control Markup Language (XACML) Version 3.0, 22 Jan 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
  9. 9.
    ISO/IEC NP 19086, Information technology – Distributed application platforms and services – Cloud computing – Service level agreement (SLA) framework and terminology, under development, Nov 2013Google Scholar
  10. 10.
    European Commision: Cloud Service Level Agreement Standardisation Guidelines. Technical Report, Cloud Select Industry Group (C-SIG), June 2014. https://ec.europa.eu/digital-agenda/en/news/cloud-service-level-agreement-standardisation-guidelines
  11. 11.
    National Institute of Standards and Technology: NIST Cloud Computing: Cloud Service Metrics Description (RATAX). Working document 2014Google Scholar
  12. 12.
    International Organization for Standardization. ISO/IEC 19464:2014 Information technology – Advanced Message Queuing Protocol (AMQP) v1.0 specification. ISO/IEC, 2014Google Scholar
  13. 13.
    Network Working Group of the IETF, Jan 2006, RFC 4252, The Secure Shell (SSH) Authentication ProtocolGoogle Scholar
  14. 14.
    International Organization for Standardization. ISO/IEC 17203:2011 “Open Virtualization Format”. ISO/IEC 2011Google Scholar
  15. 15.
    Storage Networking Industry Association, “Cloud Data Management Interface”, Version 1, 12 April 2010Google Scholar
  16. 16.
    A4Cloud: Deliverable D:A-5.1 Report on A4Cloud contribution to standards, Sept 2014Google Scholar
  17. 17.
    ETSI: Cloud Standards Coordination – Final Report, Version 1, Nov 2013Google Scholar
  18. 18.
    International Organization for Standardization. ISO/IEC DIS 17788: Information technology—Cloud computing—Overview and vocabulary, Under development. ISO/IEC JTC 1/SC 38Google Scholar
  19. 19.
    International Organization for Standardization. ISO/IEC DIS 17789: Information technology – Cloud computing – Reference architecture, Under development. ISO/IEC JTC 1/SC 38Google Scholar
  20. 20.
    Drago, I., Mellia, M., Munafo, M.M., Sperotto, A., Sadre, R., Pras, A.: Inside dropbox: Understanding personal cloud storage services. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference (IMC 2012), pp. 481–494. ACM, New York (2012)Google Scholar
  21. 21.
    Alain, P., Vasilis, T., Daniele C. D:C-3.1 Requirements for cloud interoperability. A4Cloud public deliverable. Nov 2013Google Scholar
  22. 22.
    European Commission: Cloud Service Level Agreement Standardisation Guidelines. Technical Report, Cloud Select Industry Group (C-SIG), June 2014Google Scholar
  23. 23.
    Massimo, F., Theofrastos, K., Siani, P.: Accountability for data governance in cloud ecosystems. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2, pp. 327–332, 2–5 Dec 2013Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Cloud Security AllianceEdinburghScotland, UK

Personalised recommendations