Metrics for Accountability in the Cloud

Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8937)

Abstract

Accountability in the Cloud is a key concept that is determined by the accountability attributes. For assessing how accountable an organisation is we should be able to assess or provide techniques for measuring the attributes that influence on accountability. How much or to what extent they should be measured is a key issue. One of the goals of the A4Cloud project is, therefore, to develop a collection of metrics for performing meaningful measures on the attributes that influence accountability. This paper sets up the foundations towards the elicitation of metrics for accountability attributes. We describe here a metamodel for metrics for accountability attributes, which constitutes the basis for the process of elicitation of metrics for accountability. This metamodel is intended to serve as a language for describing accountability attributes and sub-attributes and for identifying the elements involved in their evaluation. One of the key components of the metamodel is the type of evidence the attribute use.

Keywords

Cloud Provider Remediation Action Transparency Process Responsibility Principal Contextual Input 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

This work has been partially funded by the European Commission through the FP7/2007–2013 project A4Cloud under grant agreement number 317550. The first author is funded by a FPI fellowship from the Junta de Andalucía through the project PISCIS (P10-TIC-06334).

References

  1. 1.
    New Oxford American DictionaryGoogle Scholar
  2. 2.
    The Cloud Accountability Project. http://www.a4cloud.eu/
  3. 3.
    ISO/IEC 15939:2007 – Systems and software engineering – Measurement process (2007)Google Scholar
  4. 4.
    NIST SP 800-55 – Performance measurement guide for information security. National Institute of Standards and Technology (2008)Google Scholar
  5. 5.
    ISO/IEC 27004:2009 – Information Technology – Security techniques – Information Security Management – Measurement (2009)Google Scholar
  6. 6.
    Implementing accountability in the marketplace – a discussion document. accountability phase iii – the madrid project. Centre for Information Policy Leadership (CIPL), November 2011Google Scholar
  7. 7.
    Abran, A.: Software Metrics and Software Metrology. Wiley, New York (2010)CrossRefMATHGoogle Scholar
  8. 8.
    ENISA. Procure secure – a guide to monitoring of security service levels in cloud contracts (2012)Google Scholar
  9. 9.
    EU Parliament and EU Council. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such dataGoogle Scholar
  10. 10.
    EU Parliament and EU Council. Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation) (2012)Google Scholar
  11. 11.
    Herrmann, D.S.: Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI. CRC Press, Boca Raton (2007)CrossRefGoogle Scholar
  12. 12.
    Hood, C., Heald, D. (eds.): Transparency: The Key to Better Governance?, vol. 135. Oxford University Press, Oxford (2006)Google Scholar
  13. 13.
    Innerhofer-Oberperfler, F., Breu, R.: An empirically derived loss taxonomy based on publicly known security incidents. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 66–73. IEEE (2009)Google Scholar
  14. 14.
    Nuñez, D., Fernandez-Gago, C., Pearson, S., Felici, M.: A metamodel for measuring accountability attributes in the cloud. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 1, pp. 355–362. IEEE (2013)Google Scholar
  15. 15.
    Pfitzmann, A., Hansen, M.: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management–A Consolidated Proposal for Terminology. Version v0.31 (2008)Google Scholar
  16. 16.
    A4Cloud project. MS:C-2.2 - Initial framework description report, February 2013Google Scholar
  17. 17.
    Stevens, S.S.: On the theory of scales of measurement. Science 103(2684), 677–680 (1946)CrossRefMATHGoogle Scholar
  18. 18.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 305–316. ACM (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Network, Information and Computer Security LabUniversity of MalagaMalagaSpain

Personalised recommendations