Advertisement

Monitoring-Based Certification of Cloud Service Security

  • Maria KrotsianiEmail author
  • George Spanoudakis
  • Christos Kloukinas
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9415)

Abstract

In this paper, we present a novel approach to cloud service security certification. This approach could be used to: (a) define and execute automatically certification models, which can continuously and incrementally acquire and analyse evidence regarding the provision of services on cloud infrastructures through continuous monitoring; (b) use this evidence to assess whether the provision is compliant with required security properties; and (c) generate and manage digital certificates confirming the compliance of services if the acquired evidence supports this. We also present the results of an initial experimental evaluation of our approach based on the MySQL server and RUBiS benchmark.

Keywords

Cloud Computing Cloud Service Cloud Provider Security Property Cloud Service Provider 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Anisetti, M., Ardagna, C. A. and Damiani, E.: A certification-based trust model for autonomic cloud computing systems. In: Int. Conf. on Cloud and Autonomic Computing (CAC 2014), London, UK (2014)Google Scholar
  2. 2.
    Ardagna, C.A., Asal, R., Damiani, E., Vu, Q.V.: From Security to Assurance in the Cloud: A Survey. ACM Computing Surveys (CSUR) 48(1), Article 2, July 2015Google Scholar
  3. 3.
    Barham, P., et al.: Xen and the art of virtualization. ACM SIGOPS Operating Systems Review 37(5) (2003). ACMGoogle Scholar
  4. 4.
    Bezzi, M., Sabetta, A., Spanoudakis, G.: An architecture for certification-aware service discovery. In: 1st Int. IEEE Workshop on Securing Services on the Cloud, pp. 14–21 (2011)Google Scholar
  5. 5.
    Cloud Security Alliance, Cloud Controls Matrix. https://cloudsecurityalliance.org/research/ccm/
  6. 6.
    COBIT, IT Assurance Guide: Using COBIT, Control Objectives for Information and related Technology. Information Systems Audit and Control Association (2007)Google Scholar
  7. 7.
    Common Criteria (CC) for Information Technology Security Evaluation, CCDB USB Working Group, 2012, part 1-3. http://www.commoncriteriaportal.org
  8. 8.
    CSA: Open Certification Framework. https://cloudsecurityalliance.org/research/ocf/
  9. 9.
    Database Management System Protection Profile, Issue 2.1, May 2000. http://www.commoncriteriaportal.org/files/ppfiles/T129%20-%20PP%20v2.1%20%28dbms.pp%5B1%5D%29.pdf
  10. 10.
    Egea, M., Mahbub, K., Spanoudakis, G., Vieira, M.R.: A certification framework for cloud security properties: the monitoring path. In: Felici, M., Fernández-Gago, C. (eds.) A4Cloud 2014. LNCS, vol. 8937, pp. 63–77. Springer, Heidelberg (2015)Google Scholar
  11. 11.
    ENISA, Security Certification Practice in the EU: Information Security Management Systems– A Case Study, v1, October 2013. https://www.enisa.europa.eu/
  12. 12.
    Grobauer, B., Walloschek, T., Stocker, E.: Understanding Cloud Computing Vulnerabilities. Security & Privacy, IEEE 9(2), 50–57 (2011)CrossRefGoogle Scholar
  13. 13.
    Heiser, J., Nicolett, M.: Assessing the Security Risks of Cloud Computing. Gartner TR (2008)Google Scholar
  14. 14.
    Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing, 1–6 (2008)Google Scholar
  15. 15.
    IT Baseline Protection Catalogs. http://www.bsi.de/gshb/index.htm
  16. 16.
    Katopodis, S., Spanoudakis, G., Mahbub, K.: Towards hybrid cloud service certification models. In: 2014 IEEE International Conference on Services Computing, pp. 394–399Google Scholar
  17. 17.
    Krotsiani, M., Spanoudakis, G.: Continuous certification of non-repudiation in cloud storage services. In: 4th IEEE Int. Symp. on rust and Security in Cloud Computing (2014)Google Scholar
  18. 18.
    Krotsiani, M., Spanoudakis, G., Mahbub, K.: Incremental certification of cloud services. In: 7th Int. Conf. on Emerging Security Information, Systems and Technologies (2013)Google Scholar
  19. 19.
    Lagazio, M., Barnard-Wills, D., Rodrigues, R., Wright, D.: Certification Schemes for Cloud Computing. EU Commission Report, ISBN 978-92-79-39392-1, doi: 10.2759/64404
  20. 20.
    McAfee MySQL AUDIT Plugin. https://github.com/mcafee/mysql-audit
  21. 21.
    MySQL server. http://www.mysql.com/
  22. 22.
    National Institute of Standards and Technology: Information Security Handbook: A Guide for Managers. NIST Special Publication 800-100, October 2006Google Scholar
  23. 23.
  24. 24.
    RUBiS Benchmark. http://rubis.ow2.org/
  25. 25.
    Shanahan, M.: The event calculus explained. In: Veloso, M.M., Wooldridge, M.J. (eds.) Artificial Intelligence Today. LNCS (LNAI), vol. 1600, pp. 409–430. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  26. 26.
    Spanoudakis, G., Kloukinas C., Mahbub K.: The serenity runtime monitoring framework. In: Security and Dependability for Ambient Intelligence, pp. 213–237. Springer (2009)Google Scholar
  27. 27.
    STAR Certification, Cloud Security Alliance. https://cloudsecurityalliance.org/star/
  28. 28.
    Emeakaroha, V.C., et al.: DeSVi: an architecture for detecting SLA violations in cloud computing infrastructures. In: 2nd Int. ICST Conference on Cloud Computing (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Maria Krotsiani
    • 1
    Email author
  • George Spanoudakis
    • 1
  • Christos Kloukinas
    • 1
  1. 1.Department of Computer ScienceCity University LondonLondonUK

Personalised recommendations