International Symposium on Data-Driven Process Discovery and Analysis

Data-Driven Process Discovery and Analysis pp 107-122 | Cite as

Trustworthy Cloud Certification: A Model-Based Approach

  • Marco Anisetti
  • Claudio A. Ardagna
  • Ernesto Damiani
  • Nabil El Ioini
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 237)


Cloud computing is introducing an architectural paradigm shift that involves a large part of the IT industry. The flexibility in allocating and releasing resources at runtime creates new business opportunities for service providers and their customers. However, despite its advantages, cloud computing is still not showing its full potential. Lack of mechanisms to formally assess the behavior of the cloud and its services/processes, in fact, negatively affects the trust relation between providers and potential customers, limiting customer movement to the cloud. Recently, cloud certification has been proposed as a means to support trustworthy services by providing formal evidence of service behavior to customers. One of the main limitations of existing approaches is the uncertainty introduced by the cloud on the validity and correctness of existing certificates. In this paper, we present a trustworthy cloud certification approach based on model verification. Our approach checks certificate validity at runtime, by continuously verifying the correctness of the service model at the basis of certification activities against real and synthetic service execution traces.


Certification Cloud FSM Model verification 



This work was partly supported by the Italian MIUR project SecurityHorizons (c.n. 2010XSEMLC) and by the EU-funded project CUMULUS (contract n. FP7-318580).


  1. 1.
    OPTET Consortium: D3.1 initial concepts and abstractions to model trustworthiness (2013).
  2. 2.
    Anisetti, M., Ardagna, C., Damiani, E.: A certification-based trust model for autonomic cloud computing systems. In: Proceedings of the IEEE Conference on Cloud Autonomic Computing (CAC 2014), London, UK, September 2014Google Scholar
  3. 3.
    Anisetti, M., Ardagna, C., Damiani, E.: A test-based incremental security certification scheme for cloud-based systems. In: Proceedings of IEEE SCC 2015, New York, NY, USA, June–July 2015Google Scholar
  4. 4.
    Anisetti, M., Ardagna, C., Damiani, E., Saonara, F.: A test-based security certification scheme for web services. ACM Trans. Web 7(2), 1–41 (2013)CrossRefGoogle Scholar
  5. 5.
    Antunes, N., Vieira, M.: Enhancing penetration testing with attack signatures and interface monitoring for the detection of injection vulnerabilities in web services. In: 2011 IEEE International Conference on Services Computing (SCC), pp. 104–111, July 2011Google Scholar
  6. 6.
    Ardagna, C., Asal, R., Damiani, E., Vu, Q.H.: From security to assurance in the cloud: a survey. ACM Comput. Surv. 48(1), 1–50 (2015)CrossRefGoogle Scholar
  7. 7.
    Ardagna, C., Jhawar, R., Piuri, V.: Dependability certification of services: a model-based approach. Computing 97(1), 51–78 (2015)CrossRefMATHGoogle Scholar
  8. 8.
    Biermann, A., Feldman, J.: On the synthesis of finite-state machines from samples of their behavior. IEEE Trans. Comput. C–21(6), 592–597 (1972)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Certification infrastrUcture for MUlti-layer cloUd Services.
  10. 10.
    Cimato, S., Damiani, E., Zavatarelli, F., Menicocci, R.: Towards the certification of cloud services. In: Proceedings of the IEEE SERVICES 2013, Santa Clara, CA, USA, June–July 2013Google Scholar
  11. 11.
    Di Cerbo, F., Bisson, P., Hartman, A., Keller, S., Meland, P.H., Moffie, M., Mohammadi, N.G., Paulus, S., Short, S.: towards trustworthiness assurance in the cloud. In: Felici, M. (ed.) CSP EU FORUM 2013. CCIS, vol. 182, pp. 3–15. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  12. 12.
    Doelitzscher, F., Reich, C., Knahl, M., Passfall, A., Clarke, N.: An agent based business aware incident detection system for cloud environments. J. Cloud Comput. 1(1), 1–19 (2012)CrossRefGoogle Scholar
  13. 13.
    Egea, M., Mahbub, K., Spanoudakis, G., Vieira, M.R.: A certification framework for cloud security properties: the monitoring path. In: Felici, M., Fernández-Gago, C. (eds.) A4Cloud 2014. LNCS, vol. 8937, pp. 63–77. Springer, Heidelberg (2015) Google Scholar
  14. 14.
    Ernst, M., Cockrell, J., Griswold, W., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. In: Proceedings of the 21st International Conference on Software Engineering, ICSE 1999, pp. 213–224. ACM, New York, NY, USA (1999)Google Scholar
  15. 15.
    Fu, X., Bultan, T., Su, J.: Analysis of interacting bpel web services. In: Proceedings of the 13th International Conference on World Wide Web, WWW 2004, pp. 621–630. ACM, New York, NY, USA (2004)Google Scholar
  16. 16.
    Hudic, A., Tauber, M., Lorunser, T., Krotsiani, M., Spanoudakis, G., Mauthe, A., Weippl, E.: A multi-layer and multitenant cloud assurance evaluation methodology. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 386–393, December 2014Google Scholar
  17. 17.
    Jianqiang, H., Changguo, G., Huaimin, W., Peng, Z.: Quality driven web services selection. In: IEEE International Conference on e-Business Engineering, 2005, ICEBE 2005, pp. 681–688, October 2005Google Scholar
  18. 18.
    Kaluvuri, S., Koshutanski, H., Di Cerbo, F., Mana, A.: Security assurance of services through digital security certificates. In: 2013 IEEE 20th International Conference on Web Services (ICWS), pp. 539–546, June 2013Google Scholar
  19. 19.
    Lorenzoli, D., Mariani, L., Pezzè, M.: Automatic generation of software behavioral models. In: Proceedings of the 30th International Conference on Software Engineering, ICSE 2008, pp. 501–510. ACM, New York, NY, USA (2008)Google Scholar
  20. 20.
    Merten, M., Howar, F., Steffen, B., Pellicione, P., Tivoli, M.: Automated inference of models for black box systems based on interface descriptions. In: Margaria, T., Steffen, B. (eds.) ISoLA 2012, Part I. LNCS, vol. 7609, pp. 79–96. Springer, Heidelberg (2012) Google Scholar
  21. 21.
    Munoz, A., Mãna, A.: Bridging the gap between software certification and trusted computing for securing cloud computing. In: Proceedings of IEEE SERVICES 2013, Santa Clara, CA, USA, June 2013Google Scholar
  22. 22.
    Pearson, S.: Toward accountability in the cloud. IEEE Internet Comput. 15(4), 64–69 (2011)CrossRefGoogle Scholar
  23. 23.
    Rasheed, H.: Data and infrastructure security auditing in cloud computing environments. Int. J. Inf. Manage. 34(3), 364–368 (2014). ISSN: 0268-4012., CrossRefGoogle Scholar
  24. 24.
    Ravindran, K.: Model-based engineering methods for certification of cloud-based network systems. In: 2013 Fifth International Conference on Communication Systems and Networks (COMSNETS), pp. 1–2, January 2013Google Scholar
  25. 25.
    Spanoudakis, G., Damiani, E., Mana, A.: Certifying services in cloud: the case for a hybrid, incremental and multi-layer approach. In: 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), pp. 175–176, October 2012Google Scholar
  26. 26.
    Sunyaev, A., Schneider, S.: Cloud services certification. Commun. ACM 56(2), 33–36 (2013)CrossRefGoogle Scholar
  27. 27.
    Wu, C., Lee, Y.: Automatic saas test cases generation based on soa in the cloud service. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, pp. 349–354 (2012)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Marco Anisetti
    • 1
  • Claudio A. Ardagna
    • 1
  • Ernesto Damiani
    • 1
  • Nabil El Ioini
    • 2
  1. 1.Università degli Studi di MilanoDI, CremaItaly
  2. 2.Free University of BozenBolzanoItaly

Personalised recommendations