Cloud Accountability: Glossary of Terms and Definitions

  • Massimo FeliciEmail author
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8937)


The Glossary of Terms and Definitions captures a shared multidisciplinary understanding within the EU FP7 Cloud Accountability Project (A4Cloud). It consists of the key terms that have been identified by the A4Cloud’s Accountability Conceptual Framework. The definitions in the glossary have been drawn from relevant research literature, standards or domain specific references (e.g. data protection, cloud computing, information security, privacy, etc.). The A4Cloud’s Accountability Conceptual Framework has proposed (or revised) definitions of those terms that are central to concept of accountability (and related attributes). The glossary is the result of a collaborative effort of the A4Cloud project. The final glossary consists of over 150 terms (drawn from an initial list of over 700 terms) selected for their relevance to accountability. It consists of the core accountability terms that have been defined and used across the A4Cloud project.



This glossary of terms and definitions consists of the A4Cloud terms defined and introduced in [1]. It also includes terms drawn from standards and other references – for such terms if the definition is an exact quotation from the reference given, quotation marks and an italics font are used to indicate this; otherwise the provided definition is derived from a close adaptation of the text within the referenced source. This work has been partly funded by the European Commission’s Seventh Framework Programme (FP7/2007-2013), grant agreement 317550, Cloud Accountability Project – – (A4CLOUD). I would also like to thank all project colleagues who contributed to this glossary of terms and definitions, in particular, Rehab Alnemr, Monir Azraoui, Karin Bernsmed, Simone Fischer-Hübner, Bushra Hasnain, Eleni Kosta, Theofrastos Koulouris, Ronald Leenes, Christopher Millard, Maartje Niezen, David Nuñez, Melek Önen, Alain Pannetrat, Nick Papanikolaou, Siani Pearson, Daniel Pradelles, Chris Reed, Christoph Reich, Jean-Claude Royer, Anderson Santana de Oliveira, Dimitra Stefanatou, Vasilis Tountopoulos, Tomasz Wiktor Wlodarczyk.


  1. 1.
    Felici, M., Pearson, S. (eds.): D:C-2.1 Report detailing conceptual framework. Deliverable D32.1, Version Final, A4CLOUD (2014)Google Scholar
  2. 2.
    A4CLOUD: Accountability For Cloud and Other Future Internet Services, Annex I - Description of Work, Grant agreement 317550 (2012)Google Scholar
  3. 3.
    Abdul-Rahman, A., Hailes, S.: Supporting trust in virtual communities. In: Proceedings of the 33rd Annual Hawaii International Conference on System Sciences, vol. 1, pp. 1–9 (2000)Google Scholar
  4. 4.
    Article 29 Data Protection Working Party: Opinion 04/2013 on the Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems (‘DPIA Template’) prepared by Expert Group 2 of the Commission’s Smart Grid Task Force, 00678/13/EN WP205 (2013)Google Scholar
  5. 5.
    Article 29 Data Protection Working Party: Opinion 15/2011 on the definition of consent, 01197/11/EN WP187 (2011)Google Scholar
  6. 6.
    Brunton, F., Nissenbaum, H.: Political and ethical perspectives on data obfuscation. In: Hildebrandt, M., de Vries, K. (eds.) Privacy, Due Process and the Computational Turn, pp. 164–188. Routledge, New York (2013)Google Scholar
  7. 7.
    Cavoukian, A.: Privacy by Design in Law, Policy and Practice: A White Paper for Regulators, Decision-makers and Policy-makers, Information and Privacy Commissioner, ON, Canada (2011)Google Scholar
  8. 8.
    CIPL: Accountability: A Compendium for Stakeholders, The Centre for Information Policy Leadership (2011)Google Scholar
  9. 9.
    CNSS: National Information Assurance (IA) Glossary, Committee on National Security Systems (CNSS), CNSS Instruction No. 4009 (2010)Google Scholar
  10. 10.
    Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, Official Journal of the European Communities L 337/11 (2009)Google Scholar
  11. 11.
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal of the European Communities L 281/31 (1995)Google Scholar
  12. 12.
    EDPS: European Data Protection Supervisor (EDPS) Glossary - accessed onlineGoogle Scholar
  13. 13.
    Catteddu, D., Hogben, G. (eds.): Could Computing: Benefits, risks and recommendations for information security, European Network and Information Security Agency, ENISA (2009)Google Scholar
  14. 14.
    ENISA: Privacy, Accountability and Trust – Challenges and Opportunities (2011)Google Scholar
  15. 15.
    ITU-T, FG Cloud TR, Part 1: Introduction to the cloud ecosystem: definitions, taxonomies, use cases and high-level requirements, Version 1.0 (02/2012), ITU (2012)Google Scholar
  16. 16.
    Hildebrandt, M. (ed.): D 7.12: Behavioural Biometric Profiling and Transparency Enhancing Tools, FIDIS (2009)Google Scholar
  17. 17.
    Gambetta, D. (ed.): Trust: Making and Breaking Cooperative Relations. Basil Blackwell, Oxford (1988)Google Scholar
  18. 18.
    Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A policy language for distributed usage control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    IETF: Terminology for Policy-Based Management, RFC 3198, Internet Engineering Task Force, IETF (2001)Google Scholar
  20. 20.
    IETF: Internet Security Glossary, Version 2, RFC 4949, Internet Engineering Task Force, IETF (2007)Google Scholar
  21. 21.
    ISO 9241-11:1998 Ergonomic requirements for office work with visual display terminals (VDTs) – Part 11: Guidance on usability (1998)Google Scholar
  22. 22.
    ISO/IEC 10746-2:2009 Information technology - Open Distributed Processing - Reference Model: Foundations (2009)Google Scholar
  23. 23.
    ISO/IEC 15414:2006 Information technology - Open distributed processing - Reference model - Enterprise language (2006)Google Scholar
  24. 24.
    ISO/IEC 27000:2009(E) Information Technology - Security techniques - Information security management systems - Overview and vocabulary (2009)Google Scholar
  25. 25.
    ISO/IEC 38500:2008 Corporate governance of information technology (2008)Google Scholar
  26. 26.
    ISO27 k implementers’ forum, Hyperlinked information security glossary (2007)Google Scholar
  27. 27.
    Juels, A., Kaliski, B.S. Jr.: Pors: proofs of retrievability for large files. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 584–597. ACM, New York (2007)Google Scholar
  28. 28.
    Hu, V.C., Ferraiolo, D.F., Kuhn, D.R.: Assessment of Access Control Systems, NIST Interagency Report 7316 (2006)Google Scholar
  29. 29.
    Hogan, M., Liu, F., Sokol, A., Tong, J.: NIST Cloud Computing Standards Roadmap Working Group, NIST Cloud Computing Standards Roadmap, NIST Special Publication, 500–291 Version 1.0 (2011)Google Scholar
  30. 30.
    Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: NIST Cloud Computing Reference Architecture, NIST Special Publication 500–292 (2011)Google Scholar
  31. 31.
    Jansen, W., Grance, T.: Guidelines on Security and Privacy in Public Cloud Computing, NIST Special Publication, 800–144 (2011)Google Scholar
  32. 32.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing, NIST Special Publication, 800–145 (2011)Google Scholar
  33. 33.
    Stoneburner, G., Hayden, C., Feringa, A.: Engineering Principles for Information Technology Security (A Baseline for Achieving Security), NIST Special Publication, 800–27 Rev. A (2004)Google Scholar
  34. 34.
    NIST: Joint Task Force Transformation Initiative, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans, NIST Special Publication 800–53A, Revision 1 (2010)Google Scholar
  35. 35.
    Fischer-Hübner, S., Hedbom, H. (eds.): Framework V3, D14.1.c, PRIME (2008)Google Scholar
  36. 36.
    Reed, C.: Cloud governance: the way forward. In: Millard, C. (ed.) Cloud Computing Law, Oxford University Press (2013)Google Scholar
  37. 37.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008)CrossRefGoogle Scholar
  38. 38.
    Westin, A.F.: Privacy and Freedom. Atheneum, New York (1967)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Security and Cloud LabHewlett-Packard LaboratoriesBristolUK

Personalised recommendations