Skip to main content
SpringerLink
Log in

Supporting the Security Certification and Privacy Level Agreements in the Context of Clouds

  • Conference paper
  • First Online:
Business Modeling and Software Design (BMSD 2015)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 257))

Included in the following conference series:

Abstract

Outsourcing services into the cloud is a worthwhile alternative to classic service models from both a customers and providers point of view. Therefore many new cloud providers surface, offering their cloud solutions. The trust and acceptance for cloud solutions are however still not given for many customers since a lot of security incidents related to cloud computing were reported. One possibility for companies to raise the trust in the own products is to gain a certification for them based on ISO27001. The certification is however a large hurdle, especially for small and medium enterprises since they lack resources and know-how. In this paper we present an overview of the ClouDAT framework. It represents a tool based approach to help in the certification process for cloud services specifically tailored to SMEs.

This research was partially supported by the research project Visual Privacy Management in User Centric Open Environments (supported by the EU’s Horizon 2020 programme, Proposal number: 653642).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.visioneuproject.eu/.

References

  1. Alebrahim, A., Hatebur, D., Goeke, L.: Pattern-based and ISO 27001 compliant risk analysis for cloud systems. In: 2014 IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), pp. 42–47, August 2014

    Google Scholar 

  2. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: a berkeley view of cloud computing. Technical report UCB/EECS-2009-28, EECS Department, University of California, Berkeley. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html

  3. Beckers, K., Schmidt, H., Kuster, J., Fassbender, S.: Pattern-based support for context establishment and asset identification of the ISO 27000 in the field of cloud computing. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 327–333, August 2011

    Google Scholar 

  4. CARiSMA: Carisma framework, May 2015. https://www-secse.cs.tu-dortmund.de/carisma/

  5. Cloud Security Alliance: Security guidance for critical areas of focus in cloud computing v3.0 (2011). https://downloads.cloudsecurityalliance.org/initiatives/guidance/csaguide.v3.0.pdf

  6. Cloud Security Alliance: The notorious nine cloud computing top threats in 2013, February 2013. https://cloudsecurityalliance.org/download/the-notorious-nine-cloud-computing-top-threats-in-2013/

  7. Cloud Security Alliance: Privacy level agreement: A compliance tool for providing cloud services in the European union, February 2013. https://cloudsecurityalliance.org/download/thenotorious-nine-cloud-computing-top-threats-in-2013/

  8. Cloud Security Alliance: Cloud Control Matrix (2014). https://downloads.cloudsecurityalliance.org/init iatives/ccm/ccm-v3.0.1.zip

  9. ClouDAT: Cloudat project, May 2015. http://ti.uni-due.de/ti/clouddat/de/

  10. DISA: Application Security and Development STIG V3 R10 (2015). http://iase.disa.mil/stigs/Documents/U_Application_Security_and_Development_V3R4_STIG.zip

  11. European Network and Information Security Agency: Cloud computing - benefits, risks and recommendations for information security (2009). https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security

  12. Fernandez-Buglioni, E.: Security Patterns in Practice: Designing Secure Architectures Using Software Patterns, 1st edn. Wiley, New York (2013)

    Google Scholar 

  13. Fernández-Medina, E., Jürjens, J., Trujillo, J., Jajodia, S.: Model-driven development for secure information systems. Inf. Softw. Technol. 51(5), 809–814 (2009)

    Article  Google Scholar 

  14. Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing, June 2008. https://www.gartner.com/doc/685308/assessing-security-risks-cloud-computing

  15. ISO: ISO/IEC 27005 Information technology - Security techniques - Information security risk management. ISO 27005: 2008, International Organization for Standardization, Geneva, Switzerland (2008)

    Google Scholar 

  16. ISO: ISO/IEC 27001 Information Security Management System (ISMS) standard. ISO 27001: 2013, International Organization for Standardization, Geneva, Switzerland, October 2013

    Google Scholar 

  17. ISO: ISO/IEC 27000 Information technology - Security techniques - Information security management systems, Overview and vocabulary. ISO 27000: 2014, International Organization for Standardization, Geneva, Switzerland, May 2014

    Google Scholar 

  18. Jin, X., Sandhu, R., Krishnan, R.: RABAC: role-centric attribute-based access control. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 84–96. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33704-8_8

    Chapter  Google Scholar 

  19. Jürjens, J.: Secure information flow for concurrent processes. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, p. 395. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  20. Jürjens, J.: Modelling audit security for smart-card payment schemes with UMLsec. In: 16th International Conference on Information Security (IFIPSEC 2001), pp. 93–108. IFIP, Kluwer (2001)

    Google Scholar 

  21. Jürjens, J.: Secure Systems Development with UML. Springer, New York (2005). Chinese translation: Tsinghua University Press, Beijing 2009

    Google Scholar 

  22. Jürjens, J.: Verification of low-level crypto-protocol implementations using automated theorem proving. In: 3rd ACM & IEEE International Conference on Formal Methods and Models for Co-Design (MEMOCODE 2005), pp. 89–98. Institute of Electrical and Electronics Engineers (2005)

    Google Scholar 

  23. Jürjens, J., Wimmel, G.: Formally testing fail-safety of electronic purse protocols. In: 16th International Conference on Automated Software Engineering (ASE 2001), pp. 408–411. IEEE (2001)

    Google Scholar 

  24. Jürjens, J., Wimmel, G.: Security modelling for electronic commerce: the common electronic purse specifications. In: Schmid, B., Stanoevska-Slabeva, K., Tschammer, V. (eds.) Towards the E-Society: E-Commerce, E-Business, and E-Government. IFIP, vol. 74, pp. 489–505. Springer US, New York (2001)

    Chapter  Google Scholar 

  25. National Institute for Standards and Technology: The NIST Definition of Cloud Computing. Technical report, Special Publication 800–145 of the National Institute of Standards and Technology (NIST), September 2011. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

  26. Nist, Aroms, E.: NIST Special Publication 800–53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations. CreateSpace, Paramount, CA (2012). http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

  27. Ratiu, D., Feilkas, M., Jürjens, J.: Extracting domain ontologies from domain specific APIs. In: 12th European Conference on Software Maintenance and Reengineering (CSMR 2008), pp. 203–212. IEEE (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Software Technology, University of Koblenz-Landau, Koblenz, Germany

    Amir Shayan Ahmadian, Fabian Coerschulte & Jan Jürjens

  2. Fraunhofer Institute for Software and Systems Engineering ISST, Dortmund, Germany

    Jan Jürjens

Authors
  1. Amir Shayan Ahmadian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabian Coerschulte
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jan Jürjens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jan Jürjens .

Editor information

Editors and Affiliations

  1. Interdisciplinary Inst. for Collab. &, Bulgarian Academy of Sciences - BAS &, Sofia, Bulgaria

    Boris Shishkov

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Ahmadian, A.S., Coerschulte, F., Jürjens, J. (2016). Supporting the Security Certification and Privacy Level Agreements in the Context of Clouds. In: Shishkov, B. (eds) Business Modeling and Software Design. BMSD 2015. Lecture Notes in Business Information Processing, vol 257. Springer, Cham. https://doi.org/10.1007/978-3-319-40512-4_5

Download citation

Publish with us

Policies and ethics

Search

Navigation