Security Certification for the Cloud: The CUMULUS Approach

This chapter presents a certification-based assurance solution for the cloud, which has been developed as part of the FP7 EU Project CUMULUS. It provides an overview of the CUMULUS certification models, which are at the basis of the certification processes implemented and managed by the CUMULUS certification framework. Certification models drive the collection of evidence used by the framework to assess whether the system under certification supports required security properties, and generate and manage certificates proving compliance to such properties (certification process). Collected evidence can be of different types (i.e., test-based, monitoring-based, and trusted computing-based evidence) and addresses the peculiarities of cloud environments. The framework also supports continuous and incremental evaluation of services in the production cloud.

[1]  Khaled M. Khan,et al.  Establishing Trust in Cloud Computing , 2010, IT Professional.

[2]  Murray Shanahan,et al.  The Event Calculus Explained , 1999, Artificial Intelligence Today.

[3]  Cynthia E. Irvine,et al.  Toward a taxonomy and costing method for security services , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[4]  Hassan Rasheed,et al.  Data and infrastructure security auditing in cloud computing environments , 2014, Int. J. Inf. Manag..

[5]  Pascal Bouvry,et al.  Certicloud: A Novel TPM-based Approach to Ensure Cloud IaaS Security , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[6]  Siani Pearson,et al.  Toward Accountability in the Cloud , 2011, IEEE Internet Computing.

[7]  Ramin Yahyapour,et al.  Service Level Agreements for Cloud Computing , 2011 .

[8]  Dan C. Marinescu,et al.  An Auction-driven Self-organizing Cloud Delivery Model , 2013, ArXiv.

[9]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[10]  Emiliano Casalicchio,et al.  Mechanisms for SLA provisioning in cloud-based service providers , 2013, Comput. Networks.

[11]  Xiaojiang Du,et al.  Verifying cloud Service Level Agreement , 2012, GLOBECOM.

[12]  Salima Benbernou,et al.  Managing Evolving Services , 2011, IEEE Software.

[13]  Dimitris Dranidis,et al.  Increased reliability in SOA environments through registry-based conformance testing of Web services , 2010 .

[14]  Fabio Casati,et al.  Supporting the dynamic evolution of Web service protocols in service-oriented architectures , 2008, TWEB.

[15]  Frank Doelitzscher,et al.  An agent based business aware incident detection system for cloud environments , 2012, Journal of Cloud Computing: Advances, Systems and Applications.

[16]  Lawrence Chung,et al.  Dealing with Non-Functional Requirements: Three Experimental Studies of a Process-Oriented Approach , 1995, 1995 17th International Conference on Software Engineering.