Towards the Certification of Cloud Services

The need of a certification process for cloud-based services is emerging as a way to address some of the remaining obstacles facing the effective development and diffusion of the cloud-computing paradigm. In this paper we move the first steps towards a complete approach containing a conceptual framework where the specifications of basic, hybrid and incremental certification models for cloud-based services can be given. Specifically, we focus on the definition of a unifying meta-model to provide representational guidelines for (i) the definition of the security properties to be certified, (ii) the types of evidence underlying them, (iii) the phases of the certificate life cycle, as well as of all mechanisms for generating supporting evidence.

[1]  Salima Benbernou,et al.  Managing Evolving Services , 2011, IEEE Software.

[2]  Ernesto Damiani,et al.  Toward WS-certificate , 2009, SWS '09.

[3]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[4]  Hui Xiong,et al.  Conceptual Modeling , 2008, Encyclopedia of GIS.

[5]  Dimitris Dranidis,et al.  Increased reliability in SOA environments through registry-based conformance testing of Web services , 2010 .

[6]  Cynthia E. Irvine,et al.  Toward a taxonomy and costing method for security services , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[7]  Julio Cesar Sampaio do Prado Leite,et al.  On Non-Functional Requirements in Software Engineering , 2009, Conceptual Modeling: Foundations and Applications.

[8]  Ernesto Damiani,et al.  Open Source Systems Security Certification , 2008 .

[9]  Ernesto Damiani,et al.  Fine-Grained Modeling of Web Services for Test-Based Security Certification , 2011, 2011 IEEE International Conference on Services Computing.

[10]  Joint Task Force Transformation Initiative Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach , 2014 .

[11]  Sopheak Cheang,et al.  Conceptual Model for Cybersecurity Readiness Assessement for Public Institutions in Developing Country: Cambodia , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[12]  Ali Sunyaev,et al.  Cloud services certification , 2013, CACM.