论文信息 - Metrics for Accountability in the Cloud

Metrics for Accountability in the Cloud

Accountability in the Cloud is a key concept that is determined by the accountability attributes. For assessing how accountable an organisation is we should be able to assess or provide techniques for measuring the attributes that influence on accountability. How much or to what extent they should be measured is a key issue. One of the goals of the A4Cloud project is, therefore, to develop a collection of metrics for performing meaningful measures on the attributes that influence accountability. This paper sets up the foundations towards the elicitation of metrics for accountability attributes. We describe here a metamodel for metrics for accountability attributes, which constitutes the basis for the process of elicitation of metrics for accountability. This metamodel is intended to serve as a language for describing accountability attributes and sub-attributes and for identifying the elements involved in their evaluation. One of the key components of the metamodel is the type of evidence the attribute use.

M. Carmen Fernández Gago | David Nuñez | M. C. Gago | David Nuñez

[1] Debra Herrmann,et al. Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .

[2] Kevin M. Stine,et al. Performance Measurement Guide for Information Security , 2008 .

[3] S S Stevens,et al. On the Theory of Scales of Measurement. , 1946, Science.

[4] Alain Abran,et al. Software Metrics and Software Metrology , 2010 .

[5] Ruth Breu,et al. An Empirically Derived Loss Taxonomy Based on Publicly Known Security Incidents , 2009, 2009 International Conference on Availability, Reliability and Security.

[6] Siani Pearson,et al. A Metamodel for Measuring Accountability Attributes in the Cloud , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[7] Michael K. Reiter,et al. Cross-VM side channels and their use to extract private keys , 2012, CCS.

[8] A. Pfitzmann,et al. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .