Certifying Services in Cloud: The Case for a Hybrid, Incremental and Multi-layer Approach

Abstract: This is the unspecified version of the paper.This version of the publication may differ from the final published version. Permanent repository link:

“…From a different point of view, Grobauer et al [2011] provide an overview of current vulnerabilities affecting the cloud at different levels, and identify certification as a preferred approach for vulnerability management. Spanoudakis et al [2012] discuss the need of providing novel models for cloud service certification and present a hybrid, incremental, and multilayer approach to cloud certification. Sunyaev and Schneider [2013] present an overview of the possible benefits a certification solution for cloud services could give to all cloud actors, addressing the lack of transparency, trust, and acceptance.…”

“…The concept of transparency, that is, higher access to low-level (back-end) data produced by the cloud infrastructure and to evidence collected on the security of cloud data and applications, has been recognized as the basis for an effective approach to cloud assurance Spanoudakis et al 2012]. Lack of transparency in fact makes the cloud and its security issues not clear to end users.…”

From Security to Assurance in the Cloud

“…From a different point of view, Grobauer et al [2011] provide an overview of current vulnerabilities affecting the cloud at different levels, and identify certification as a preferred approach for vulnerability management. Spanoudakis et al [2012] discuss the need of providing novel models for cloud service certification and present a hybrid, incremental, and multilayer approach to cloud certification. Sunyaev and Schneider [2013] present an overview of the possible benefits a certification solution for cloud services could give to all cloud actors, addressing the lack of transparency, trust, and acceptance.…”

“…The concept of transparency, that is, higher access to low-level (back-end) data produced by the cloud infrastructure and to evidence collected on the security of cloud data and applications, has been recognized as the basis for an effective approach to cloud assurance Spanoudakis et al 2012]. Lack of transparency in fact makes the cloud and its security issues not clear to end users.…”

From Security to Assurance in the Cloud

“…Happens(e(_e3,_TOC,_CA, REQ,_notifO(_cred,_data,_auth,_h),_TOC),t3,[t2,t2+d2])) 1 . The above model has two limitations in providing assurance for the integrity-at-rest property: (1) it cannot capture updates of data that might have been carried out without using the update interface assumed of _TOC (i.e., _updOp(_cred,_data,_vCode)), and (2) it cannot check that the operation _updOp has checked authorisation rights before updating data, and A hybrid model could be used in this case to overcome partially the first of these limitations.…”

“…Our approach is based on the cloud certification framework of the CUMULUS project [1]. In this paper, we introduce the basic concepts of hybrid certification models and present examples of such models formalised using EC-Assertion (i.e., the monitoring language of the CUMULUS framework).…”

“…The certification of cloud service security has become a necessity due to on-going concerns about cloud security and the need to increase cloud trustworthiness through rigorous assessments of security by trusted third parties [1] [2]. Unlike the certification of security in traditional software systems, which is based on static forms of security assessment (e.g., the Common Criteria model [11]), the certification of cloud service security requires continuous assessment [5].…”

Towards Hybrid Cloud Service Certification Models

Certified Machine-Learning Models