Towards the Certification of Cloud Services

“…However, their framework is built upon only a trust management module and is based on small-world networks. Many researchers have studied security certification, which is aimed at increasing the confidence of the clients by satisfying their security requirements (Anisetti et al, 2012;Anisetti et al, 2013;Katopodis et al, 2014;Kaluvuri et al, 2013;Cimato et al, 2013). (Papazoglou, 2012).…”

“…The certification and rating process for security and privacy is beyond the scope of this paper. However, security and privacy can be certified as detailed in (Anisetti et al, 2012;Anisetti et al, 2013;Katopodis et al, 2014;Kaluvuri et al, 2013;Cimato et al, 2013) or their ratings can be obtained from security and priTrust-based Service-Oriented Architecture vacy rating systems (Mayer, 1990;El Yamany, 2009;Allison et al, 2009;Diego, 2011). For example (Anisetti et al, 2012), security certification provides a security-enhanced service discovery and selection approach and enhances requestors' security requirements.…”

Trust-based Service-Oriented Architecture

“…However, their framework is built upon only a trust management module and is based on small-world networks. Many researchers have studied security certification, which is aimed at increasing the confidence of the clients by satisfying their security requirements (Anisetti et al, 2012;Anisetti et al, 2013;Katopodis et al, 2014;Kaluvuri et al, 2013;Cimato et al, 2013). (Papazoglou, 2012).…”

“…The certification and rating process for security and privacy is beyond the scope of this paper. However, security and privacy can be certified as detailed in (Anisetti et al, 2012;Anisetti et al, 2013;Katopodis et al, 2014;Kaluvuri et al, 2013;Cimato et al, 2013) or their ratings can be obtained from security and priTrust-based Service-Oriented Architecture vacy rating systems (Mayer, 1990;El Yamany, 2009;Allison et al, 2009;Diego, 2011). For example (Anisetti et al, 2012), security certification provides a security-enhanced service discovery and selection approach and enhances requestors' security requirements.…”

Trust-based Service-Oriented Architecture

“…ISO/IEC 27001, NIST) also require manual inspections and are unable to provide the required level of assurance in cloud computing and to fit the dynamic nature of the cloud, focusing on monolithic software components [4] and failing to address on-demand self-service, dynamic allocation of resources and multi-tenancy [14][18]. Additionally, traditional certification models lack in trust, transparency and accuracy, as they do not support the constant provision of information about the security of cloud services, unlike our hybrid approach that relies on incremental monitoring and automated testing and it is focused on cloud services.…”

“…CC has also a human-centric approach, unlike our model, which is not designed to support automated security certification, targeting static, monolithic systems and requiring a large investment of resources [4].…”

“…Recent work on cloud service certification applies dynamic forms of security assessment, notably dynamic testing (e.g., [4]) or continuous monitoring (e.g., [6] [10]). These overcome some of the limitations of traditional security certification and audits (e.g.…”

Towards Hybrid Cloud Service Certification Models

AMOE: A Tool to Automatically Extract and Assess Organizational Evidence for Continuous Cloud Audit