A Semantic Evidence-based Approach to Continuous Cloud Service Certification
Continuous certification of cloud services requires a high degree of automation in collecting and evaluating evidences. Prior approaches to this topic are often specific to a cloud provider or a certain certification catalog. This makes it costly and complex to achieve conformance to multiple certification schemes and covering multi-cloud solutions. In this paper, we present a novel approach to continuous certification which is scheme- and vendor-independent. Leveraging an ontology of cloud resources and their security features, we generalize vendor- and scheme-specific terminology into a new model of so-called semantic evidence. In combination with generalized metrics that we elicited out of requirements from the EUCS and the CCMv4, we present a framework for the collection and assessment of such semantic evidence across multiple cloud providers. This allows to conduct continuous cloud certification while achieving re-usability of metrics and evidences in multiple certification schemes. The performance benchmark of the framework's prototype implementation shows that up to 200,000 evidences can be processed in less than a minute, making it suitable for short time intervals used in continuous certification.
A Semantic Evidence-based Approach to Continuous Cloud Service Certification
SAC 2023, 38th ACM/SIGAPP Symposium on Applied Computing. Proceedings
Authors: | Christian Banse, Immanuel Kunz, Nico Haas, and Angelika Schneider |
Year/month: | 2023/6 |
Booktitle: | SAC 2023, 38th ACM/SIGAPP Symposium on Applied Computing. Proceedings |
Fulltext: | click here |
Abstract |
|
Continuous certification of cloud services requires a high degree of automation in collecting and evaluating evidences. Prior approaches to this topic are often specific to a cloud provider or a certain certification catalog. This makes it costly and complex to achieve conformance to multiple certification schemes and covering multi-cloud solutions. In this paper, we present a novel approach to continuous certification which is scheme- and vendor-independent. Leveraging an ontology of cloud resources and their security features, we generalize vendor- and scheme-specific terminology into a new model of so-called semantic evidence. In combination with generalized metrics that we elicited out of requirements from the EUCS and the CCMv4, we present a framework for the collection and assessment of such semantic evidence across multiple cloud providers. This allows to conduct continuous cloud certification while achieving re-usability of metrics and evidences in multiple certification schemes. The performance benchmark of the framework's prototype implementation shows that up to 200,000 evidences can be processed in less than a minute, making it suitable for short time intervals used in continuous certification. |
Bibtex:
@inproceedings {author = { Christian Banse and Immanuel Kunz and Nico Haas and Angelika Schneider},
title = { A Semantic Evidence-based Approach to Continuous Cloud Service Certification },
year = { 2023 },
month = { June },
booktitle = { SAC 2023, 38th ACM/SIGAPP Symposium on Applied Computing. Proceedings },
url = { https://doi.org/10.1145/3555776.3577600 },
}