TUM Logo

A Semantic Evidence-based Approach to Continuous Cloud Service Certification

Continuous certification of cloud services requires a high degree of automation in collecting and evaluating evidences. Prior approaches to this topic are often specific to a cloud provider or a certain certification catalog. This makes it costly and complex to achieve conformance to multiple certification schemes and covering multi-cloud solutions. In this paper, we present a novel approach to continuous certification which is scheme- and vendor-independent. Leveraging an ontology of cloud resources and their security features, we generalize vendor- and scheme-specific terminology into a new model of so-called semantic evidence. In combination with generalized metrics that we elicited out of requirements from the EUCS and the CCMv4, we present a framework for the collection and assessment of such semantic evidence across multiple cloud providers. This allows to conduct continuous cloud certification while achieving re-usability of metrics and evidences in multiple certification schemes. The performance benchmark of the framework's prototype implementation shows that up to 200,000 evidences can be processed in less than a minute, making it suitable for short time intervals used in continuous certification.

A Semantic Evidence-based Approach to Continuous Cloud Service Certification

SAC 2023, 38th ACM/SIGAPP Symposium on Applied Computing. Proceedings

Authors: Christian Banse, Immanuel Kunz, Nico Haas, and Angelika Schneider
Year/month: 2023/6
Booktitle: SAC 2023, 38th ACM/SIGAPP Symposium on Applied Computing. Proceedings
Fulltext: click here

Abstract

Continuous certification of cloud services requires a high degree of automation in collecting and evaluating evidences. Prior approaches to this topic are often specific to a cloud provider or a certain certification catalog. This makes it costly and complex to achieve conformance to multiple certification schemes and covering multi-cloud solutions. In this paper, we present a novel approach to continuous certification which is scheme- and vendor-independent. Leveraging an ontology of cloud resources and their security features, we generalize vendor- and scheme-specific terminology into a new model of so-called semantic evidence. In combination with generalized metrics that we elicited out of requirements from the EUCS and the CCMv4, we present a framework for the collection and assessment of such semantic evidence across multiple cloud providers. This allows to conduct continuous cloud certification while achieving re-usability of metrics and evidences in multiple certification schemes. The performance benchmark of the framework's prototype implementation shows that up to 200,000 evidences can be processed in less than a minute, making it suitable for short time intervals used in continuous certification.

Bibtex:

@inproceedings {
author = { Christian Banse and Immanuel Kunz and Nico Haas and Angelika Schneider},
title = { A Semantic Evidence-based Approach to Continuous Cloud Service Certification },
year = { 2023 },
month = { June },
booktitle = { SAC 2023, 38th ACM/SIGAPP Symposium on Applied Computing. Proceedings },
url = { https://doi.org/10.1145/3555776.3577600 },

}