Christian Banse, Immanuel Kunz, Nico Haas, Angelika Schneider
{"title":"A Semantic Evidence-based Approach to Continuous Cloud Service Certification","authors":"Christian Banse, Immanuel Kunz, Nico Haas, Angelika Schneider","doi":"10.1145/3555776.3577600","DOIUrl":null,"url":null,"abstract":"Continuous certification of cloud services requires a high degree of automation in collecting and evaluating evidences. Prior approaches to this topic are often specific to a cloud provider or a certain certification catalog. This makes it costly and complex to achieve conformance to multiple certification schemes and covering multi-cloud solutions. In this paper, we present a novel approach to continuous certification which is scheme- and vendor-independent. Leveraging an ontology of cloud resources and their security features, we generalize vendor- and scheme-specific terminology into a new model of so-called semantic evidence. In combination with generalized metrics that we elicited out of requirements from the EUCS and the CCMv4, we present a framework for the collection and assessment of such semantic evidence across multiple cloud providers. This allows to conduct continuous cloud certification while achieving re-usability of metrics and evidences in multiple certification schemes. The performance benchmark of the framework's prototype implementation shows that up to 200,000 evidences can be processed in less than a minute, making it suitable for short time intervals used in continuous certification.","PeriodicalId":42971,"journal":{"name":"Applied Computing Review","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Computing Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3555776.3577600","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Continuous certification of cloud services requires a high degree of automation in collecting and evaluating evidences. Prior approaches to this topic are often specific to a cloud provider or a certain certification catalog. This makes it costly and complex to achieve conformance to multiple certification schemes and covering multi-cloud solutions. In this paper, we present a novel approach to continuous certification which is scheme- and vendor-independent. Leveraging an ontology of cloud resources and their security features, we generalize vendor- and scheme-specific terminology into a new model of so-called semantic evidence. In combination with generalized metrics that we elicited out of requirements from the EUCS and the CCMv4, we present a framework for the collection and assessment of such semantic evidence across multiple cloud providers. This allows to conduct continuous cloud certification while achieving re-usability of metrics and evidences in multiple certification schemes. The performance benchmark of the framework's prototype implementation shows that up to 200,000 evidences can be processed in less than a minute, making it suitable for short time intervals used in continuous certification.