Abstract
Cloud service providers who offer services to their users traditionally signal security of their offerings through certifications based on various certification schemes. Currently, a vast number of schemes and standards exists on one side (cloud service certifications), while another large set of security requirements stemming from internal needs or laws and regulations stand on the other side (users of cloud services). Determining whether a service with an arbitrary certificate in one country fulfills requirements imposed by the user in another country is a difficult task and therefore a project (EU-SEC) was started focusing on allowing cross-border usage of cloud services. In this paper, we propose automated comparison of cloud service security certification schemes and, subsequently, security of cloud services certified using these schemes. In the presented method, we map requirements in schemes, standards, laws, and regulations into a proposed cloud service security ontology. Due to the free-form text nature of these items, we also describe a supporting method for semi-automated conversion of free text into this ontology using natural language processing. The requirements described in ontology format are then easily compared against each other. We also describe an implementation of a prototype system supporting the conversion and comparison with preliminary results on describing and comparing two well-known schemes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Example: “Prior to granting customers access to data, assets, and information systems, identified security, contractual, and regulatory requirements for customer access shall be addressed.” (AIS-02, CSA CCM v3.0.1).
- 2.
- 3.
- 4.
- 5.
(n 1).
- 6.
References
Androcec, D., Vrcek, N., Seva, J.: Cloud computing ontologies: a systematic review. In: MOPAS 2012: The Third International Conference on Models and Ontology-Based Design of Protocols, Architectures and Services Cloud. IARIA, pp. 9–14 (2012)
Singh, V., Pandey, S.K.: A comparative study of cloud security ontologies. In: Proceedings of 3rd International Conference on Reliability, Infocom Technologies and Optimization. IEEE (2014)
Zhang, M., Ranjan, R., Haller, A., et al.: An ontology-based system for cloud infrastructure services’ discovery. In: 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). IEEE, Pittsburgh, pp. 524–530 (2012)
Zhu, J.: Survey on ontology mapping. Phys. Procedia 24, 1857–1862 (2012). https://doi.org/10.1016/j.phpro.2012.02.273
Hooi, Y.K., Hassan, M.F., Shariff, A.M.: A survey on ontology mapping techniques. In: Jeong, H.Y., S. Obaidat, M., Yen, N.Y., Park, J.J.(Jong Hyuk) (eds.) Advances in Computer Science and its Applications. LNEE, vol. 279, pp. 829–836. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-41674-3_118
Pedrinaci, C., Cardoso, J., Leidig, T.: Linked USDL: a vocabulary for web-scale service trading. In: Presutti, V., d’Amato, C., Gandon, F., d’Aquin, M., Staab, S., Tordai, A. (eds.) ESWC 2014. LNCS, vol. 8465, pp. 68–82. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07443-6_6
Gonzalez, N., Miers, C., Redígolo, F., et al.: A quantitative analysis of current security concerns and solutions for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 1, 11 (2012). https://doi.org/10.1186/2192-113x-1-11
Veloudis, S., Paraskakis, I.: Ontological templates for modelling security policies in cloud environments. In: Proceedings of the 20th Pan-Hellenic Conference on Informatics - PCI 2016. ACM Press, New York (2016)
Garcia, J.M., Fernandez, P., Pedrinaci, C., et al.: Modeling service level agreements with linked USDL agreement. IEEE Trans. Serv. Comput. 10, 52–65 (2017). https://doi.org/10.1109/TSC.2016.2593925
Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cybersecurity in cloud computing. In: Proceedings of the 3rd International Conference on Security of Information and Networks - SIN 2010. ACM Press, New York, pp. 100–109 (2010)
Marcus, M.P., Marcinkiewicz, M.A., Santorini, B.: Building a large annotated corpus of English: the Penn treebank. Comput. Linguist. 19, 313–330 (1993)
Manning, C., Surdeanu, M., Bauer, J., et al.: The Stanford CoreNLP natural language processing toolkit. In: Proceedings of 52nd Annual Meeting of the Association for Computational Linguistics: System Demonstrations. Association for Computational Linguistics, Stroudsburg, pp. 55–60 (2014)
Acknowledgement
This work was partially supported by the project EU 731845 – EU-SEC.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Labaj, M., Rástočný, K., Chudá, D. (2019). Towards Automatic Comparison of Cloud Service Security Certifications. In: Catania, B., Královič, R., Nawrocki, J., Pighizzini, G. (eds) SOFSEM 2019: Theory and Practice of Computer Science. SOFSEM 2019. Lecture Notes in Computer Science(), vol 11376. Springer, Cham. https://doi.org/10.1007/978-3-030-10801-4_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-10801-4_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-10800-7
Online ISBN: 978-3-030-10801-4
eBook Packages: Computer ScienceComputer Science (R0)