research-article

Dynamic Certification of Cloud Services: Trust, but Verify!

Authors:

Sebastian Lins,

Pascal Grochol,

Stephan Schneider,

Ali SunyaevAuthors Info & Claims

IEEE Security & Privacy, Volume 14, Issue 2

Pages 66 - 71

https://doi.org/10.1109/MSP.2016.26

Published: 01 March 2016 Publication History

Abstract

Although intended to ensure cloud service providers' security, reliability, and legal compliance, current cloud service certifications are quickly outdated. Dynamic certification, on the other hand, provides automated monitoring and auditing to verify cloud service providers' ongoing adherence to certification requirements.

References

[1]

“Apple Media Advisory: Update to Celebrity Photo Investigation,” Apple Inc., Sept. 2014; www.apple.com/pr/Iibrary/2014/09/02Apple-Media-Advisory.html.

Google Scholar

[2]

A. Sunyaev and S. Schneider, “Cloud Services Certification,” Comm. ACM, vol. 56, no. 2, 2013, pp. 33–36.

Digital Library

Google Scholar

[3]

S. Lins et al., “What Is Really Going on at Your Cloud Service Provider? Creating Trustworthy Certifications by Continuous Auditing,” in Proc. 48th Hawaii Int'l Conf. System Science (HICSS 15), 2015, pp. 5352–5361.

Google Scholar

[4]

P. Stephanow and N. Fallenbeck, “Towards Continuous Certification of Infrastructure-as-a-Service Using Low-Level Metrics,” in Proc. 12th IEEE Int'l Conf. Advanced and Trusted Computing (ATC 15), 2015; www.ngcert.de/wp-content/uploads/2015/07/Towards-continuous-certification-of-Infrastructure-as-a-Service-using-low-level-metrics.pdf

Google Scholar

[5]

I. Windhorst and A. Sunyaev, “Dynamic Certification of Cloud Services,” in Proc. 8th Int'l Conf. Availability, Reliability and Security (ARES 13), 2013, pp. 412–417.

Google Scholar

[6]

F. Doelitzscher et al., “Validating Cloud Infrastructure Changes by Cloud Audits,” in Proc. IEEE World Congress on Services (SERVICES 12), 2012, pp. 377–384.

Google Scholar

[7]

B. Wang, B. Li, and H. Li, “Oruta: Privacy-Preserving Public Auditing for Shared Data in the Cloud,” IEEE Trans. Cloud Computing, vol. 2, no. 1, 2014, pp. 43–56.

Crossref

Google Scholar

[8]

C.E. Brown, J.A. Wong, and A.A. Baldwin, “A Review and Analysis of the Existing Research Streams in Continuous Auditing,” J. Emerging Technologies in Accounting, vol. 4, no. 1, 2007, pp. 1–28.

Crossref

Google Scholar

[9]

R.K.L. Ko et al., “TrustCloud: A Framework for Accountability and Trust in Cloud Computing,” in Proc. IEEE World Congress on Services (SERVICES 11), 2011, pp. 584–588.

Google Scholar

[10]

“Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations,” Nat'l Inst. Standards and Technology, Sept. 2011; http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf.

Google Scholar

[11]

S. Zawoad, A.K. Dutta, and R. Hasan, “SecLaaS: Secure Logging-as-a-Service for Cloud Forensics,” in Proc. 8th ACM SIGSAC Symp. Information, Computer and Communications Security (ASIA CCS 13), 2013, pp. 219–230.

Digital Library

Google Scholar

[12]

S. Lins et al., “Trust Is Good, Control is Better: Creating Secure Clouds by Continuous Auditing,” to be published in IEEE Trans. Cloud Computing, 2016.

Google Scholar

Cited By

View all

Lins SBecker JLyytinen KSunyaev A(2023)A Design Theory for Certification PresentationsACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/3614178.361418354:3(75-118)Online publication date: 4-Aug-2023
https://dl.acm.org/doi/10.1145/3614178.3614183
Sharma TWang TDi Giulio CBashir M(2020)Towards Inclusive Privacy Protections in the CloudApplied Cryptography and Network Security Workshops10.1007/978-3-030-61638-0_19(337-359)Online publication date: 19-Oct-2020
https://dl.acm.org/doi/10.1007/978-3-030-61638-0_19
Mahmud KUsman M(2019)Trust Establishment and Estimation in Cloud ServicesJournal of Network and Systems Management10.1007/s10922-018-9475-y27:2(489-540)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1007/s10922-018-9475-y
Show More Cited By

Index Terms

Dynamic Certification of Cloud Services: Trust, but Verify!

Index terms have been assigned to the content through auto-classification.

Recommendations

Dynamic Certification of Cloud Services
ARES '13: Proceedings of the 2013 International Conference on Availability, Reliability and Security

Cloud computing introduces several characteristics that challenge the effectiveness of current certification approaches. Particularly, the on-demand, automated, location-independent, elastic, and multi-tenant nature of cloud computing systems is in ...
CCNP BCMSN Exam Certification Guide (3rd Edition) (Exam Certification Guide)
CCSP SNPA Official Exam Certification Guide (3rd Edition) (Exam Certification Guide)

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

IEEE Security and Privacy Volume 14, Issue 2

Mar.-Apr. 2016

86 pages

ISSN:1540-7993

Issue’s Table of Contents

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 March 2016

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lins SBecker JLyytinen KSunyaev A(2023)A Design Theory for Certification PresentationsACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/3614178.361418354:3(75-118)Online publication date: 4-Aug-2023
https://dl.acm.org/doi/10.1145/3614178.3614183
Sharma TWang TDi Giulio CBashir M(2020)Towards Inclusive Privacy Protections in the CloudApplied Cryptography and Network Security Workshops10.1007/978-3-030-61638-0_19(337-359)Online publication date: 19-Oct-2020
https://dl.acm.org/doi/10.1007/978-3-030-61638-0_19
Mahmud KUsman M(2019)Trust Establishment and Estimation in Cloud ServicesJournal of Network and Systems Management10.1007/s10922-018-9475-y27:2(489-540)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1007/s10922-018-9475-y
Pape SStankovic J(2019)An Insight into Decisive Factors in Cloud Provider Selection with a Focus on SecurityComputer Security10.1007/978-3-030-42048-2_19(287-306)Online publication date: 26-Sep-2019
https://dl.acm.org/doi/10.1007/978-3-030-42048-2_19
Anisetti MArdagna CDamiani EPolegri G(2018)Test-Based Security Certification of Composite ServicesACM Transactions on the Web10.1145/326746813:1(1-43)Online publication date: 4-Dec-2018
https://dl.acm.org/doi/10.1145/3267468
Anisetti MArdagna CDamiani EEl Ioini NGaudenzi F(2018)Modeling time, probability, and configuration constraints for continuous cloud service certificationComputers and Security10.1016/j.cose.2017.09.01272:C(234-254)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1016/j.cose.2017.09.012
Liu DShen JChen YWang CZhou TWang A(2018)Privacy-Preserving Data Outsourcing with Integrity Auditing for Lightweight Devices in Cloud Computing Information Security and Cryptology10.1007/978-3-030-14234-6_12(223-239)Online publication date: 14-Dec-2018
https://dl.acm.org/doi/10.1007/978-3-030-14234-6_12

Abstract

References

Cited By

Index Terms

Recommendations