Supporting the Security Certification of Cloud-Computing-Infrastructures

Amir Shayan Ahmadian, Fabian Coerschulte, Jan Jürjens

Abstract

Outsourcing services into the cloud is a worthwhile alternative to classic service models from both a customers and providers point of view. Therefore many new cloud providers surface, offering their cloud solutions. The trust and acceptance for cloud solutions are however still not given for many customers since a lot of security incidents related to cloud computing were reported. One possibility for companies to raise the trust in the own products is to gain a certification for them based on ISO27001. The certification is however a large hurdle, especially for small and medium enterprises since they lack resources and know-how. In this paper we present an overview of the ClouDAT framework. It represents a tool based approach to help in the certification process for cloud services specifically tailored to SMEs.

References

  1. Alebrahim, A., Hatebur, D., and Goeke, L. (2014). Patternbased and ISO 27001 compliant risk analysis for cloud systems. In Evolving Security and Privacy Requirements Engineering (ESPRE), 2014 IEEE 1st Workshop on, pages 42-47.
  2. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., Lee, G., Patterson, D. A., Rabkin, A., Stoica, I., and Zaharia, M. (2009). Above the clouds: A berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley.
  3. Beckers, K., Schmidt, H., Kuster, J., and Fassbender, S. (2011). Pattern-Based Support for Context Establishment and Asset Identification of the ISO 27000 in the Field of Cloud Computing. In Availability, Reliability and Security (ARES), 2011 Sixth International Conference on, pages 327-333.
  4. CARiSMA (2015). Carisma framework. https://wwwsecse.cs.tu-dortmund.de/carisma/.
  5. Cloud Security Alliance (2011). Security guidance for critical areas of focus in cloud computing v3.0. https://downloads.cloudsecurityalliance.org/ initiatives/guidance/csaguide.v3.0.pdf.
  6. Jü rjens, J. (2000). Secure information flow for concurrent processes. In 11th International Conference on Concurrency Theory (CONCUR 2000), volume 1877 of Lecture Notes in Computer Science, pages 395-409. Springer Verlag.
  7. Jü rjens, J. (2001). Modelling audit security for smart-card payment schemes with UMLsec. In 16th International Conference on Information Security (IFIPSEC”01), pages 93-108. IFIP, Kluwer.
  8. Jü rjens, J. (2005a). Secure Systems Development with UML. Springer. Chinese translation: Tsinghua University Press, Beijing 2009.
  9. Jü rjens, J. (2005b). Verification of low-level cryptoprotocol implementations using automated theorem proving. In 3rd ACM & IEEE International Conference on Formal Methods and Models for Co-Design (MEMOCODE 2005), pages 89-98. Institute of Electrical and Electronics Engineers.
  10. Jü rjens, J. and Wimmel, G. (2001a). Formally testing failsafety of electronic purse protocols. In 16th International Conference on Automated Software Engineering (ASE 2001), pages 408-411. IEEE.
  11. Jü rjens, J. and Wimmel, G. (2001b). Security modelling for electronic commerce: The Common Electronic Purse Specifications. In First IFIP Conference on e-Commerce, e-Business, and e-Government (I3E), pages 489-505. Kluwer.
  12. National Institute for Standards and Technology (2011). The NIST Definition of Cloud Computing. Technical report, Special Publication 800-145 of the National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications/nistpubs/800- 145/SP800-145.pdf.
  13. Nist and Aroms, E. (2012). NIST Special Publication 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations. CreateSpace, Paramount, CA. http://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-53r4.pdf.
  14. Ratiu, D., Feilkas, M., and Jürjens, J. (2008). Extracting domain ontologies from domain specific apis. In 12th European Conference on Software Maintenance and Reengineering (CSMR 08), pages 203-212. IEEE.
Download


Paper Citation


in Harvard Style

Ahmadian A., Coerschulte F. and Jürjens J. (2015). Supporting the Security Certification of Cloud-Computing-Infrastructures . In Proceedings of the Fifth International Symposium on Business Modeling and Software Design - Volume 1: BMSD, ISBN 978-989-758-111-3, pages 65-74. DOI: 10.5220/0005885600650074


in Bibtex Style

@conference{bmsd15,
author={Amir Shayan Ahmadian and Fabian Coerschulte and Jan Jürjens},
title={Supporting the Security Certification of Cloud-Computing-Infrastructures},
booktitle={Proceedings of the Fifth International Symposium on Business Modeling and Software Design - Volume 1: BMSD,},
year={2015},
pages={65-74},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005885600650074},
isbn={978-989-758-111-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Fifth International Symposium on Business Modeling and Software Design - Volume 1: BMSD,
TI - Supporting the Security Certification of Cloud-Computing-Infrastructures
SN - 978-989-758-111-3
AU - Ahmadian A.
AU - Coerschulte F.
AU - Jürjens J.
PY - 2015
SP - 65
EP - 74
DO - 10.5220/0005885600650074