Related Work

Lack of trust in cloud paradigm and technology is one of the main issues limiting their adoption in security- and privacy-critical domains. In the past, assurance tech-niques have been proposed for software/service systems to increase the confidence of users that such systems are behaving correctly and as expected. Developed techniques usually fall under three main classes, namely, audit, certification, and SLA.

Audit techniques are usually adopted to evaluate the properties of a system after its execution to identify unexpected behaviors. Several effort has been put on defin-ing audit solutions for the cloud both from a research and industrial point of view (e.g., [21–27]). Given their nature, audit techniques provide powerful approaches but cannot be applied for a priori, continuous, and incremental evaluation of cloud service properties. SLA techniques define the basis to establish agreements between service providers and users on the Quality of Service. Different approaches have been provided both for SOA and cloud such as [28–31]. SLA-based approaches are similar to certification schemes, though they do not provide verifiable evidence and are usually based on self-assessment. Today, this techniques are usually adopted by cloud service provider, though they do not contribute to increase the transparency of and trust in the cloud environment. Finally, certification schemes have been at the basis of software/service evaluation of non-functional properties since 1985 with the TCSEC standard in USA (aka Orange book) for security certification of software [32]. Following several national efforts, Common Criteria [33] is the first international standard for software certification and is today the most used certification approach. Software certification approaches, however, consider manual inspection, monolithic services, and static evaluation, making them not suitable for cloud-based and service-based environments. More recently, different approaches to certification of SOA and web service have been proposed (e.g., [17,34–36]) and some approaches to cloud certification discussed (e.g., [2,37–40]). Although they represent an important starting point for cloud certification, none of the above approaches provide a complete and semi-automatic certification framework for the cloud, which accomplishes the peculiarities of the cloud.

8.7 Conclusions

In this chapter, we have presented an overview of the CUMULUS framework and how it can be used to automate the process of certifying security properties of cloud services. The CUMULUS framework supports the automated and continuous certification of security properties of cloud services through different types of certification models. These models can be basic or advanced. The former include models using monitoring, test, and TC evidence, and the latter include models relying on multiple types of evidence (hybrid) as well as models supporting incremental certification.

The CUMULUS framework has been realized through a prototype whose architecture is described in the chapter and has been tested in a series of scenarios involving applications in the domains of eHealth and smart cities.

8.8 Review Questions

1. Which are the major artifacts driving a CUMULUS certification process?

2. Which are the key aspects enabling CUMULUS certification process automa-tion?

3. Which are the main elements underpinning any CUMULUS certification model?

4. Which are the main differences between basic certification models (monitoring-based, test-(monitoring-based, and TC-based certification models) in terms of evidence collection and life cycle?

5. Sketch multi-layer TC-based certification for the case of nested virtualization.

6. Discuss a use case of hybrid certification between test-based and monitoring-based certification models.

7. Which are the main differences between hybrid and incremental certification in terms of evidence collection, assurance, and trust?

Acknowledgements The work presented in this chapter has been partially funded by the EU FP7 project CUMULUS (grant no 318580).

References

1. Anisetti M, Ardagna CA, Damiani E (2015) A test-based incremental security certification scheme for cloud-based systems. In: Proceedings of the 12th IEEE international conference on services computing (SCC 2015), New York, June–July 2015

2. Anisetti M, Ardagna CA, Damiani E (2014) A certification-based trust model for autonomic cloud computing systems. In: Proceedings of the IEEE conference on cloud autonomic computing (CAC 2014), London, Sept 2014

3. CUMULUS Consortium (2015) Deliverable D5.3 – CUMULUS framework architecture v2.

Available athttp://www.cumulus-project.eu/index.php/public-deliverables

4. Harjani R, Arjona M, Espinar J, Maña A, Muñoz A, Koshutanski H (2014) An integrated framework for multi-layer certification-based assurance. In: Proceedings of the 8th layered assurance workshop (LAW 2014), New Orleans, Dec 2014

5. CUMULUS Consortium (2015) Deliverable D4.3 – CUMULUS-aware engineering process specification v2. Available athttp://www.cumulus-project.eu/index.php/public-deliverables 6. CUMULUS Consortium (2015) Deliverable D3.3 – certification mechanisms for

incremen-tal and hybrid certification. Available at http://www.cumulus-project.eu/index.php/public-deliverables

7. Trusted Computing Group, TPM main specification.http://www.trustedcomputinggroup.org/

resources/tpm_main_specification

8. CUMULUS Consortium (2015) Deliverable D2.4 – final CUMULUS certification models.

Available athttp://www.cumulus-project.eu/index.php/public-deliverables

9. CUMULUS Consortium (2013) Deliverable D2.1 – security-aware SLA specification language and cloud security dependency model. Available athttp://www.cumulus-project.eu/index.php/

public-deliverables

10. Spanoudakis G, Kloukinas C, Mahbub K (2009) The serenity runtime monitoring framework.

In: Spanoudakis G, Kokolakis S (eds) Security and dependability for ambient intelligence.

Springer, New York/US, pp 213–237

11. Shanahan M The event calculus explained (1999) In: Wooldridge MJ, Veloso M (eds) Artificial intelligence today. Springer, Berlin Heidelberg, Germany, pp 409–430

12. Krotsiani M, Spanoudakis G, Mahbub K (2013) Incremental certification of cloud services. In:

Proceedings of the 7th international conference on emerging security information, systems and technologies (SECURWARE-2013), Barcelona, Aug 2013

13. Krotsiani M, Spanoudakis G (2014) Continuous certification of non-repudiation in cloud storage services. In: Proceedings of the 4th IEEE international symposium on trust and security in cloud computing (IEEE TSCloud 2014), Beijing, Sept 2014

14. Irvine C, Levin T (1999) Toward a taxonomy and costing method for security services. In:

Proceedings of the 15th annual conference on computer security applications (ACSAC 1999), Phoenix, Dec 1999

15. Chung L, Nixon BA (1995) Dealing with non-functional requirements: three experimental studies of a process-oriented approach. In: Proceedings of the 17th international conference on software engineering (ICSE 1995), Seattle, Apr 1995

16. Chung L, Leite JCP (2009) Conceptual modeling: foundations and applications. chapter on non-functional requirements in software engineering. Springer, Berlin/Heidelberg, pp 363–379 17. Anisetti M, Ardagna CA, Damiani E, Saonara F (2013) A test-based security certification

scheme for web services. ACM Trans Web (TWEB) 7(2):1–41

18. Trusted Computing Group (2011) Virtualized trusted platform architecture specification, Sept 2011. http://www.trustedcomputinggroup.org/resources/virtualized_trusted_platform_

architecture_specification

19. Katopodis S, Spanoudakis G, Mahbub K (2014) Towards hybrid cloud service certification models. In: Proceedings of the IEEE international conference on services computing (SCC 2014), Anchorage, June–July 2014

20. Anisetti M, Ardagna CA, Damiani E (2013) Security certification of composite services: a test-based approach. In: Proceedings of the 20th IEEE international conference on Web services (ICWS 2013), San Francisco, June–July 2013

21. Pearson S (2011) Toward accountability in the cloud. IEEE Internet Comput 15(4):64–69 22. Rasheed H (2013) Data and infrastructure security auditing in cloud computing environments.

Int J Inf Manag 34(3):364–368

23. Doelitzscher F, Reich C, Knahl M, Passfall A, Clarke N (2012) An agent based business aware incident detection system for cloud environments. J Cloud Comput 1(1):1–19

24. Rajkumar MN, Kumar VV, Sivaramakrishnan R (2013) Efficient integrity auditing services for cloud computing using raptor codes. In: Proceedings of the ACM international conference on research in adaptive and convergent systems (RACS 2013), Montreal, Oct 2013

25. Yang K, Jia X (2013) An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Trans Parallel Distrib Syst 24(9):1717–1726

26. Wang B, Li B, Li H (2014) Oruta: privacy-preserving public auditing for shared data in the cloud. IEEE Trans Cloud Comput 2(1):43–56

27. CSA (2014) CloudAudit: automated audit, assertion, assessment, and assurance. https://

cloudsecurityalliance.org/research/cloudaudit/

28. Wieder P, Butler JM, Theilmann W, Yahyapour R (2011) Service level agreements for cloud computing. Springer, Dortmund, Germany

29. Ye L, Zhang H, Shi J, Du X (2012) Verifying cloud service level agreement. In: Proceedings of IEEE GLOBECOM 2012, Anaheim, Dec 2012

30. Casalicchio E, Silvestri L (2013) Mechanisms for sla provisioning in cloud-based service providers. Comput Netw 57(3):795–810

31. Marinescu DC, Paya A, Morrison JP, Healy PD (2013) An auction-driven self-organizing cloud delivery model. CoRR, abs/1312.2998

32. USA Department of Defence (1985) Department Of defense trusted computer system evalua-tion criteria, Dec 1985

33. Herrmann DS (2002) Using the common criteria for IT security evaluation. Auerbach publications/CRC press, London

34. Kourtesis D, Ramollari E, Dranidis D, Paraskakis I (2010) Increased reliability in SOA environments through registry-based conformance testing of web services. Prod Plan Control 21(2):130–144

35. Ryu SH, Casati F, Skogsrud H, Betanallah B, Saint-Paul R (2008) Supporting the dynamic evolution of Web service protocols in service-oriented architectures. ACM Trans Web 2(2):13:1–13:46

36. Papazoglou MP, Andrikopoulos V, Benbernou S (2011) Managing evolving services. IEEE Softw 28(3):49–55

37. Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities.

IEEE Secur Priv 9(2):50–57

38. Sunyaev A, Schneider S (2013) Cloud services certification. Commun ACM 56(2):33–36 39. Khan KM, Malluhi Q (2010) Establishing trust in cloud computing. IT Prof 12(5):20–27 40. Bertholon B, Varrette S, Bouvry P (2011) Certicloud: a novel tpm-based approach to ensure

cloud iaas security. In: Proceedings of the 4th IEEE international conference on cloud computing (CLOUD 2011), Washington, July 2011

Marco Anisetti is an Assistant Professor at the Università degli Studi di Milano. He received the PhD degree in computer science from the Università degli Studi di Milano in 2009. His research interests are in the area of Computational Intelligence and its application to the design of complex systems and services. Recently, he has been investigating the adoption of Computational Intelligence techniques in the area of security mechanisms for distributed systems, with particular consideration of Cloud and SOA security and software/service certification. The URL for his web page ishttp://www.di.unimi.it/anisetti.

Claudio A. Ardagna is an Associate Professor at the Dipartimento di Informatica, Università degli Studi di Milano, Italy. His research interests are in the area of cloud security and certification.

He is the recipient of the ERCIM STM WG 2009 Award for the Best PhD Thesis on Security and Trust Management. He has co-authored the Springer book “Open Source Systems Security Certification.” He has been a Visiting Researcher at George Mason University (2008–2010) and EBTIC-Khalifa University (2014). The URL for his web page ishttp://www.di.unimi.it/ardagna.

Ernesto Damiani is a Full Professor at Università di Milano, the director of the Università degli Studi di Milano’s PhD program in computer science, and the leader of the Big Data Initiative at the Etisalat British Telecom Innovation Center in Abu Dhabi, UAE. He was a recipient of the Chester-Sall Award from the IEEE IES Society (2007). He is a senior member of the IEEE, was named ACM Distinguished Scientist (2008), and received the IFIP TC2 Outstanding Contributions Award (2012). He is the Vice-Chair of the IEEE Technical Committee on Industrial Informatics. The URL for his web page ishttp://www.di.unimi.it/damiani.

Antonio Maña received his PhD degree in Computer Engineering from the University of Malaga, where he is currently an Associate Professor of Software Engineering in the Computer Science Department. His current research activities include security and software engineering, information and network security, ubiquitous computing and ambient intelligence, application of smart cards to digital content commerce, software protection, DRM, and mobile applications. The URL for his web page ishttp://www.lcc.uma.es/~amg/eng/.

George Spanoudakis is a Professor of Computer Science at City University London and member of the Council of the University of Piraeus in Greece. His research focuses on cloud computing and software systems security. In these areas, he has published extensively and attracted significant research funding from the EU, national research councils and directly by the industry. Currently, he is the technical coordinator of the F7 EU project CUMULUS (2012–15). He served in the program and organization committees of several international conferences and workshops and the editorial boards of several journals. The URL for his web page ishttp://www.city.ac.uk/people/academics/

george-spanoudakis.

Luca Pino is a senior software engineer and research assistant at City University London. He is working in the EU FP7 project CUMULUS, developing automated security certification processes for clouds, and in the EU project EMBalance, developing a decision support system to help physicians in the diagnostic evaluation of balance disorders. His research interests are in the area of cloud and web service security and assurance.

Hristo Koshutanski is a postdoctoral fellow in Proteus Research Lab at the University of Malaga.

He received his PhD degree from the University of Trento in 2005 and held a postdoctoral research fellowship Marie Curie EIF for 2007–2009. His research interests are in the areas of security architectures for distributed, federated and cloud-based systems, security assurance, certification and digital security certificates of cloud and Web services, and identity management in federated systems. The URL for his web page ishttp://www.koshutanski.net.