Christian Banse, Immanuel Kunz, Nico Haas, Angelika Schneider
{"title":"基于语义证据的持续云服务认证方法","authors":"Christian Banse, Immanuel Kunz, Nico Haas, Angelika Schneider","doi":"10.1145/3555776.3577600","DOIUrl":null,"url":null,"abstract":"Continuous certification of cloud services requires a high degree of automation in collecting and evaluating evidences. Prior approaches to this topic are often specific to a cloud provider or a certain certification catalog. This makes it costly and complex to achieve conformance to multiple certification schemes and covering multi-cloud solutions. In this paper, we present a novel approach to continuous certification which is scheme- and vendor-independent. Leveraging an ontology of cloud resources and their security features, we generalize vendor- and scheme-specific terminology into a new model of so-called semantic evidence. In combination with generalized metrics that we elicited out of requirements from the EUCS and the CCMv4, we present a framework for the collection and assessment of such semantic evidence across multiple cloud providers. This allows to conduct continuous cloud certification while achieving re-usability of metrics and evidences in multiple certification schemes. The performance benchmark of the framework's prototype implementation shows that up to 200,000 evidences can be processed in less than a minute, making it suitable for short time intervals used in continuous certification.","PeriodicalId":42971,"journal":{"name":"Applied Computing Review","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Semantic Evidence-based Approach to Continuous Cloud Service Certification\",\"authors\":\"Christian Banse, Immanuel Kunz, Nico Haas, Angelika Schneider\",\"doi\":\"10.1145/3555776.3577600\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Continuous certification of cloud services requires a high degree of automation in collecting and evaluating evidences. Prior approaches to this topic are often specific to a cloud provider or a certain certification catalog. This makes it costly and complex to achieve conformance to multiple certification schemes and covering multi-cloud solutions. In this paper, we present a novel approach to continuous certification which is scheme- and vendor-independent. Leveraging an ontology of cloud resources and their security features, we generalize vendor- and scheme-specific terminology into a new model of so-called semantic evidence. In combination with generalized metrics that we elicited out of requirements from the EUCS and the CCMv4, we present a framework for the collection and assessment of such semantic evidence across multiple cloud providers. This allows to conduct continuous cloud certification while achieving re-usability of metrics and evidences in multiple certification schemes. The performance benchmark of the framework's prototype implementation shows that up to 200,000 evidences can be processed in less than a minute, making it suitable for short time intervals used in continuous certification.\",\"PeriodicalId\":42971,\"journal\":{\"name\":\"Applied Computing Review\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.4000,\"publicationDate\":\"2023-03-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Applied Computing Review\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3555776.3577600\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Computing Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3555776.3577600","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A Semantic Evidence-based Approach to Continuous Cloud Service Certification
Continuous certification of cloud services requires a high degree of automation in collecting and evaluating evidences. Prior approaches to this topic are often specific to a cloud provider or a certain certification catalog. This makes it costly and complex to achieve conformance to multiple certification schemes and covering multi-cloud solutions. In this paper, we present a novel approach to continuous certification which is scheme- and vendor-independent. Leveraging an ontology of cloud resources and their security features, we generalize vendor- and scheme-specific terminology into a new model of so-called semantic evidence. In combination with generalized metrics that we elicited out of requirements from the EUCS and the CCMv4, we present a framework for the collection and assessment of such semantic evidence across multiple cloud providers. This allows to conduct continuous cloud certification while achieving re-usability of metrics and evidences in multiple certification schemes. The performance benchmark of the framework's prototype implementation shows that up to 200,000 evidences can be processed in less than a minute, making it suitable for short time intervals used in continuous certification.