This chapter presents a certification-based assurance solution for the cloud, which has been developed as part of the FP7 EU Project CUMULUS. It provides an overview of the CUMULUS certification models, which are at the basis of the certification processes implemented and managed by the CUMULUS certification framework. Certification models drive the collection of evidence used by the framework to assess whether the system under certification supports required security properties, and generate and manage certificates proving compliance to such properties (certification process). Collected evidence can be of different types (i.e., test-based, monitoring-based, and trusted computing-based evidence) and addresses the peculiarities of cloud environments. The framework also supports continuous and incremental evaluation of services in the production cloud.
Security certification for the Cloud: the CUMULUS approach / M. Anisetti, C.A. Ardagna, E. Damiani, A. Maña, G. Spanoudakis, L. Pino, H. Koshutanski (COMPUTER COMMUNICATIONS AND NETWORKS). - In: Guide to security assurance for Cloud computing / [a cura di] S.Y. Zhu, R. Hill, M. Trovati. - [s.l] : Springer International Publishing, 2015. - ISBN 9783319259864. - pp. 111-137 [10.1007/978-3-319-25988-8_8]
Security certification for the Cloud: the CUMULUS approach
M. AnisettiPrimo
;C.A. ArdagnaSecondo
;E. Damiani;
2015
Abstract
This chapter presents a certification-based assurance solution for the cloud, which has been developed as part of the FP7 EU Project CUMULUS. It provides an overview of the CUMULUS certification models, which are at the basis of the certification processes implemented and managed by the CUMULUS certification framework. Certification models drive the collection of evidence used by the framework to assess whether the system under certification supports required security properties, and generate and manage certificates proving compliance to such properties (certification process). Collected evidence can be of different types (i.e., test-based, monitoring-based, and trusted computing-based evidence) and addresses the peculiarities of cloud environments. The framework also supports continuous and incremental evaluation of services in the production cloud.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.