http://iet.metastore.ingenta.com
1887

Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems

Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems

For access to this article, please select a purchase option:

Buy eFirst article PDF
$19.95
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Software — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime.

References

    1. 1)
      • 1. Deloitte: ‘Measuring the economic impact of cloud computing in Europe, smart number: 2014/0031’, April 2016. Available at http://ec.europa.eu/newsroom/document.cfm?doc_id=41184, accessed 17 December 2018.
    2. 2)
      • 2. ETSI: ‘Interoperability and security in cloud computing, ETSI SR 003 391 v2.0.0’, 2015. Available at http://csc.etsi.org/resources/WP3-Report/STF486 WP3 Report-v2.0.0.pdf, accessed 17 December 2018.
    3. 3)
      • 3. MUSA project: Multi-cloud Secure Applications (2015–2017). Available at https://www.musa-project.eu, accessed 17 December 2018.
    4. 4)
      • 4. ENACT project: Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems (2018–2020). Available at http://www.enact-project.eu, accessed 17 December 2018.
    5. 5)
      • 5. Rios, E., Iturbe, E., Mallouli, W., et al: ‘Dynamic security assurance in multi-cloud DevOps’. 2017 IEEE Conf. on Communications and Network Security (CNS), October 2017, pp. 467475.
    6. 6)
      • 6. Rios, E., Rak, M., Iturbe, E., et al: ‘SLA-based continuous security assurance in multi-cloud DevOps’. CEUR Workshop Proc., Oslo, Norway, 2017. Available at http://ceur-ws.org/Vol-1977/, accessed 17 December 2018.
    7. 7)
      • 7. Casola, V., De Benedictis, A., Modic, J., et al: ‘Per-service security SLA: a new model for security management in clouds’. Proc. IEEE 25th Int. Conf. on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Paris, France, 2016, pp. 8388.
    8. 8)
      • 8. SPECS project: Secure Provisioning of Cloud Services based on SLA management (2013–2016). Available at http://www.specs-project.eu, accessed 17 December 2018.
    9. 9)
      • 9. SLA-READY project: Making Cloud SLAs readily usable in the EU private sector (2015–2016). Available at http://www.sla-ready.eu, accessed 17 December 2018.
    10. 10)
      • 10. SLALOM project: Service Level Agreement – Legal and Open Model (2015–2016). Available at http://www.slalom-project.eu/, accessed 17 December 2018.
    11. 11)
      • 11. Cloud Standards Customer Council, OMG: ‘Practical Guide to Cloud Service Agreements V2.0’. Available at https://www.omg.org/cloud/deliverables/practical-guide-to-cloud-service-agreements.htm, accessed 17 December 2018.
    12. 12)
      • 12. Casola, V., De Benedictis, A., Rak, M., et al: ‘Automatically enforcing security SLAs in the cloud’, IEEE Trans. Serv. Comput., 2016, 10, (5), pp. 741755.
    13. 13)
      • 13. National Institute of Standards and Technology (NIST): ‘Security and Privacy Controls for Information Systems and Organizations’. NIST SP-800–53, revison 5 Draft.
    14. 14)
      • 14. Cloud Control Matrix (CCM) Alliance, C.S.: Cloud security alliance, cloud controls matrix v3.0.1 (9–1-17 Update). Available at https://cloudsecurityalliance.org/group/cloud-controls-matrix/, accessed 17 December 2018.
    15. 15)
      • 15. Casola, V., Benedictis, A.D., Rak, M., et al: ‘A security metric catalogue for cloud applications’. Proc. Int. Conf. on Complex, Intelligent, and Software Intensive Systems (CISIS), Torino, Italy, July 2017, pp. 854863.
    16. 16)
      • 16. NIST Cloud Computing Program Information Technology Laboratory: ‘Cloud Computing Service Metrics Description NIST SP-500–307’, 2015.
    17. 17)
      • 17. Conley, E., Pocs, M.: ‘GDPR compliance challenges for interoperable health informaon exchanges (HIEs) and trustworthy research environments (TREs)’, Eur. J. Biomed. Inf., 2018, 14, (3), pp. 4861.
    18. 18)
      • 18. Ahmadian, A.S., Jürjens, J.: ‘Supporting model-based privacy analysis by exploiting privacy level agreements’. Proc. Int Conf. Cloud Computing Technology and Science (CloudCom), Luxembourg, 2016, pp. 360365.
    19. 19)
      • 19. Diamantopoulou, V., Pavlidis, M., Mouratidis, H.: ‘Privacy level agreements for public administration information systems’, 2017. Available at http://eprints.brighton.ac.uk/17145/, accessed 17 December 2018.
    20. 20)
      • 20. Cloud Security Alliance (CSA): ‘Code of Conduct for GDPR Compliance’. Available at https://gdpr.cloudsecurityalliance.org/wp-content/uploads/sites/2/2018/06/CSA-Code-of-Conduct-for-GDPR-Compliance.pdf, accessed 17 December 2018.
    21. 21)
      • 21. Liu, H., Bu, F., Cai, H.: ‘SLA-based service composition model with semantic support’. IEEE Asia-Pacific Proc. Services Computing Conf. (APSCC), Guilin, China, 2012, pp. 374379.
    22. 22)
      • 22. Zappatore, M., Longo, A., Bochicchio, M.A.: ‘SLA composition in service networks’. Proc. of the 30th Annual ACM Symp. on Applied Computing – SAC ‘15, Salamanca, Spain, 2015, pp. 12191224.
    23. 23)
      • 23. Rak, M.: ‘Security assurance of (multi-) cloud application with security SLA composition’. Proc. Int. Conf. on Green, Pervasive, and Cloud Computing, Cetara, Italy, 2017, pp. 786799.
    24. 24)
      • 24. Rios, E., Iturbe, E., Palacios, M.C.: ‘Self-healing multi-cloud application modelling’. Proc. Int. Conf. on Availability, Reliability and Security, Reggio Calabria, Italy, 2017(No. 93).
    25. 25)
      • 25. ‘How Visibility of the Attack Surface Minimizes Risk’. Available at https://www.sans.org/reading-room/whitepapers/cloud/visibility-attack-surface-minimizes-risk-38540, accessed 17 December 2018.
    26. 26)
      • 26. ‘OWASP Risk Rating Methodology’. Available at https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology, accessed 17 December 2018.
    27. 27)
      • 27. ‘The STRIDE Threat Model’. Available at https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx, accessed 17 Dec 2018.
    28. 28)
      • 28. Ripolles, O., Muntes, V., Matthews, P., et al: ‘Agile risk management for multi-cloud software development’, IET Softw., 2018, doi: 10.1049/iet-sen.2018.5295.
    29. 29)
      • 29. Baah, A.: ‘Agile quality assurance: deliver quality software-providing great business value’ (Book Baby, 2017).
    30. 30)
      • 30. Cloud Security Alliance: ‘Consensus Assessments Initiative Questionnaire v3.0.1’. Available at https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/, accessed 17 December 2018.
    31. 31)
      • 31. Dorfmann, M.S.: ‘Introduction to risk management and insurance’ (Prentice Hall, Upper Saddle River, NJ, 1997, 6th edn.).
    32. 32)
      • 32. Springer: ‘Digitalization Cases: How Organizations Rethink Their Business for the Digital Age’. Available at https://www.springer.com/us/book/9783319952727, accessed 17 December 2018.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-sen.2018.5293
Loading

Related content

content/journals/10.1049/iet-sen.2018.5293
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address