© The Institution of Engineering and Technology
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime.
References
-
-
1)
-
11. Cloud Standards Customer Council, OMG: .
-
2)
-
24. Rios, E., Iturbe, E., Palacios, M.C.: ‘Self-healing multi-cloud application modelling’. Proc. Int. Conf. on Availability, Reliability and Security, Reggio Calabria, Italy, 2017.
-
3)
-
19. Diamantopoulou, V., Pavlidis, M., Mouratidis, H.: , 2017. .
-
4)
-
21. Liu, H., Bu, F., Cai, H.: ‘SLA-based service composition model with semantic support’. IEEE Asia-Pacific Proc. Services Computing Conf. (APSCC), Guilin, China, 2012, pp. 374–379.
-
5)
-
6)
-
2. ETSI: , 2015. WP3 Report-v2.0.0.pdf, .
-
7)
-
20. Cloud Security Alliance (CSA): .
-
8)
-
31. Dorfmann, M.S.: ‘Introduction to risk management and insurance’ (Prentice Hall, Upper Saddle River, NJ, 1997, 6th edn.).
-
9)
-
7. Casola, V., De Benedictis, A., Modic, J., et al: ‘Per-service security SLA: a new model for security management in clouds’. Proc. IEEE 25th Int. Conf. on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Paris, France, 2016, pp. 83–88.
-
10)
-
11)
-
5. Rios, E., Iturbe, E., Mallouli, W., et al: ‘Dynamic security assurance in multi-cloud DevOps’. 2017 IEEE Conf. on Communications and Network Security (CNS), October 2017, pp. 467–475.
-
12)
-
17. Conley, E., Pocs, M.: ‘GDPR compliance challenges for interoperable health informaon exchanges (HIEs) and trustworthy research environments (TREs)’, Eur. J. Biomed. Inf., 2018, 14, (3), pp. 48–61.
-
13)
-
29. Baah, A.: ‘Agile quality assurance: deliver quality software-providing great business value’ (Book Baby, 2017).
-
14)
-
23. Rak, M.: ‘Security assurance of (multi-) cloud application with security SLA composition’. Proc. Int. Conf. on Green, Pervasive, and Cloud Computing, Cetara, Italy, 2017, pp. 786–799.
-
15)
-
16)
-
17)
-
28. Ripolles, O., Muntes, V., Matthews, P., et al: ‘Agile risk management for multi-cloud software development’, IET Softw., 2018, .
-
18)
-
19)
-
22. Zappatore, M., Longo, A., Bochicchio, M.A.: ‘SLA composition in service networks’. Proc. of the 30th Annual ACM Symp. on Applied Computing – SAC ‘15, Salamanca, Spain, 2015, pp. 1219–1224.
-
20)
-
21)
-
22)
-
23)
-
24)
-
13. National Institute of Standards and Technology (NIST): .
-
25)
-
6. Rios, E., Rak, M., Iturbe, E., et al: ‘SLA-based continuous security assurance in multi-cloud DevOps’. CEUR Workshop Proc., Oslo, Norway, 2017. .
-
26)
-
30. Cloud Security Alliance: .
-
27)
-
1. Deloitte: , April 2016. .
-
28)
-
15. Casola, V., Benedictis, A.D., Rak, M., et al: ‘A security metric catalogue for cloud applications’. Proc. Int. Conf. on Complex, Intelligent, and Software Intensive Systems (CISIS), Torino, Italy, July 2017, pp. 854–863.
-
29)
-
30)
-
16. NIST Cloud Computing Program Information Technology Laboratory: , 2015.
-
31)
-
18. Ahmadian, A.S., Jürjens, J.: ‘Supporting model-based privacy analysis by exploiting privacy level agreements’. Proc. Int Conf. Cloud Computing Technology and Science (CloudCom), Luxembourg, 2016, pp. 360–365.
-
32)
-
12. Casola, V., De Benedictis, A., Rak, M., et al: ‘Automatically enforcing security SLAs in the cloud’, IEEE Trans. Serv. Comput., 2016, 10, (5), pp. 741–755.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-sen.2018.5293
Related content
content/journals/10.1049/iet-sen.2018.5293
pub_keyword,iet_inspecKeyword,pub_concept
6
6