TUM Logo

Distributed Configuration API for dynamic certification of Cloud services

Cloud Services attract customers with their numerous financial and technical benefits. However security, privacy issues and lack of transparency let customers be uncertain about adopting cloud service solutions.For this reason, cloud service providers are encouraged to use a certification process. Security and quality properties of cloud services are assessed by an independent party. A certificate is produced when the customer’s set of requirements is fulfilled by the cloud service. Nowadays, certification processes are convenient for static services that don’t experience changes. Unfortunately these certification processes are not appropriate for cloud services because of their frequent changes such as configurations, patches, or geographic locations. Therefore, a dynamic certification is needed for cloud services where requirements are continuously assessed. Usually an auditor is part of an indepedent party and is a non programmer. He does not know how to concretely configure and implement audit methods which can assess requirements. Consequently, an auditor is not able to audit requirements referring to a cloud service. An approach should be found for an auditor to express requirements in a high level of abstraction and thereby configure the audit methods.In this thesis, a distributed configuration API for dynamic certification of cloud services is defined. In order for an auditor to configure the audit methods, its high-level expressions should be translated to the concrete configuration of audit methods.On the one hand, a distributed configuration API infers a distributed assembly process where several actors work together with the auditor to enable configurations of audit methods. On the other hand, distributed systems are involved in the certification pro- cess, such as the system which implements the audit methods called demonstrator and the system which the auditor is directly using to audit the methods. The configuration API indicates the distributed deployment of the concrete configuration generated from the system used by the auditor to the demonstrator.

Distributed Configuration API for dynamic certification of Cloud services

Supervisor(s): Philipp Stephanow
Status: finished
Topic: Others
Author: Victoria Simon
Submission: 2016-08-16
Type of Thesis: Bachelorthesis
Proof of Concept No
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Astract:

Cloud Services attract customers with their numerous financial and technical benefits. However security, privacy issues and lack of transparency let customers be uncertain about adopting cloud service solutions.For this reason, cloud service providers are encouraged to use a certification process. Security and quality properties of cloud services are assessed by an independent party. A certificate is produced when the customer’s set of requirements is fulfilled by the cloud service. Nowadays, certification processes are convenient for static services that don’t experience changes. Unfortunately these certification processes are not appropriate for cloud services because of their frequent changes such as configurations, patches, or geographic locations. Therefore, a dynamic certification is needed for cloud services where requirements are continuously assessed. Usually an auditor is part of an indepedent party and is a non programmer. He does not know how to concretely configure and implement audit methods which can assess requirements. Consequently, an auditor is not able to audit requirements referring to a cloud service. An approach should be found for an auditor to express requirements in a high level of abstraction and thereby configure the audit methods.In this thesis, a distributed configuration API for dynamic certification of cloud services is defined. In order for an auditor to configure the audit methods, its high-level expressions should be translated to the concrete configuration of audit methods.On the one hand, a distributed configuration API infers a distributed assembly process where several actors work together with the auditor to enable configurations of audit methods. On the other hand, distributed systems are involved in the certification pro- cess, such as the system which implements the audit methods called demonstrator and the system which the auditor is directly using to audit the methods. The configuration API indicates the distributed deployment of the concrete configuration generated from the system used by the auditor to the demonstrator.