TUM Logo

Predictive Cloud Compliance

Predictive Cloud Compliance

Supervisor(s): Philipp Stephanow
Status: open
Topic: Others
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching



Certification of cloud services aims at increasing the trust of customers and providing comparability between
cloud services. A cloud service’s attributes may change over time where the changes are hard to detect by a cu-
stomer. Thus it is necessary to continuously, i.e. automatically and repeatedly check if a cloud service satisfies
a set of customer requirements. 1 If the cloud service satisfies the requirements, then a report called certificate
is produced, stating compliance. At Fraunhofer AISEC, we develop test-based certification techniques which
support continuous validation of requirements related to security, availability, and reliability. 2
Yet current approaches to cloud compliance are limited to statements about the past, e.g. the TLS configuration
of a cloud service was correctly configured during the last month. The goal of this Master Thesis is to use the
test results produced by our tooling to make predictions about the compliance of the cloud service in the future.
To that end, properties of results produced by test-based certification techniques have to be investigated to
identify, adapt and apply suitable data analysis methods, e.g. applying machine learning methods in the context
of discrete sequences.

Task Description

    •    identification and analysis of cloud compliance prediction scenarios, e.g. predict the probability of the next test to fail, estimate the duration of non-compliance if a test failed etc.

    •    analysis (and possibly extension) of data structures of results produced by continuous test-based certifi-
cation techniques
    •    development of prediction methods using existing methods of data analysis and machine learning, e.g.
based on Hidden Markov model
    •    experimental evaluation of proposed approaches and discussion of boundaries


    •    (required) good general programming skills (python, shell scripts etc.), in particular in Java
    •    (required) familiarity with data analysis and machine learning methods
    •    (appreciated) initial experience with machine learning frameworks, e.g. scikit-learn, Weka etc.




Philipp Stephanow
Fraunhofer AISEC
E-Mail: philipp.stephanow@aisec.fraunhofer.de
Telefon: +49 89 322-9986-125