Medina: Improving cloud services trustworthiness through continuous audit-based certification
| dc.conference.title | 1st SWForum Workshop on Trustworthy Software and Open Source, TSOS 2021, 23 March 2021 - 25 March 2021 | en |
| dc.contributor.author | Orue-Echevarria, Leire | |
| dc.contributor.author | Garcia, J.L. | |
| dc.contributor.author | Banse, C. | |
| dc.contributor.author | Alonso, Juncal | |
| dc.date.accessioned | 2021-06-23T08:37:30Z | |
| dc.date.available | 2021-06-23T08:37:30Z | |
| dc.date.issued | 2021-03 | |
| dc.description.abstract | One of the reasons of the still limited adoption of Cloud Computing in the EU is the EU customers' perceived lack of security and transparency in this technology. Cloud service providers (CSPs) usually rely on security certifications as a mean to improve transparency and trustworthiness, however European CSPs still face multiple challenges for certifying their services (e.g., fragmentation in the certification market, and lack of mutual recognition). In this context, the EU Cybersecurity Act (EU CSA) proposes improving customer's trust in the European ICT market through a European certification scheme (EUCS). The proposed cloud security certification scheme conveys new technological challenges including the notion of automated monitoring for the whole supply chain, which needs to be solved in order to bring all the expected benefits to EU cloud providers and customers. In this context, MEDINA proposes a framework for supporting a continuous audit-based certification for CSPs based on EU CSA's scheme for cloud security certification. MEDINA will tackle challenges in areas like security validation/ testing, machine-readable certification language, cloud security performance, and audit evidence management. MEDINA will provide and empirically validate sustainable outcomes in order to benefit EU adopters. | en |
| dc.description.sponsorship | This work has been partially funded by the European project MEDINA (Horizon 2020 research and innovation Programme, under grant agreement no 952633). | en |
| dc.division | ICT - European Software Institute | en |
| dc.identifier.issn | 1613-0073 | en |
| dc.identifier.uri | http://hdl.handle.net/11556/1154 | |
| dc.journal.title | CEUR Workshop Proceedings | en |
| dc.language.iso | eng | en |
| dc.page.final | 23 | en |
| dc.page.initial | 16 | en |
| dc.publisher | CEUR-WS | en |
| dc.relation.projectID | info:eu-repo/grantAgreement/EC/H2020/952633/EU/Security framework to achieve a continuous audit-based certificationn in compliance with the EU-wide cloud security certification scheme/MEDINA | en |
| dc.rights | Attribution 4.0 International | * |
| dc.rights.accessRights | open access | en |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | * |
| dc.subject.keywords | Cloud certification scheme | en |
| dc.subject.keywords | Cybersecurity Act | en |
| dc.subject.keywords | Continuous auditing | en |
| dc.subject.keywords | Continuous certification | en |
| dc.subject.keywords | Smart contracts | en |
| dc.subject.keywords | Certification language | en |
| dc.title | Medina: Improving cloud services trustworthiness through continuous audit-based certification | en |
| dc.type | conference output | en |
| dc.volume.number | 2878 | en |
Files
Original bundle
1 - 1 of 1