Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems

IET Software

Volumn 13, Issue 3, 2019, Pages 213-222

  Rios, Erkuden ^a   Iturbe, Eider ^a   Larrucea, Xabier ^a   Rak, Massimiliano ^b   Mallouli, Wissam ^c   Dominiak, Jacek ^d   Muntés, Victor ^d   Matthews, Peter ^d   Gonzalez, Luis ^e  

^a TECNALIA RESEARCH AND INNOVATION   (Spain)

^b SECOND UNIVERSITY OF NAPLES   (Italy)

^c Montimage   (France)

^d Sterling Software   (United States)

^e TAMPERE UNIVERSITY OF TECHNOLOGY   (Finland)

Author keywords

[No Author keywords available]

Indexed keywords

LAWS AND LEGISLATION; QUALITY OF SERVICE; SECURITY OF DATA;

CONTINUOUS MONITORING; ENFORCEMENT AUTHORITIES; EVIDENCE COLLECTION; GENERAL DATA PROTECTION REGULATIONS; PRIVACY AND SECURITY; SECURITY ASSURANCE; SERVICE LEVEL AGREEMENTS; SYSTEM SERVICE LEVEL;

COMPLIANCE CONTROL;

EID: 85067495330     PISSN: 17518806     EISSN: None     Source Type: Journal    
DOI: 10.1049/iet-sen.2018.5293     Document Type: Article

References (32)

1. Deloitte: 'Measuring the economic impact of cloud computing in Europe, smart number: 2014/0031', April 2016. Available at http://ec.europa.eu/newsroom/document.cfm?doc-id=41184, accessed 17 December 2018
2. ETSI: 'Interoperability and security in cloud computing, ETSI SR 003 391 v2.0.0', 2015. Available at http://csc.etsi.org/resources/WP3-Report/STF486 WP3 Report-v2.0.0.pdf,. accessed 17 December 2018
3. MUSA project: Multi-cloud Secure Applications (2015-2017). Available at https://www.musa-project.eu, accessed 17 December 2018
4. ENACT project: Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems (2018-2020). Available at http://www.enact-project.eu, accessed 17 December 2018
5. Rios E. Iturbe E. Mallouli W.: 'Dynamic security assurance in multi-cloud DevOps. '. 2017 IEEE Conf. on Communications and Network Security (CNS), October 2017, pp. 467-475
6. Rios E. Rak M. Iturbe E.: 'SLA-based continuous security assurance in multi-cloud DevOps. '. CEUR Workshop Proc., Oslo, Norway, 2017. Available at http://ceur-ws.org/Vol-1977/, accessed 17 December 2018
7. Casola V. De Benedictis A. Modic J.: 'Per-service security SLA: a new model for security management in clouds. '. Proc. IEEE 25th Int. Conf. on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Paris, France, 2016, pp. 83-88
8. SPECS project: Secure Provisioning of Cloud Services based on SLA management (2013-2016). Available at http://www.specs-project.eu, accessed 17 December 2018
9. SLA-READY project: Making Cloud SLAs readily usable in the EU private sector (2015-2016). Available at http://www.sla-ready.eu, accessed 17 December 2018
10. SLALOM project: Service Level Agreement-Legal and Open Model (2015-2016). Available at http://www.slalom-project.eu/, accessed 17 December 2018
11. Cloud Standards Customer Council, OMG: 'Practical Guide to Cloud Service Agreements V2.0'. Available at https://www.omg.org/cloud/deliverables/practical-guide-to-cloud-service-agreements.htm, accessed 17 December 2018
12. Casola V. De Benedictis A. Rak M.: 'Automatically enforcing security SLAs in the cloud. ', IEEE Trans. Serv. Comput., 2016, 10, (5), pp. 741-755
13. National Institute of Standards and Technology (NIST): 'Security and Privacy Controls for Information Systems and Organizations'. NIST SP-800-53, revison 5 Draft
14. Cloud Control Matrix (CCM) Alliance, C.S.: Cloud security alliance, cloud controls matrix v3.0.1 (9-1-17 Update). Available at https://cloudsecurityalliance.org/group/cloud-controls-matrix/, accessed 17 December 2018
15. Casola V. Benedictis A.D. Rak M.: 'A security metric catalogue for cloud applications. '. Proc. Int. Conf. on Complex, Intelligent, and Software Intensive Systems (CISIS), Torino, Italy, July 2017, pp. 854-863
16. NIST Cloud Computing Program Information Technology Laboratory: 'Cloud Computing Service Metrics Description NIST SP-500-307', 2015
17. Conley E. Pocs M.: 'GDPR compliance challenges for interoperable health informaon exchanges (HIEs) and trustworthy research environments (TREs). ', Eur. J. Biomed. Inf., 2018, 14, (3), pp. 48-61
18. Ahmadian A.S. Jürjens J.: 'Supporting model-based privacy analysis by exploiting privacy level agreements. '. Proc. Int Conf. Cloud Computing Technology and Science (CloudCom), Luxembourg, 2016, pp. 360-365
19. Diamantopoulou V. Pavlidis M. Mouratidis H.: 'Privacy level agreements for public administration information systems', 2017. Available at http://eprints.brighton.ac.uk/17145/, accessed 17 December 2018
20. Cloud Security Alliance (CSA): 'Code of Conduct for GDPR Compliance'. Available at https://gdpr.cloudsecurityalliance.org/wp-content/uploads/sites/2/2018/06/CSA-Code-of-Conduct-for-GDPR-Compliance.pdf, accessed 17 December 2018
21. Liu H. Bu F. Cai H.: 'SLA-based service composition model with semantic support. '. IEEE Asia-Pacific Proc. Services Computing Conf. (APSCC), Guilin, China, 2012, pp. 374-379
22. Zappatore M. Longo A. Bochicchio M.A.: 'SLA composition in service networks. '. Proc. of the 30th Annual ACM Symp. on Applied Computing-SAC '15, Salamanca, Spain, 2015, pp. 1219-1224
23. Rak M.: 'Security assurance of (multi-) cloud application with security SLA composition. '. Proc. Int. Conf. on Green, Pervasive, and Cloud Computing, Cetara, Italy, 2017, pp. 786-799
24. Rios E. Iturbe E. Palacios M.C.: 'Self-healing multi-cloud application modelling. '. Proc. Int. Conf. on Availability, Reliability and Security, Reggio Calabria, Italy, 2017. (No. 93)
25. 'How Visibility of the Attack Surface Minimizes Risk'. Available at https://www.sans.org/reading-room/whitepapers/cloud/visibility-attack-surface-minimizes-risk-38540, accessed 17 December 2018
26. 'OWASP Risk Rating Methodology'. Available at https://www.owasp.org/index.php/OWASP-Risk-Rating-Methodology, accessed 17 December 2018
27. 'The STRIDE Threat Model'. Available at https://msdn.microsoft.com/en-us/library/ee823878 (v=cs.20).aspx,. accessed 17 Dec 2018
28. Ripolles O. Muntes V. Matthews P.: 'Agile risk management for multi-cloud software development. ', IET Softw., 2018,. doi: 10.1049/iet-sen.2018.5295
29. Baah A.: 'Agile quality assurance: deliver quality software-providing great business value ' (Book Baby, 2017)
30. Cloud Security Alliance: 'Consensus Assessments Initiative Questionnaire v3.0.1'. Available at https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/, accessed 17 December 2018
31. Dorfmann M.S.: 'Introduction to risk management and insurance ' (Prentice Hall, Upper Saddle River, NJ, 1997, 6th edn.)
32. Springer: 'Digitalization Cases: How Organizations Rethink Their Business for the Digital Age'. Available at https://www.springer.com/us/book/9783319952727, accessed 17 December 2018