Modeling time, probability, and configuration constraints for continuous cloud service certification

M. Anisetti, C. A. Ardagna, E. Damiani, N. El Ioini, F. Gaudenzi

Research output: Contribution to journalArticlepeer-review

13 Scopus citations

Abstract

Cloud computing proposes a paradigm shift where resources and services are allocated, provisioned, and accessed at runtime and on demand. New business opportunities emerge for service providers and their customers, at a price of an increased uncertainty on how their data are managed and their applications operate once stored/deployed in the cloud. This scenario calls for assurance solutions that formally assess the working of the cloud and its services/processes. Current assurance techniques increasingly rely on model-based verification, but fall short to provide sound checks on the validity and correctness of their assessment over time. The approach in this paper aims to close this gap catching unexpected behaviors emerging when a verified service is deployed in the target cloud. We focus on certification-based assurance techniques, which provide customers with verifiable and formal evidence on the behavior of cloud services/processes. We present a trustworthy cloud certification scheme based on the continuous verification of model correctness against real and synthetic service execution traces, according to time, probability, and configuration constraints, and attack flows. We test the effectiveness of our approach in a real scenario involving ATOS SA eHealth application deployed on top of open source IaaS OpenStack.

Original languageBritish English
Pages (from-to)234-254
Number of pages21
JournalComputers and Security
Volume72
DOIs
StatePublished - Jan 2018

Keywords

  • Assurance
  • Certification
  • Cloud
  • Compliance
  • Security

Fingerprint

Dive into the research topics of 'Modeling time, probability, and configuration constraints for continuous cloud service certification'. Together they form a unique fingerprint.

Cite this