A Test-Based Incremental Security Certification Scheme for Cloud-Based Systems

被引：8

作者：

Anisetti, Marco ^{[1
]}

Ardagna, Claudio A. ^{[1
]}

Damiani, Ernesto ^{[1
]}

机构：

[1] DI Univ Milano, I-26013 Crema, Italy

来源：

2015 IEEE 12TH INTERNATIONAL CONFERENCE ON SERVICES COMPUTING (SCC 2015) | 2015年

关键词：

Cloud; Incremental security certification; Testing;

D O I：

10.1109/SCC.2015.104

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

We present a test-based assurance scheme aimed at incremental security certification. Our scheme assesses the impact of changes at cloud, system, and certification methodology levels on existing certification processes. The proposed solution minimizes the risk of unnecessary certificate revocation and reduces as much as possible the amount of re-certification activities. To this aim, it reuses evidence available in existing certificates to re-validate them when relevant changes are observed.

引用

页码：736 / 741

页数：6

共 10 条

[1] Anisetti M., 2014, P IEEE CAC 2014 LOND
[2] Anisetti Marco, 2012, P IEEE ICWS 2012 HON
[3] Cloud Security Alliance (CSA), CSA SEC TRUST ASS RE
[4] Criteria C., 2004, CCRA SUPP DOC 2004 0
[5] Harjani R., 2013, P LAW 2014 NEW ORL L
[6] Herrmann D. S., 2002, USING COMMON CRITERI
[7] Krotsiani M., 2013, P SECURWARE 2013 BAR
[8] Toward Accountability in the Cloud
Pearson, Siani
[J]. IEEE INTERNET COMPUTING, 2011, 15 (04) : 64 - 69
[9] Spanoudakis G, 2012, P HASE 2012 OM NE US
[10] Cloud Services Certification
Sunyaev, Ali
Schneider, Stephan
[J]. COMMUNICATIONS OF THE ACM, 2013, 56 (02) : 33 - 36

← 1 →