Toward Cloud Security Certification (Ernesto Damiani)
Abstract
Generating and handling assurance information on the cloud is an open challenge, as conflicting requirements (e.g., transparency vs. privacy) are emerging. In this talk, we move the first steps towards a conceptual framework where the specifications of basic, hybrid and incremental assurance, service-level agreement (SLA), and certification models for cloud-based services can be given. Specifically, we focus on the definition of a unifying meta-model to provide representational guidelines for (i) the definition of the properties to be negotiated and certified on the cloud (ii) the types of evidence underlying them (iii) the phases of the artifacts life cycle, as well as of all mechanisms for generating supporting evidence.
A short bio
Ernesto Damiani is a full professor at the Dipartimento di Informatica (DI), Università degli Studi di Milano, where he leads the SESAR research lab and the Head of the Universita degli Studi di Milano's Ph.D. program in Computer Science. He has held visiting positions at a number of international institutions, including George Mason University in Virginia, USA, LaTrobe University in Melbourne, Australia, University of Technology in Sydney, Australia, and the Institut National des Sciences Appliquées (INSA) at Lyon, France. Prof. Damiani serves in the editorial board of several journals in the secure and service-oriented software development areas; among others, he is Area Editor of the Journal of System Architecture and Associate Editor of the IEEE Transactions on Service-oriented Computing. He is the Vice-Chair of the IEEE Technical Committee on Industrial Informatics, the Chair of IFIP WG 2.6 on Database Semantics and the Secretary of the IFIP WG 2.13 on Open Source Development. He is a senior member of the IEEE. In 2008 he was nominated ACM distinguished scientist and he receive the Chester Hall Award for the best paper published in the IEEE Transaction on Consumer Electronics. He has co-authored the book "Open Source Systems Security Certification" (Springer 2009).
