DCCE'14 – 1. Workshop on Dynamic Certification in Cloud Ecosystems
DCCE'14 – 1. Workshop on Dynamic Certification in Cloud Ecosystems will be held in Singapore, December 15-18, 2014, in conjuction with IEEE CloudCom 2014.
Abstract
Audits and certificates can help to evaluate and proof cloud infrastructures and ecosystems according to specific compliance catalogues. Subjects of cloud audits are typically the quality of processes and services, the level of security and data protection as well as other standardised checklists. Examples such as the EuroCloud Star Audit are developed in reference to ISO 27001/27017 and ISAE 3000/ISAE3402 with a restructured approach for cloud service assessment. Other examples which are based on CCM, ISO27001-2013, AICPA Trust Principle (and others) are CSA STAR Certification (which is an evolution, cloud specific of ISO27001) and CSA STAR Attestation (based on SOC2 and CCM). These 2 examples of audits are part of the CSA Open Certification Framework.
Current certification processes, conducted once a year or even only every two years, however, are only partly adjusted to the characteristics and needs of cloud ecosystems. The challenge is to specify new approaches, processes, and controls in order to reflect the flexibility, dynamics and on demand nature of clouds. Heading for dynamic certification means getting the current status of a cloud ecosystem on demand reflecting compliance rules based for instance on the standards above. A typical question from cloud customers nowadays: “Is the cloud service continuously operating compliant to local data protection laws?”
The goal of this workshop is (1) bringing together science, industry, administration and standardisation and (2) elaborating how (abstract) requirements from standards, legislations, and policies can be boiled down to technical means that can be monitored, aggregated, and analysed in a highly dynamic cloud environment in a (half-)automated way.
Topics of interest
• Dynamic Certification
• Dynamic Service Level Agreements
• Cloud Certificates
• Continuous / (Semi-)Automated Monitoring and Auditing • Metrics, Measures, and Methods for Dynamic Certification • Complex Event Processing • Data Confidentiality, Integrity and Authenticity • Certification Transparency • Data Aggregation • Data Analytics • Visualisation of Certification Results • Trust in Certificates
Important Dates
Paper submissions: September 2, 2014
Notification: September 9, 2014
Camera-ready: September 16, 2014
Organisers
- Helmut Krcmar, Technical University Munich • Michael Schermann, Technical University Munich • Mario Hoffmann, Fraunhofer AISEC • Ali Sunyaev, University of Cologne
Programme Committee
- Iryna Windhorst, Fraunhofer AISEC
- Philipp Stephanow, Fraunhofer AISEC
- Niels Fallenbeck, Fraunhofer AISEC
- Andreas Weiß, EuroCloud
- Bernd Becker, EuroCloud
- Stephan Schneider, University of Cologne • Manuel Wiesche, Technical University Munich • Volker Wiedmer, Fujitsu • Joachim Lohmann, Fujitsu • Michael Diepold, AKDB
Submissions
Mario Hoffmann
eMail: mario.hoffmann@aisec.fraunhofer.de
Phone: +49 89/ 322 9986-177
Cell: +49 151/121 68100
Fraunhofer Institute for Applied and Integrated Security AISEC Parkring 4, 85748 Garching near Munich, Germany
