CloudSecGov 2013 Abstracts


Full Papers
Paper Nr: 1
Title:

Negotiating and Brokering Cloud Resources based on Security Level Agreements

Authors:

Jesus Luna Garcia, Tsvetoslava Vateva-Gurova, Neeraj Suri, Massimiliano Rak and Loredana Liccardo

Abstract: .

Paper Nr: 3
Title:

An Analysis of Software Quality Attributes and Their Contribution to Trustworthiness

Authors:

Nazila Gol Mohammadi, Sachar Paulus, Mohamed Bishr, Andreas Metzger, Holger Koennecke, Sandro Hartenstein and Klaus Pohl

Abstract: Whether a software, app, service or infrastructure is trustworthy represents a key success factor for its use and adoption by organizations and end-users. The notion of trustworthiness, though, is actually subject to individual interpretation, e.g. organizations require confidence about how their business critical data is handled whereas end-users may be more concerned about the usability. These concerns manifest as trustworthiness requirements towards modern apps and services. Understanding which Software Quality Attributes (SQA) foster trustworthiness thus becomes an increasingly important piece of knowledge for successful software development. To this end, this paper provides a first attempt to identify SQA, which contribute to trustworthiness. Based on a survey of the literature, we provide a structured overview on SQA and their contribution to trustworthiness. We also identify potential gaps with respect to attributes whose relationship to trustworthiness is understudied such as e.g. accessibility, level of service, etc. Further, we observe that most of the literature studies trustworthiness from a security perspective while there exist limited contributions in studying the social aspects of trustworthiness in computing. We expect this work to contribute to a better understanding of which attributes and characteristics of a software system should be considered to build trustworthy systems.

Paper Nr: 4
Title:

Ontology-based Analysis of Compliance and Regulatory Requirements of Business Processes

Authors:

Thorsten Humberg, Christian Wessel, Daniel Poggenpohl, Sven Wenzel, Thomas Ruhroth and Jan Jürjens

Abstract: Despite its significant potential benefits, the concept of Cloud Computing is still regarded with skepticism in most companies. One of the main obstacle is posed by concerns about the systems’ security and compliance issues. Examining system and process models for compliance manually is time-consuming and error-prone, in particular due to the mere extent of potentially relevant sources of security and compliance concerns that have to be considered. This paper proposes techniques to ease these problems by providing support in identifying relevant aspects, as well as suggesting possible methods (from an existing pool of such) to actually check a given model. We developed a two-step approach: At first, we build an ontology to formalize rules from relevant standards, augmented with additional semantic information. This ontology is then utilized in the analysis of an actual model of a system or a business process in order to detect possible compliance obligations.

Paper Nr: 5
Title:

Addressing the Terms-of-Service Threat - Client-side Security and Policy Control for Free File Storage Services

Authors:

Geir M. Køien and Vladimir A. Oleshchuk

Abstract: In this paper we describe and identify the so-called terms-of-service (ToS) threat. This threat is concerned with asymmetry in the power between a service producer (SP) and the service consumer (SC) and is expressed in ToS which allows the SC to change the ToS at will. Our context is the free file synchronization services, and we will analyze the relationships between the service producer and the service consumer. There are pronounced control asymmetries and potential conflicts of interest between the parties, including user privacy and content ownership control. Our proposal for addressing these problems hinges on a two pronged approach, including defining a service policy manager surveillance tool and a client side presentation manager to enforce local security and privacy policies. Our Umbrella Architecture is still very much work in progress, but we are optimistic about usefulness the approach.