Home      Log In      Contacts      FAQs      INSTICC Portal
Special Session
Special Session on
Incident Management in Cloud Computing
 - CloudIM 2016

23 - 25 April, 2016 - Rome, Italy

Within the 6th International Conference on Cloud Computing and Services Science - CLOSER 2016


Martin Gilje Gilje Jaatun
IDE, Software Engineering, Safety and Security, SINTEF Digital, Trondheim, Norway
Brief Bio
Martin Gilje Jaatun is a Senior Scientist at SINTEF Digital in Trondheim, Norway. He graduated from the Norwegian Institute of Technology (NTH) in 1992, and received the Dr.Philos degree in critical information infrastructure security from the University of Stavanger in 2015. He is an adjunct professor at the University of Stavanger, and was Editor-in-Chief of the International Journal of Secure Software Engineering (IJSSE). Previous positions include scientist at the Norwegian Defence Research Establishment (FFI), and Senior Lecturer in information security at the Bodø Graduate School of Business. His research interests include software security, security in cloud computing, and security of critical information infrastructures. He is vice chairman of the Cloud Computing Association (, vice chair of the IEEE Technical Committee on Cloud Computing (TCCLD), an IEEE Cybersecurity Ambassador, and a Senior Member of the IEEE. Most of my published papers are available here:
Karin Bernsmed
Software Engineering, Safety and Security , SINTEF ICT

Brief Bio
Karin Bernsmed received her MSc degree from Linköping University in 2003 and her PhD in Telematics from the Norwegian University of Science and Technology (NTNU) in 2007. She worked as a research scientist at Telenor R&I until 2010, after which she joined SINTEF ICT where she is currently heading the information security group. Her research interests include network security and privacy, security in cloud computing, and stochastic modeling and analysis.


Keywords: Incident Detection in the Cloud; Incident Handling in the Cloud; Incident Communication; Monitoring of Services; Cloud Security

Outsourcing computing and storage to the cloud does not eliminate the need for handling of information security incidents. It is not possible to create a computer system that is 100% secure, which implies that if there is someone who sees the value of breaking into your systems, they will eventually succeed – and you must therefore assume that information security incidents will take place in your system.
The handling of incidents in the cloud is difficult because of long provider chains; more than one provider may be involved in in the production of a service, and there is often a large distance (physical and logical) to the provider, and it is consequently difficult to involve the provider when something happens. This also means that you do not necessarily have access to forensics; cloud solutions are often based on multi-tenancy, which means that data from multiple clients could potentially exist on a given infrastructure, and it will not be acceptable to disclose (e.g.) a raw dump from a hard drive in this case. There are also unclear legal restrictions on data originating from one jurisdiction (e.g., Norway) but stored in another (e.g., USA).
With many providers involved in a given service offering, inter-provider collaboration in handling of incidents in the cloud can be a major challenge, but this is a prerequisite for ensuring the accountability of the cloud service providers.

Suggested topics include (but are not limited to):
• Incident detection in the Cloud
• Incident handling in the Cloud
• Communication of incidents along cloud provider chains
• Cloud Forensics
• Logging for cloud incident investigations
• Incident handling for IoT/Cloud convergence


Paper Submission: February 10, 2016 (expired)
Authors Notification: February 24, 2016 (expired)
Camera Ready and Registration: March 3, 2016 (expired)


Yuri Demchenko, University of Amsterdam, Netherlands
Christian Frøystad, Software Engineering, Safety and Security, SINTEF ICT, Norway
Bernd Grobauer, Independent Researcher, Germany
David Groep, Independent Researcher, Netherlands
Geir M. Køien, ICT, University of Agder, Norway
Jan Meijer, Independent Researcher, Norway
Nouh Sabri, Cairo University, Egypt
Anderson Santana de Oliveira, Security & Trust Practice, SAP Research, France
Thomas Schreck, Siemens CERT, Germany


Prospective authors are invited to submit papers in any of the topics listed above.
Instructions for preparing the manuscript (in Word and Latex formats) are available at: Paper Templates
Please also check the Guidelines.
Papers must be submitted electronically via the web-based submission system using the appropriated button on this page.


After thorough reviewing by the special session program committee, all accepted papers will be published in a special section of the conference proceedings book - under an ISBN reference and on digital support - and submitted for indexation by DBLP, Web of Science / Conference Proceedings Citation Index, EI and SCOPUS.
SCITEPRESS is a member of CrossRef ( and every paper is given a DOI (Digital Object Identifier).
All papers presented at the conference venue will be available at the SCITEPRESS Digital Library


CLOSER Special Sessions - CloudIM 2016