Secure Cloud-Edge Deployments, with Trust

Assessing the security level of IoT applications to be deployed to heterogeneous Cloud-Edge infrastructures operated by different providers is a non-trivial task. In this article, we present a methodology that permits to express security requirements for IoT applications, as well as infrastructure security capabilities, in a simple and declarative manner, and to automatically obtain an explainable assessment of the security level of the possible application deployments. The methodology also considers the impact of trust relations among different stakeholders using or managing Cloud-Edge infrastructures. A lifelike example is used to showcase the prototyped implementation of the methodology

Software-Defined Networks for Future Networks and Services: Main Technical Challenges and Business Implications

In 2013, the IEEE Future Directions Committee (FDC) formed an SDN work group to explore the amount of interest in forming an IEEE Software-Defined Network (SDN) Community. To this end, a Workshop on "SDN for Future Networks and Services" (SDN4FNS'13) was organized in Trento, Italy (Nov. 11th-13th 2013). Following the results of the workshop, in this paper, we have further analyzed scenarios, prior-art, state of standardization, and further discussed the main technical challenges and socio-economic aspects of SDN and virtualization in future networks and services. A number of research and development directions have been identified in this white paper, along with a comprehensive analysis of the technical feasibility and business availability of those fundamental technologies. A radical industry transition towards the "economy of information through softwarization" is expected in the near future

Monitoring-Based Certification of Cloud Service Security

In this paper, we present a novel approach to cloud service security certification. This approach could be used to: (a) define and execute automatically certification models, which can continuously and incrementally acquire and analyse evidence regarding the provision of services on cloud infrastructures through continuous monitoring; (b) use this evidence to assess whether the provision is compliant with required security properties; and (c) generate and manage digital certificates confirming the compliance of services if the acquired evidence supports this. We also present the results of an initial experimental evaluation of our approach based on the MySQL server and RUBiS benchmark

Medina: Improving cloud services trustworthiness through continuous audit-based certification

One of the reasons of the still limited adoption of Cloud Computing in the EU is the EU customers' perceived lack of security and transparency in this technology. Cloud service providers (CSPs) usually rely on security certifications as a mean to improve transparency and trustworthiness, however European CSPs still face multiple challenges for certifying their services (e.g., fragmentation in the certification market, and lack of mutual recognition). In this context, the EU Cybersecurity Act (EU CSA) proposes improving customer's trust in the European ICT market through a European certification scheme (EUCS). The proposed cloud security certification scheme conveys new technological challenges including the notion of automated monitoring for the whole supply chain, which needs to be solved in order to bring all the expected benefits to EU cloud providers and customers. In this context, MEDINA proposes a framework for supporting a continuous audit-based certification for CSPs based on EU CSA's scheme for cloud security certification. MEDINA will tackle challenges in areas like security validation/ testing, machine-readable certification language, cloud security performance, and audit evidence management. MEDINA will provide and empirically validate sustainable outcomes in order to benefit EU adopters.This work has been partially funded by the European project MEDINA (Horizon 2020 research and innovation Programme, under grant agreement no 952633)