Skip to main content

Security framework to achieve a continuous audit-based certificationn in compliance with the EU-wide cloud security certification scheme


Methodology and tools for risk-based assessment and security control reconfiguration-V1

Lastly this deliverable comprises the methodology as well as the prototype implementation of the riskbased auditor component To follow the approach taken in other tasks there will be three iterations of the tool integration an initial prototype showcasing the methodology a second release which will be based on a refinement of the technical architecture and finally the third iteration which will reflect the implementation of the use cases This deliverable is the result of Task 44

MEDINA Requirements, Detailed architecture, DevOps infrastructure and CI/CD and verification strategy-v1

This deliverable has a threefold goal Firstly it will contain the requirements of the MEDINA framework in close collaboration with Task 61 Secondly the detailed design of MEDINA its components modules interfaces Thirdly it will also detail the realization of the DevOps infrastructure namely the set of tools and services to support all continuous integration and deployment phases in order to follow a DevOps approach as well as the CICD strategy to be followed for the continuous integration of the MEDINA Framework Two releases of the document are planned In the second one the feedbacks received from the use cases implementation will be managed to update the design This deliverable is the result of Tasks 51 and 52

Continuously certifiable technical and organizational measures and catalogue of cloud security metrics-v1

This set of deliverables will present the definition of the technical and organizational measures relevant for CSPs along with a set of security metrics both quantitative and qualitative for such security objectives These measures will be expressed also in the form of a catalogue of comprehensible cloud security metrics These deliverables are the result of Task 22 and part of 21

Dissemination and Communication Report-v1

This deliverable will explain the dissemination and communication activities followed during the reporting periods as well as the results from these activities and will update projects dissemination and communication plan respectively This report will also contain the relevant activities executed to foster a close collaboration with projects related to MEDINA as well as future networking plans

Dissemination and Communication Strategy

This deliverable has a threefold goal Firstly it will define the way in which the different communities scientific commercial general public will be targeted as well as the social media will be used Secondly it will detail the specific plan for networking activities with external entities including the specific working group this project will participate Finally it will describe the project dissemination strategy to be adopted throughout the project lifetime The release of the respective report is considered one of the key milestones of the project

Standardization Roadmap-v1

This deliverable will present all the relevant activities performed in the context of standardization and standards observation

Market, Innovation and Applicability Analysis

This document will report surveys and analysis about solutions trends and initiatives in the fields relevant to MEDINA The report will be updated to accommodate future trends and competence analysis in D74

MEDINA brochure and public website

The initial version of the brochure and project website will include at least project objectives and contact details MEDINA website will be setup by the Project Leader TECNALIA and continuously enhanced by all partners to include public downloadable results and links to related news and initiatives

Searching for OpenAIRE data...


Data Sovereignty in the Cloud-Wishful Thinking or Reality?

Author(s): Christian Banse
Published in: Proc. of 2021 Cloud Computing Security Workshop, 2021
Publisher: IEEE
DOI: 10.1145/3474123.3486792

Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis

Author(s): Christian Banse Immanuel Kunz Angelika Schneider Konrad Weiss
Published in: Proc. of IEEE International Conference on Cloud Computing 2021, 2021
Publisher: IEEE
DOI: 10.1109/cloud53861.2021.00014

Application-Oriented Selection of Privacy Enhancing Technologies

Author(s): Immanuel Kunz Andreas Binder
Published in: Annual Privacy Forum APF 2022: Privacy Technologies and Policy, Lecture Notes in Computer Science book series (LNCS,volume 13279), 2022
Publisher: Springer Cham
DOI: 10.1007/978-3-030-10925-7_31

Medina: Improving cloud services trustworthiness through continuous audit-based certification

Author(s): Orue-Echevarria, Leire; Garcia, J.L.; Banse, C.; Alonso, Juncal
Published in: First SWForum workshop on Trustworthy Software and Open Source 2021, CEUR Workshop Proceedings, 2878, 2021, Page(s) 16 . 23
Publisher: CEUR

Medina: Improving Cloud Services trustworthiness through continuous audit-based certification

Author(s): Leire Orue-Echevarría, Juncal Alonso (TECNALIA) Jesus Luna (Bosch) Christian Banse (FhG
Published in: CEUR-, ISSN 1613- 0073 Vol 2878, 2021
Publisher: CEUR-WS online