Security framework to achieve a continuous audit-based certificationn in compliance with the EU-wide cloud security certification scheme

Leistungen

Methodology and tools for risk-based assessment and security control reconfiguration-V1

Lastly this deliverable comprises the methodology as well as the prototype implementation of the riskbased auditor component To follow the approach taken in other tasks there will be three iterations of the tool integration an initial prototype showcasing the methodology a second release which will be based on a refinement of the technical architecture and finally the third iteration which will reflect the implementation of the use cases This deliverable is the result of Task 44

MEDINA Requirements, Detailed architecture, DevOps infrastructure and CI/CD and verification strategy-v1

This deliverable has a threefold goal Firstly it will contain the requirements of the MEDINA framework in close collaboration with Task 61 Secondly the detailed design of MEDINA its components modules interfaces Thirdly it will also detail the realization of the DevOps infrastructure namely the set of tools and services to support all continuous integration and deployment phases in order to follow a DevOps approach as well as the CICD strategy to be followed for the continuous integration of the MEDINA Framework Two releases of the document are planned In the second one the feedbacks received from the use cases implementation will be managed to update the design This deliverable is the result of Tasks 51 and 52

Continuously certifiable technical and organizational measures and catalogue of cloud security metrics-v1

This set of deliverables will present the definition of the technical and organizational measures relevant for CSPs along with a set of security metrics both quantitative and qualitative for such security objectives These measures will be expressed also in the form of a catalogue of comprehensible cloud security metrics These deliverables are the result of Task 22 and part of 21

Dissemination and Communication Report-v1

This deliverable will explain the dissemination and communication activities followed during the reporting periods as well as the results from these activities and will update projects dissemination and communication plan respectively This report will also contain the relevant activities executed to foster a close collaboration with projects related to MEDINA as well as future networking plans

Continuously certifiable technical and organizational measures and catalogue of cloud security metrics-v2

This set of deliverables will present the definition of the technical and organizational measures relevant for CSPs along with a set of security metrics both quantitative and qualitative for such security objectives These measures will be expressed also in the form of a catalogue of comprehensible cloud security metrics These deliverables are the result of Task 22 and part of 21

Dissemination and Communication Strategy

This deliverable has a threefold goal Firstly it will define the way in which the different communities scientific commercial general public will be targeted as well as the social media will be used Secondly it will detail the specific plan for networking activities with external entities including the specific working group this project will participate Finally it will describe the project dissemination strategy to be adopted throughout the project lifetime The release of the respective report is considered one of the key milestones of the project

Standardization Roadmap-v1

This deliverable will present all the relevant activities performed in the context of standardization and standards observation

Market, Innovation and Applicability Analysis

This document will report surveys and analysis about solutions trends and initiatives in the fields relevant to MEDINA The report will be updated to accommodate future trends and competence analysis in D74

Standardization Roadmap-v2

This deliverable will present all the relevant activities performed in the context of standardization and standards observation

Training materials

This deliverable will compile the different training materials generated in the course of the project

Dissemination and Communication Report-V2

This deliverable will explain the dissemination and communication activities followed during the reporting periods as well as the results from these activities and will update projects dissemination and communication plan respectively This report will also contain the relevant activities executed to foster a close collaboration with projects related to MEDINA as well as future networking plans

MEDINA brochure and public website

The initial version of the brochure and project website will include at least project objectives and contact details MEDINA website will be setup by the Project Leader TECNALIA and continuously enhanced by all partners to include public downloadable results and links to related news and initiatives

Veröffentlichungen

EUROSCAL – Paving the Road Towards Interoperable and Automated Compliance Monitoring in Europe

Autoren: Jesus Luna, Bosch
Veröffentlicht in: 2023
Herausgeber: white paper

MEDINA: First Impressions on Experimenting with Automated Monitoring Requirements of the Upcoming EU Cybersecurity Certification Scheme for Cloud Services .

Autoren: Jesus Luna Garcia, Bosch, Thomas Ruebsamen, Bosch Patrick Weiss, Bosch Valentin Acker, Bosch Tatu Suhonen, Nixu Jarkko Majava, Nixu
Veröffentlicht in: 2021
Herausgeber: white paper

Metric Recommender System and the use of Natural Language Processing

Autoren: Fazzolari, Michela
Veröffentlicht in: Issue 51, 2023
Herausgeber: white paper
DOI: 10.5281/zenodo.10200736

Continuous Life-Cycle Management of Cloud Security Certifications

Autoren: FhG, XLAB, CNR, NIXU, TECNALIA
Veröffentlicht in: 2023
Herausgeber: white paper

The MEDINA Controlled Natural Language

Autoren: Marinella Petrocchi and Michela Fazzolari
Veröffentlicht in: 2023
Herausgeber: white paper

An architecture proposal for the MEDINA framework

Autoren: TECNALIA, Bosch, CNR, FhG, HPE, NIXU
Veröffentlicht in: 2023
Herausgeber: white paper

Data Sovereignty in the Cloud-Wishful Thinking or Reality?

Autoren: Christian Banse
Veröffentlicht in: Proc. of 2021 Cloud Computing Security Workshop, 2021
Herausgeber: IEEE
DOI: 10.1145/3474123.3486792

Runtime security monitoring by an interplay between rule matching and deep learning-based anomaly detection on logs

Autoren: Jan Antić, Joao Pita Costa, Aleš Černivec et al.
Veröffentlicht in: International Workshop on Design of Reliable Communication Networks (DRCN), 2023
Herausgeber: IEEE
DOI: 10.1109/drcn57075.2023.10108105

Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis

Autoren: Christian Banse Immanuel Kunz Angelika Schneider Konrad Weiss
Veröffentlicht in: Proc. of IEEE International Conference on Cloud Computing 2021, 2021
Herausgeber: IEEE
DOI: 10.1109/cloud53861.2021.00014

A Semantic Evidence-based Approach to Continuous Cloud Service Certification

Autoren: Christian Banse Immanuel Kunz Nico Haas Angelika Schneider
Veröffentlicht in: SAC '23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing March 2023 Pages 24–33, 2023
Herausgeber: ACM
DOI: 10.1145/3555776.3577600

Application-Oriented Selection of Privacy Enhancing Technologies

Autoren: Immanuel Kunz Andreas Binder
Veröffentlicht in: Annual Privacy Forum APF 2022: Privacy Technologies and Policy, Issue Lecture Notes in Computer Science book series (LNCS,volume 13279), 2022
Herausgeber: Springer Cham
DOI: 10.1007/978-3-030-10925-7_31

Medina: Improving cloud services trustworthiness through continuous audit-based certification

Autoren: Orue-Echevarria, Leire; Garcia, J.L.; Banse, C.; Alonso, Juncal
Veröffentlicht in: First SWForum workshop on Trustworthy Software and Open Source 2021, Issue CEUR Workshop Proceedings, 2878, 2021, Page(s) 16 . 23
Herausgeber: CEUR

Patient Community -- A Test Bed for Privacy Threat Analysis

Autoren: Immanuel Kunz; Angelika Schneider; Christian Banse; Konrad Weiss; Andreas Binder
Veröffentlicht in: CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security November 2022 Pages 3383–3385, 2022
Herausgeber: ACM
DOI: 10.1145/3548606.3564253

Representing LLVM-IR in a Code Property Graph

Autoren: Alexander Küchler, Christian Banse
Veröffentlicht in: International Conference on Information Security ISC 2022: Information Security pp 360–380, 2022
Herausgeber: Springer
DOI: 10.1007/978-3-031-22390-7_21

Privacy Property Graph: Towards Automated Privacy Threat Modelling via Static Graph-based Analysis

Autoren: Immanuel Kunz (Fraunhofer AISEC), Konrad Weiss (Fraunhofer AISEC), Angelika Schneider (Fraunhofer AISEC), Christian Banse (Fraunhofer AISEC)
Veröffentlicht in: Popets 2023, 2023
Herausgeber: published under a Creative Commons Attribution 4.0 license
DOI: 10.56553/popets-2023-0046

Security in DevSecOps: Applying Tools and Machine Learning to Verification and Monitoring Steps

Autoren: Matija Cankar et al. (XLAB)
Veröffentlicht in: ICPE ’23 Companion, Companion of the 2023 ACM/SPEC International Conference on Performance Engineering, 2023
Herausgeber: ACM
DOI: 10.1145/3578245.3584943

Medina: Improving Cloud Services trustworthiness through continuous audit-based certification

Autoren: Leire Orue-Echevarría, Juncal Alonso (TECNALIA) Jesus Luna (Bosch) Christian Banse (FhG
Veröffentlicht in: CEUR- WS.org, ISSN 1613- 0073 Vol 2878, 2021
Herausgeber: CEUR-WS online

Application-Oriented Selection of Privacy Enhancing Technologies

Autoren: Immanuel Kunz, Andreas Binder
Veröffentlicht in: Annual Privacy Forum APF 2022: Privacy Technologies and Policy pp 75–87, 2022
Herausgeber: Springer
DOI: 10.1007/978-3-031-07315-1_5

AMOE: a Tool to Automatically Extract and Assess Organizational Evidence for Continuous Cloud Audit

Autoren: Deimling, Franz; Fazzolari, Michela
Veröffentlicht in: DBSec 2023: Data and Applications Security and Privacy XXXVII, 37th Annual IFIP WG 11.3 Conference, 2023
Herausgeber: Springer
DOI: 10.48550/arxiv.2307.16541

A Continuous Risk Assessment Methodology for Cloud Infrastructures

Autoren: Immanuel Kunz, Angelika Schneider, Christian Banse
Veröffentlicht in: 22th IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID), 2022
Herausgeber: IEEE
DOI: 10.1109/ccgrid54584.2022.00127

Understanding the challenges and novel architectural models of multi-cloud native applications – a systematic literature review

Autoren: Juncal Alonso; Leire Orue-Echevarria; Valentina Casola; Ana Isabel Torre; Maider Huarte; Eneko Osaba; Jesus L. Lobo
Veröffentlicht in: Journal of Cloud Computing: Advances, Systems and Applications, Issue 62, 2023, ISSN 2192-113X
Herausgeber: Springer Science + Business Media
DOI: 10.1186/s13677-022-00367-6

Leistungen

Veröffentlichungen

Diese Seite teilen

Herunterladen