Resultado final Other (2) Methodology and tools for risk-based assessment and security control reconfiguration-V1 Lastly this deliverable comprises the methodology as well as the prototype implementation of the riskbased auditor component To follow the approach taken in other tasks there will be three iterations of the tool integration an initial prototype showcasing the methodology a second release which will be based on a refinement of the technical architecture and finally the third iteration which will reflect the implementation of the use cases This deliverable is the result of Task 44 MEDINA Requirements, Detailed architecture, DevOps infrastructure and CI/CD and verification strategy-v1 This deliverable has a threefold goal Firstly it will contain the requirements of the MEDINA framework in close collaboration with Task 61 Secondly the detailed design of MEDINA its components modules interfaces Thirdly it will also detail the realization of the DevOps infrastructure namely the set of tools and services to support all continuous integration and deployment phases in order to follow a DevOps approach as well as the CICD strategy to be followed for the continuous integration of the MEDINA Framework Two releases of the document are planned In the second one the feedbacks received from the use cases implementation will be managed to update the design This deliverable is the result of Tasks 51 and 52 Documents, reports (9) Continuously certifiable technical and organizational measures and catalogue of cloud security metrics-v1 This set of deliverables will present the definition of the technical and organizational measures relevant for CSPs along with a set of security metrics both quantitative and qualitative for such security objectives These measures will be expressed also in the form of a catalogue of comprehensible cloud security metrics These deliverables are the result of Task 22 and part of 21 Dissemination and Communication Report-v1 This deliverable will explain the dissemination and communication activities followed during the reporting periods as well as the results from these activities and will update projects dissemination and communication plan respectively This report will also contain the relevant activities executed to foster a close collaboration with projects related to MEDINA as well as future networking plans Continuously certifiable technical and organizational measures and catalogue of cloud security metrics-v2 This set of deliverables will present the definition of the technical and organizational measures relevant for CSPs along with a set of security metrics both quantitative and qualitative for such security objectives These measures will be expressed also in the form of a catalogue of comprehensible cloud security metrics These deliverables are the result of Task 22 and part of 21 Dissemination and Communication Strategy This deliverable has a threefold goal Firstly it will define the way in which the different communities scientific commercial general public will be targeted as well as the social media will be used Secondly it will detail the specific plan for networking activities with external entities including the specific working group this project will participate Finally it will describe the project dissemination strategy to be adopted throughout the project lifetime The release of the respective report is considered one of the key milestones of the project Standardization Roadmap-v1 This deliverable will present all the relevant activities performed in the context of standardization and standards observation Market, Innovation and Applicability Analysis This document will report surveys and analysis about solutions trends and initiatives in the fields relevant to MEDINA The report will be updated to accommodate future trends and competence analysis in D74 Standardization Roadmap-v2 This deliverable will present all the relevant activities performed in the context of standardization and standards observation Training materials This deliverable will compile the different training materials generated in the course of the project Dissemination and Communication Report-V2 This deliverable will explain the dissemination and communication activities followed during the reporting periods as well as the results from these activities and will update projects dissemination and communication plan respectively This report will also contain the relevant activities executed to foster a close collaboration with projects related to MEDINA as well as future networking plans Websites, patent fillings, videos etc. (1) MEDINA brochure and public website The initial version of the brochure and project website will include at least project objectives and contact details MEDINA website will be setup by the Project Leader TECNALIA and continuously enhanced by all partners to include public downloadable results and links to related news and initiatives Publicaciones Other (6) EUROSCAL – Paving the Road Towards Interoperable and Automated Compliance Monitoring in Europe Autores: Jesus Luna, Bosch Publicado en: 2023 Editor: white paper MEDINA: First Impressions on Experimenting with Automated Monitoring Requirements of the Upcoming EU Cybersecurity Certification Scheme for Cloud Services . Autores: Jesus Luna Garcia, Bosch, Thomas Ruebsamen, Bosch Patrick Weiss, Bosch Valentin Acker, Bosch Tatu Suhonen, Nixu Jarkko Majava, Nixu Publicado en: 2021 Editor: white paper Metric Recommender System and the use of Natural Language Processing Autores: Fazzolari, Michela Publicado en: Edición 51, 2023 Editor: white paper DOI: 10.5281/zenodo.10200736 Continuous Life-Cycle Management of Cloud Security Certifications Autores: FhG, XLAB, CNR, NIXU, TECNALIA Publicado en: 2023 Editor: white paper The MEDINA Controlled Natural Language Autores: Marinella Petrocchi and Michela Fazzolari Publicado en: 2023 Editor: white paper An architecture proposal for the MEDINA framework Autores: TECNALIA, Bosch, CNR, FhG, HPE, NIXU Publicado en: 2023 Editor: white paper Conference proceedings (14) Data Sovereignty in the Cloud-Wishful Thinking or Reality? Autores: Christian Banse Publicado en: Proc. of 2021 Cloud Computing Security Workshop, 2021 Editor: IEEE DOI: 10.1145/3474123.3486792 Runtime security monitoring by an interplay between rule matching and deep learning-based anomaly detection on logs Autores: Jan Antić, Joao Pita Costa, Aleš Černivec et al. Publicado en: International Workshop on Design of Reliable Communication Networks (DRCN), 2023 Editor: IEEE DOI: 10.1109/drcn57075.2023.10108105 Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis Autores: Christian Banse Immanuel Kunz Angelika Schneider Konrad Weiss Publicado en: Proc. of IEEE International Conference on Cloud Computing 2021, 2021 Editor: IEEE DOI: 10.1109/cloud53861.2021.00014 A Semantic Evidence-based Approach to Continuous Cloud Service Certification Autores: Christian Banse Immanuel Kunz Nico Haas Angelika Schneider Publicado en: SAC '23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing March 2023 Pages 24–33, 2023 Editor: ACM DOI: 10.1145/3555776.3577600 Application-Oriented Selection of Privacy Enhancing Technologies Autores: Immanuel Kunz Andreas Binder Publicado en: Annual Privacy Forum APF 2022: Privacy Technologies and Policy, Edición Lecture Notes in Computer Science book series (LNCS,volume 13279), 2022 Editor: Springer Cham DOI: 10.1007/978-3-030-10925-7_31 Medina: Improving cloud services trustworthiness through continuous audit-based certification Autores: Orue-Echevarria, Leire; Garcia, J.L.; Banse, C.; Alonso, Juncal Publicado en: First SWForum workshop on Trustworthy Software and Open Source 2021, Edición CEUR Workshop Proceedings, 2878, 2021, Página(s) 16 . 23 Editor: CEUR Patient Community -- A Test Bed for Privacy Threat Analysis Autores: Immanuel Kunz; Angelika Schneider; Christian Banse; Konrad Weiss; Andreas Binder Publicado en: CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security November 2022 Pages 3383–3385, 2022 Editor: ACM DOI: 10.1145/3548606.3564253 Representing LLVM-IR in a Code Property Graph Autores: Alexander Küchler, Christian Banse Publicado en: International Conference on Information Security ISC 2022: Information Security pp 360–380, 2022 Editor: Springer DOI: 10.1007/978-3-031-22390-7_21 Privacy Property Graph: Towards Automated Privacy Threat Modelling via Static Graph-based Analysis Autores: Immanuel Kunz (Fraunhofer AISEC), Konrad Weiss (Fraunhofer AISEC), Angelika Schneider (Fraunhofer AISEC), Christian Banse (Fraunhofer AISEC) Publicado en: Popets 2023, 2023 Editor: published under a Creative Commons Attribution 4.0 license DOI: 10.56553/popets-2023-0046 Security in DevSecOps: Applying Tools and Machine Learning to Verification and Monitoring Steps Autores: Matija Cankar et al. (XLAB) Publicado en: ICPE ’23 Companion, Companion of the 2023 ACM/SPEC International Conference on Performance Engineering, 2023 Editor: ACM DOI: 10.1145/3578245.3584943 Medina: Improving Cloud Services trustworthiness through continuous audit-based certification Autores: Leire Orue-Echevarría, Juncal Alonso (TECNALIA) Jesus Luna (Bosch) Christian Banse (FhG Publicado en: CEUR- WS.org, ISSN 1613- 0073 Vol 2878, 2021 Editor: CEUR-WS online Application-Oriented Selection of Privacy Enhancing Technologies Autores: Immanuel Kunz, Andreas Binder Publicado en: Annual Privacy Forum APF 2022: Privacy Technologies and Policy pp 75–87, 2022 Editor: Springer DOI: 10.1007/978-3-031-07315-1_5 AMOE: a Tool to Automatically Extract and Assess Organizational Evidence for Continuous Cloud Audit Autores: Deimling, Franz; Fazzolari, Michela Publicado en: DBSec 2023: Data and Applications Security and Privacy XXXVII, 37th Annual IFIP WG 11.3 Conference, 2023 Editor: Springer DOI: 10.48550/arxiv.2307.16541 A Continuous Risk Assessment Methodology for Cloud Infrastructures Autores: Immanuel Kunz, Angelika Schneider, Christian Banse Publicado en: 22th IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID), 2022 Editor: IEEE DOI: 10.1109/ccgrid54584.2022.00127 Peer reviewed articles (1) Understanding the challenges and novel architectural models of multi-cloud native applications – a systematic literature review Autores: Juncal Alonso; Leire Orue-Echevarria; Valentina Casola; Ana Isabel Torre; Maider Huarte; Eneko Osaba; Jesus L. Lobo Publicado en: Journal of Cloud Computing: Advances, Systems and Applications, Edición 62, 2023, ISSN 2192-113X Editor: Springer Science + Business Media DOI: 10.1186/s13677-022-00367-6 Buscando datos de OpenAIRE... Se ha producido un error en la búsqueda de datos de OpenAIRE No hay resultados disponibles
