DCCE'14 – 1. Workshop on Dynamic Certification in Cloud Ecosystems

(A downloadable version of this call for paper is available here: [pdf])

Audits and certificates can help to evaluate and proof cloud infrastructures and ecosystems according to specific compliance catalogues. Subjects of cloud audits are typically the quality of processes and services, the level of security and data protection as well as other standardised checklists. Examples such as the EuroCloud Star Audit are developed in reference to ISO 27001/27017 and ISAE 3000/ ISAE3402 with a restructured approach for cloud service assessment. Other examples which are based on CCM, ISO27001-2013, AICPA Trust Principle (and others) are CSA STAR Certification (which is an evolution, cloud specific of ISO27001) and CSA STAR Attestation (based on SOC2 and CCM). These 2 examples of audits are part of the CSA Open Certification Framework.

Current certification processes, conducted once a year or even only every two years, however, are only partly adjusted to the characteristics and needs of cloud ecosystems. The challenge is to specify new approaches, processes, and controls in order to reflect the flexibility, dynamics and on demand nature of clouds. Heading for dynamic certification means getting the current status of a cloud ecosystem on demand reflecting compliance rules based for instance on the standards above. A typical question from cloud customers nowadays: “Is the cloud service continuously operating compliant to local data protection laws?”

The goal of this workshop is (1) bringing together science, industry, administration and standardisation and (2) elaborating how (abstract) requirements from standards, legislations, and policies can be boiled down to technical means that can be monitored, aggregated, and analysed in a highly dynamic cloud environment in a (half-)automated way.

Topics of interest

  • Dynamic Certification
  • Dynamic Service Level Agreements
  • Cloud Certificates
  • Continuous / (Semi-)Automated Monitoring and Auditing
  • Metrics, Measures, and Methods for Dynamic Certification
  • Complex Event Processing
  • Data Confidentiality, Integrity and Authenticity
  • Certification Transparency
  • Data Aggregation
  • Data Analytics
  • Visualisation of Certification Results
  • Trust in Certificates

Important Dates

Paper submissions       September 2, 2014       NEW: September 18th, 2014

Notification                 September 9, 2014       NEW: September 25th, 2014

Camera-ready              September 16, 2014     NEW: October 14th, 2014

Organizers 

  • Helmut Krcmar, Technical University Munich
  • Michael Schermann, Technical University Munich
  • Mario Hoffmann, Fraunhofer AISEC
  • Ali Sunyaev, University of Cologne

Programme Committee

  • Iryna Windhorst, Fraunhofer AISEC
  • Philipp Stephanow, Fraunhofer AISEC
  • Niels Fallenbeck, Fraunhofer AISEC
  • Andreas Weiß, EuroCloud
  • Bernd Becker, EuroCloud
  • Stephan Schneider, University of Cologne
  • Manuel Wiesche, Technical University Munich
  • Volker Wiedmer, Fujitsu
  • Joachim Lohmann, Fujitsu
  • Michael Diepold, AKDB

This workshop will only accept for review original papers that have not been previously published. Papers should be formatted based on the IEEE Transactions journals and conferences style; maximum allowed camera-ready paper length is six (6) pages. Submissions must be in Adobe PDF format, including text, figures and references.

Accepted papers will be published in the CloudCom2014 proceedings. For further information see IEEE CloudCom 2014 web page http://2014.cloudcom.org/.

SUBMISSIONS

Mario Hoffmann

eMail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone: +49 89/ 322 9986-177

Cell:  +49 151/121 68100 

Fraunhofer Institute for Applied and Integrated Security AISEC

Parkring 4, 85748 Garching near Munich, Germany