<CALL FOR PAPER>
*Call for Paper*
DCCE'14 – 1. Workshop on Dynamic Certification in Cloud Ecosystems In conjuction with IEEE CloudCom 2014 http://2014.cloudcom.org/
*Abstract*
Audits and certificates can help to evaluate and proof cloud infrastructures and ecosystems according to specific compliance catalogues. Subjects of cloud audits are typically the quality of processes and services, the level of security and data protection as well as other standardised checklists. Examples such as the EuroCloud Star Audit are developed in reference to ISO 27001/27017 and ISAE 3000/ ISAE3402 with a restructured approach for cloud service assessment. Other examples which are based on CCM, ISO27001-2013, AICPA Trust Principle (and others) are CSA STAR Certification (which is an evolution, cloud specific of ISO27001) and CSA STAR Attestation (based on SOC2 and CCM). These 2 examples of audits are part of the CSA Open Certification Framework.
Current certification processes, conducted once a year or even only every two years, however, are only partly adjusted to the characteristics and needs of cloud ecosystems. The challenge is to specify new approaches, processes, and controls in order to reflect the flexibility, dynamics and on demand nature of clouds. Heading for dynamic certification means getting the current status of a cloud ecosystem on demand reflecting compliance rules based for instance on the standards above. A typical question from cloud customers nowadays: “Is the cloud service continuously operating compliant to local data protection laws?”
The goal of this workshop is (1) bringing together science, industry, administration and standardisation and (2) elaborating how (abstract) requirements from standards, legislations, and policies can be boiled down to technical means that can be monitored, aggregated, and analysed in a highly dynamic cloud environment in a (half-)automated way.
*Topics of interest*
• Dynamic Certification • Dynamic Service Level Agreements • Cloud Certificates • Continuous / (Semi-)Automated Monitoring and Auditing • Metrics, Measures, and Methods for Dynamic Certification • Complex Event Processing • Data Confidentiality, Integrity and Authenticity • Certification Transparency • Data Aggregation • Data Analytics • Visualisation of Certification Results • Trust in Certificates
*Important Dates*
Paper submissions September 18nd, 2014 Notification September 25th, 2014 Camera-ready October 5th, 2014
*Organisers*
• Helmut Krcmar, Technical University Munich • Michael Schermann, Technical University Munich • Mario Hoffmann, Fraunhofer AISEC • Ali Sunyaev, University of Cologne
*Programme Committee*
• Iryna Windhorst, Fraunhofer AISEC • Philipp Stephanow, Fraunhofer AISEC • Niels Fallenbeck, Fraunhofer AISEC • Andreas Weiß, EuroCloud • Bernd Becker, EuroCloud • Stephan Schneider, University of Cologne • Manuel Wiesche, Technical University Munich • Volker Wiedmer, Fujitsu • Joachim Lohmann, Fujitsu • Michael Diepold, AKDB
*Submissions*
This workshop will only accept for review original papers that have not been previously published. Papers should be formatted based on the IEEE Transactions journals and conferences style; maximum allowed camera-ready paper length is six (6) pages. Submissions must be in Adobe PDF format, including text, figures and references.
Accepted papers will be published in the CloudCom2014 proceedings. For further information see IEEE CloudCom 2014 web page http://2014.cloudcom.org/.
Mario Hoffmann eMail: mario.hoffmann@aisec.fraunhofer.de Phone: +49 89/ 322 9986-177 Cell: +49 151/121 68100
Fraunhofer Institute for Applied and Integrated Security AISEC Parkring 4, 85748 Garching near Munich, Germany
</CALL FOR PAPER>