EMERALD: Evidence Management for Continuous Certification as a Service in the Cloud

• URL: http://arxiv.org/abs/2502.07330v1
• Date: Tue, 11 Feb 2025 07:49:10 GMT
• Title: EMERALD: Evidence Management for Continuous Certification as a Service in the Cloud
• Authors: Christian Banse, Björn Fanta, Juncal Alonso, Cristina Martinez,
• Abstract summary: Lack of cloud-specific security certifications hinder transparency and accountability in the provision and usage of European cloud services. EMERALD aims to provide agile and lean re-certification to consumers that adhere to a defined level of security and trust.
• Score: 0.7499722271664147
• License:
• Abstract: The conspicuous lack of cloud-specific security certifications, in addition to the existing market fragmentation, hinder transparency and accountability in the provision and usage of European cloud services. Both issues ultimately reflect on the level of customers' trustworthiness and adoption of cloud services. The upcoming demand for continuous certification has not yet been definitively addressed and it remains unclear how the level 'high' of the European Cybersecurity Certification Scheme for Cloud Services (EUCS) shall be technologically achieved. The introduction of AI in cloud services is raising the complexity of certification even further. This paper presents the EMERALD Certification-as-a-Service (CaaS) concept for continuous certification of harmonized cybersecurity schemes, like the EUCS. EMERALD CaaS aims to provide agile and lean re-certification to consumers that adhere to a defined level of security and trust in a uniform way across heterogeneous environments consisting of combinations of different resources (Cloud, Edge, IoT). Initial findings suggest that EMERALD will significantly contribute to continuous certification, boosting providers and users of cloud services to maintain regulatory compliance towards the latest and upcoming security schemes.

Related papers

• 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
  Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities. This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users. An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
  arXiv  Detail & Related papers  (2025-02-17T12:23:53Z)
• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls [0.6990493129893112]
  This paper proposes a comprehensive secure framework for managing third-party vendor risk. It integrates blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions.
  arXiv  Detail & Related papers  (2024-11-20T16:42:14Z)
• Advocate -- Trustworthy Evidence in Cloud Systems [39.58317527488534]
  The rapid evolution of cloud-native applications, characterized by dynamic, interconnected services, presents significant challenges for maintaining trustworthy and auditable systems. Traditional methods of verification and certification are often inadequate due to the fast-past and dynamic development practices common in cloud computing. This paper introduces Advocate, a novel agent-based system designed to generate verifiable evidence of cloud-native application operations.
  arXiv  Detail & Related papers  (2024-10-17T12:09:26Z)
• Reflection of Federal Data Protection Standards on Cloud Governance [0.0]
  This research focuses on cloud governance by harmoniously combining multiple data security measures with legislative authority. We present legal aspects aimed at the prevention of data breaches, as well as the technical requirements regarding the implementation of data protection mechanisms.
  arXiv  Detail & Related papers  (2024-02-26T17:04:01Z)
• Service Level Agreements and Security SLA: A Comprehensive Survey [51.000851088730684]
  This survey paper identifies state of the art covering concepts, approaches, and open problems of SLA management. It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic. It proposes a novel classification criterium to organize the analysis based on SLA life cycle phases.
  arXiv  Detail & Related papers  (2024-01-31T12:33:41Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• PointCert: Point Cloud Classification with Deterministic Certified Robustness Guarantees [63.85677512968049]
  Point cloud classification is an essential component in many security-critical applications such as autonomous driving and augmented reality. Existing certified defenses against adversarial point clouds suffer from a key limitation: their certified robustness guarantees are probabilistic. We propose a general framework, namely PointCert, that can transform an arbitrary point cloud classifier to be certifiably robust against adversarial point clouds.
  arXiv  Detail & Related papers  (2023-03-03T14:32:48Z)
• Getting Critical: Making Sense of the EU Cybersecurity Framework for Cloud Providers [0.799536002595393]
  We examine whether all cloud services should be treated as critical infrastructure. We look at the proposed revision of the General Data Protection Regulation and the Network Information Systems Directive. We conclude that since cloud providers are subject to both divergent and divergent regulatory approaches can lead to unintended outcomes and high compliance costs.
  arXiv  Detail & Related papers  (2022-03-09T16:59:36Z)
• Defining Security Requirements with the Common Criteria: Applications, Adoptions, and Challenges [17.700647389830774]
  The adoption of ICT products with security properties depends on consumers' confidence and markets' trust in the security functionalities. Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard for cyber security certification. Best practices on developing Protection Profiles, recommendations, and future directions for trusted cybersecurity advancement are presented.
  arXiv  Detail & Related papers  (2022-01-19T05:05:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.