"Cloud Assurance: The Notion and the Issues"
Ernesto Damiani is a full professor at the Computer Science Department of Università degli Studi di Milano, Italy, the director of Secure Servcie-oriented Architectures (SESAR) lab and the Head of the University’s Ph.D. program in Computer Science. His areas of interest include Cloud and SOA security, semi-structured information processing, business process analysis and discovery. He has published several books and more than 300 papers and international patents. His work has appeared, among many others, in the IEEE Trans. on Knowledge and Data Engineering, the IEEE Trans. on Service Computing, the ACM Trans. on Information and System Security, the IEEE Trans. on Fuzzy Systems, the ACM Trans. on Information Systems and the ACM Trans. on Software Engineering and Methodology. He is a senior member of the IEEE and ACM Distinguished Scientist.
Ernesto Damiani leads/has led a number of international research projects: he was the Principal Investigator of the ASSERT4SOA project (STREP) on the security certification of SOA; has led the activity of SESAR research unit within SecureSCM (STREP), ARISTOTELE (IP), ASSERT4SOA (STREP), CUMULUS (STREP) and PRACTICE (IP) projects funded by the EC in the 7th Framework Program.
Ernesto has been an Associate Editor of the IEEE Trans. on Service-Oriented Computing since its inception, and is an Associate Editor of the IEEE Trans. on Fuzzy Systems. Also, Prof. Damiani is Editor in chief of the International Journal of Knowledge and Learning (Inderscience) and of the International Journal of Web Technology and Engineering (IJWTE).
Generating and handling assurance information on the cloud is an open challenge, as conflicting requirements (e.g., transparency vs. privacy) are emerging and the size of data involved is huge. Still, managing assurance is of paramount importance for guaranteeing the desired security and dependability properties of cloud-based computations. In this talk, we first discuss the conceptual framework to represent monitoring and test-based assurance, grounding assurance-based service-level agreements (SLAs) and certification models for cloud-based services. Then, we focus on:
(i) the definition of security and dependability properties to be negotiated and certified on the cloud
(ii) the types of evidence underlying them and the mechanisms for generating evidence
(iii) the phases of the assurance artifacts life-cycle.