Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

On the measurement of data protection compliance for cloud services

: Kunz, Thomas; Selzer, Annika; Waldmann, Ulrich

Fulltext (PDF; )

Plödereder, E.; Grunske, L.; Schneider, E.; Ull, D. ; Gesellschaft für Informatik -GI-, Bonn:
Informatik 2014. Big Data - Komplexität meistern. CD-ROM : Tagung der Gesellschaft für Informatik, 22. - 26. September 2014 in Stuttgart, Deutschland
Bonn: Köllen, 2014 (GI-Edition - Lecture Notes in Informatics (LNI) - Proceedings 232)
ISBN: 978-3-88579-626-8
Gesellschaft für Informatik (Jahrestagung) <44, 2014, Stuttgart>
Conference Paper, Electronic Publication
Fraunhofer SIT ()
data protection; Cloud Computing; metric; policy; automatic control

Companies want to benefit from the numerous advantages of cloud services such as flexibility and cost efficiency. However, cloud services vary considerably with respect to the security and privacy mechanisms provided. Moreover, security-aware companies complain the lack of transparency concerning the security measures and processes the cloud provider has installed. As a solution for the latter one, auditors may evaluate cloud providers and issue certificates attesting whether the cloud provider meets the agreed requirements. However, due to the characteristics of cloud computing, on-site inspections in the data centers of a cloud provider do not seem to be realistic. In this paper we show how metrics can be derived from data protection requirements and how these metrics can be expressed in the form of formal policies, in order to be used for an automated evaluation of cloud services.