Kontinuierliche test-basierte Zertifizierung von Cloud-Diensten

This thesis introduces a framework to design and represent minimally invasive tests to support continuous certification of cloud services. Five example scenarios are presented to demonstrate the applicability of the framework and it is shown how to experimentally evaluate the accuracy and precision of test results. Finally, the behavior of an adversarial cloud service provider is described who only pretends to comply with a set of controls and countermeasures are proposed.Diese Arbeit entwickelt ein Framework zur Erstellung und Repräsentation minimalinvasiver Tests, die die kontinuierliche Zertifizierung von Cloud-Diensten unterstützen. Die Anwendung des Frameworks wird in fünf Beispielszenarien demonstriert und es wird gezeigt wie die Genauigkeit der Tests experimentell untersucht werden kann. Schließlich wird das Verhalten eines betrügerischen Cloud-Anbieters modelliert, der nur vorgibt, Anforderungen eines Zertifikates zu erfüllen sowie Gegenmaßnahmen präsentiert

Anforderungserhebung in der öffentlichen Verwaltung - Ein Vorschlag für einen strukturierten Erhebungsprozess und die resultierende Anforderungsdokumentation

Die Anforderungserhebung ist eine der entscheidenden Phasenerfolgreicher Softwareentwicklung und birgt im Kontexteines oentlichen Organs besondere Herausforderungen.Neben historisch gewachsenen IT-Landschaften sind in denverantwortlichen Entscheidungsgremien oentlicher Verwaltungenhochst unterschiedliche Expertisen im Hinblick aufdie Softwareentwicklung anzutreen. Ein Anforderungsdokumentmuss diesen Umstand berucksichtigen und fur alleBeteiligten verstandlich sein; nichtsdestotrotz muss dieinhaltliche Qualitat dokumentierter Anforderungen gewahrleistetsein. Der vorliegende Beitrag adressiert diese Herausforderungenund stellt ein Verfahren zur strukturierten Anforderungserhebungim oentlichen Kontext vor. Dabei werdenunter Verwendung sowohl naturlichsprachlicher als auchmodellbasierter Anforderungsdokumentation Vorschlage zurStrukturierung des Anforderungsdokumentes sowie der syntaktischenMuster einzelner Anforderungen unterbreitet. Eswird zudem die Anwendung und Ergebnisse des vorgestelltenVerfahrens im Rahmen des Projektes der UniversitatBayreuth zur Konsolidierung der universitaren Informationssystemedargelegt

A Process Model to Support Continuous Certification of Cloud Services

Current research on cloud service certification is working on techniques to continuously, i.e. automatically and repeatedly, assess whether cloud services satisfy certification criteria. However, traditional certifications are conducted following static processes which are not designed to meet the requirements of continuous certification techniques. In this paper, we address this gap by redesigning the traditional certification process and adding suitable tooling to support continuous certification of cloud services. To that end, we analyze and generalize traditional certification processes and, on this basis, develop a novel, executable process model to detect ongoing changes of cloud services and adapt continuous certification techniques accordingly. We present our prototype which implements the process model and show how it allows us to automatically reconfigure continuous certification techniques according to changes observed in the target of certification as well as to continuously report certification results

Language Classes for Cloud Service Certification Systems

Certification of cloud services aims at increasing the trust of customers towards cloud services and providing comparability between cloud services. Applying the concept of certification to cloud services requires systems which continuously detect ongoing changes of the service and assess their impact on customer requirements. In this paper, we propose eight language classes for cloud service certification systems to facilitate research in design and implementation of these systems. To that end, we draw on language classes developed for signature-based intrusion detection systems and apply them to cloud service certification systems

Test-Based Cloud Service Certification of Opportunistic Providers

Through automatically checking whether cloud services satisfy customers' requirements, cloud service certification promises cloud providers competitive advantages, e.g. by attracting new customers. However, certification can increase costs of cloud providers, creating incentives for fraudulent providers to save costs by only pretending to satisfy customers' requirements. Opportunistic providers are fraudulent providers who will only cheat if they are not caught. In this paper, we propose an approach to support cloud service certification of opportunistic providers. To that end, we introduce a method to model the behavior of opportunistic providers and propose a framework supporting test-based certification which builds on randomized testing and is non-invasive. We show how our framework reduces the willingness of opportunistic providers to cheat, and present experimental results of tests supporting the certification of requirements related to resource availability, resource provisioning, and quality of service