Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence...
Saved in:
Published in | IET software Vol. 13; no. 3; pp. 213 - 222 |
---|---|
Main Authors | , , , , , , , , |
Format | Journal Article |
Language | English |
Published |
The Institution of Engineering and Technology
01.06.2019
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Abstract | Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime. |
---|---|
AbstractList | Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime. |
Author | Larrucea, Xabier Rios, Erkuden Rak, Massimiliano Dominiak, Jacek Muntés, Victor Iturbe, Eider Matthews, Peter Gonzalez, Luis Mallouli, Wissam |
Author_xml | – sequence: 1 givenname: Erkuden surname: Rios fullname: Rios, Erkuden email: erkuden.rios@tecnalia.com organization: 1Fundación Tecnalia Research & Innovation, Derio, Spain – sequence: 2 givenname: Eider surname: Iturbe fullname: Iturbe, Eider organization: 1Fundación Tecnalia Research & Innovation, Derio, Spain – sequence: 3 givenname: Xabier surname: Larrucea fullname: Larrucea, Xabier organization: 1Fundación Tecnalia Research & Innovation, Derio, Spain – sequence: 4 givenname: Massimiliano orcidid: 0000-0001-6708-4032 surname: Rak fullname: Rak, Massimiliano organization: 2University of Campania Studies Luigi Vanvitelli, Naples, Italy – sequence: 5 givenname: Wissam surname: Mallouli fullname: Mallouli, Wissam organization: 3Montimage Research & Development, Paris, France – sequence: 6 givenname: Jacek surname: Dominiak fullname: Dominiak, Jacek organization: 4CA Technologies, Warszaw, Poland – sequence: 7 givenname: Victor surname: Muntés fullname: Muntés, Victor organization: 5CA Technologies, Barcelona, Spain – sequence: 8 givenname: Peter surname: Matthews fullname: Matthews, Peter organization: 6CA Technologies, Berkshire, UK – sequence: 9 givenname: Luis surname: Gonzalez fullname: Gonzalez, Luis organization: 7FAST Laboratory, Tampere University of Technology, Tampere, Finland |
BookMark | eNqFkM9LwzAUx4NMcJv-Ad56dIfOJE261pvObQ6Gipt4DGnzIh39MZJ20v_e1A3xoHgILzy-n8d7nwHqlVUJCF0SPCaYxdcZ1L6FckwxicacxsEJ6pMJJ34UEdb7_uPwDA2s3WLMOQ_iPkrWYPZZCl4Oe8g9-W4ACihrP5EWlLe4f37x0qrY5ZksXUqWyrOQNiarW09a25ivdlZ6V0WT19lomleNOsK2tTUU9hydaplbuDjWIXqdzzbTB3_1tFhOb1d-ygjh_iTlWkWMKJ1Ijd2LeBSECscJ4ZJKzEMOKqGpTiaUxWnIJ4zFYRhTRVmoFQuGiBzmpqay1oAWO5MV0rSCYNFJEk6ScJJEJ0l0khxzc2A-shza_wGxnr_RuznGlHAHjw5wF9tWjSndeWI524j17PEHs1PaZf1fsn8v9gk8GY2y |
CitedBy_id | crossref_primary_10_3390_electronics11223707 crossref_primary_10_2196_30691 crossref_primary_10_1145_3585538 crossref_primary_10_1007_s00766_023_00396_w crossref_primary_10_1016_j_compeleceng_2022_107690 crossref_primary_10_7717_peerj_cs_1898 crossref_primary_10_1365_s40702_020_00683_y crossref_primary_10_1016_j_csi_2019_103408 crossref_primary_10_1109_TII_2020_2974493 crossref_primary_10_14778_3450980_3450986 crossref_primary_10_3233_JHS_230080 crossref_primary_10_7717_peerj_cs_1171 crossref_primary_10_1007_s42045_020_00046_7 |
Cites_doi | 10.1109/CNS.2017.8228701 10.1007/978-3-319-57186-7_57 10.1049/iet-sen.2018.5295 10.1109/CloudCom.2016.0063 10.1145/3098954.3104059 10.1109/TSC.2016.2540630 10.1007/978-3-319-61566-0_81 10.1109/WETICE.2016.27 10.1109/APSCC.2012.54 10.1145/2695664.2699490 |
ContentType | Journal Article |
Copyright | The Institution of Engineering and Technology 2019 The Institution of Engineering and Technology |
Copyright_xml | – notice: The Institution of Engineering and Technology – notice: 2019 The Institution of Engineering and Technology |
DBID | AAYXX CITATION |
DOI | 10.1049/iet-sen.2018.5293 |
DatabaseName | CrossRef |
DatabaseTitle | CrossRef |
DatabaseTitleList | |
DeliveryMethod | fulltext_linktorsrc |
Discipline | Computer Science |
EISSN | 1751-8814 |
EndPage | 222 |
ExternalDocumentID | 10_1049_iet_sen_2018_5293 SFW2BF00215 |
Genre | article |
GrantInformation_xml | – fundername: Horizon 2020 Framework Programme grantid: 644429 – fundername: Horizon 2020 Framework Programme grantid: 780351 – fundername: Horizon 2020 Framework Programme funderid: 644429 – fundername: Horizon 2020 Framework Programme funderid: 780351 |
GroupedDBID | 0R 24P 29I 3V. 4.4 4IJ 5GY 6IK 8AL 8FE 8FG 8VB AAJGR ABJCF ABPTK ABUWG ACDCL ACGFS ACIWK AENEX AFKRA ALMA_UNASSIGNED_HOLDINGS ARAPS AZQEC BENPR BFFAM BGLVJ BPHCQ CS3 DU5 DWQXO EBS EJD ESX GNUQQ GOZPB GRPMH HCIFZ HZ IFIPE IPLJI JAVBF K6V K7- L6V LAI LOTEE LXI M0N M43 M7S MS NADUK NXXTH O9- OCL P62 PQEST PQQKQ PQUKI PROAC PTHSS QWB RIE RNS RUI U5U UNMZH UNR ZL0 .DC 0R~ 0ZK 1OC 2QL 96U AAHHS AAHJG AAYOK ABMDY ABQXS ACCFJ ACESK ACGFO ACXQS ADEYR ADZOD AEEZP AEGXH AEQDE AFAZI AIWBW AJBDE ALUQN AVUZU CCPQU F8P GROUPED_DOAJ HZ~ IAO K1G MCNEO MS~ OK1 AAYXX CITATION ITC |
ID | FETCH-LOGICAL-c4115-7c5fd841dfbaf0baf85836d09b15a2a0565edb2cfb7249c6574496692d246fd43 |
IEDL.DBID | 24P |
ISSN | 1751-8806 1751-8814 |
IngestDate | Thu Sep 26 19:22:00 EDT 2024 Sat Aug 24 01:05:32 EDT 2024 Mon Jun 17 00:54:21 EDT 2019 Tue Jan 05 21:49:56 EST 2021 |
IsDoiOpenAccess | false |
IsOpenAccess | true |
IsPeerReviewed | true |
IsScholarly | true |
Issue | 3 |
Keywords | service provision law enforcement authorities multicloud-based systems contracts security assurance formal specification evidence collection service level agreement DevOps framework security of data privacy controls security controls quality assurance security level objectives data protection European General Data Protection Regulation cloud computing GDPR compliance |
Language | English |
LinkModel | DirectLink |
MergedId | FETCHMERGED-LOGICAL-c4115-7c5fd841dfbaf0baf85836d09b15a2a0565edb2cfb7249c6574496692d246fd43 |
ORCID | 0000-0001-6708-4032 |
OpenAccessLink | https://ietresearch.onlinelibrary.wiley.com/doi/pdfdirect/10.1049/iet-sen.2018.5293 |
PageCount | 10 |
ParticipantIDs | wiley_primary_10_1049_iet_sen_2018_5293_SFW2BF00215 iet_journals_10_1049_iet_sen_2018_5293 crossref_primary_10_1049_iet_sen_2018_5293 |
ProviderPackageCode | RUI |
PublicationCentury | 2000 |
PublicationDate | 20190600 June 2019 2019-06-00 |
PublicationDateYYYYMMDD | 2019-06-01 |
PublicationDate_xml | – month: 6 year: 2019 text: 20190600 |
PublicationDecade | 2010 |
PublicationTitle | IET software |
PublicationYear | 2019 |
Publisher | The Institution of Engineering and Technology |
Publisher_xml | – name: The Institution of Engineering and Technology |
References | Casola, V.; De Benedictis, A.; Rak, M. (C12) 2016; 10 Conley, E.; Pocs, M. (C17) 2018; 14 Ripolles, O.; Muntes, V.; Matthews, P. (C28) 2018 2016; 10 1997 2018 2017 2016 2015 2012 2018; 14 e_1_2_10_23_1 e_1_2_10_24_1 e_1_2_10_21_1 e_1_2_10_22_1 e_1_2_10_20_1 e_1_2_10_2_1 e_1_2_10_4_1 e_1_2_10_3_1 e_1_2_10_19_1 e_1_2_10_6_1 e_1_2_10_16_1 e_1_2_10_5_1 e_1_2_10_17_1 e_1_2_10_8_1 e_1_2_10_14_1 Conley E. (e_1_2_10_18_1) 2018; 14 e_1_2_10_7_1 e_1_2_10_15_1 e_1_2_10_12_1 e_1_2_10_9_1 e_1_2_10_10_1 e_1_2_10_33_1 e_1_2_10_11_1 e_1_2_10_31_1 Dorfmann M.S. (e_1_2_10_32_1) 1997 Casola V. (e_1_2_10_13_1) 2016; 10 Baah A. (e_1_2_10_30_1) 2017 e_1_2_10_29_1 e_1_2_10_27_1 e_1_2_10_28_1 e_1_2_10_25_1 e_1_2_10_26_1 |
References_xml | – volume: 10 start-page: 741 issue: 5 year: 2016 end-page: 755 ident: C12 article-title: Automatically enforcing security SLAs in the cloud publication-title: IEEE Trans. Serv. Comput. contributor: fullname: Casola, V.; De Benedictis, A.; Rak, M. – volume: 14 start-page: 48 issue: 3 year: 2018 end-page: 61 ident: C17 article-title: GDPR compliance challenges for interoperable health informaon exchanges (HIEs) and trustworthy research environments (TREs) publication-title: Eur. J. Biomed. Inf. contributor: fullname: Conley, E.; Pocs, M. – year: 2018 ident: C28 article-title: Agile risk management for multi-cloud software development publication-title: IET Softw. contributor: fullname: Ripolles, O.; Muntes, V.; Matthews, P. – start-page: 83 year: 2016 end-page: 88 article-title: Per-service security SLA: a new model for security management in clouds – volume: 14 start-page: 48 issue: 3 year: 2018 end-page: 61 article-title: GDPR compliance challenges for interoperable health informaon exchanges (HIEs) and trustworthy research environments (TREs) publication-title: Eur. J. Biomed. Inf. – start-page: 374 year: 2012 end-page: 379 article-title: SLA-based service composition model with semantic support – start-page: 467 year: 2017 end-page: 475 article-title: Dynamic security assurance in multi-cloud DevOps – volume: 10 start-page: 741 issue: 5 year: 2016 end-page: 755 article-title: Automatically enforcing security SLAs in the cloud publication-title: IEEE Trans. Serv. Comput. – year: 2017 article-title: Self-healing multi-cloud application modelling – start-page: 786 year: 2017 end-page: 799 article-title: Security assurance of (multi-) cloud application with security SLA composition – year: 2017 article-title: SLA-based continuous security assurance in multi-cloud DevOps – start-page: 854 year: 2017 end-page: 863 article-title: A security metric catalogue for cloud applications – year: 1997 – start-page: 1219 year: 2015 end-page: 1224 article-title: SLA composition in service networks – start-page: 360 year: 2016 end-page: 365 article-title: Supporting model-based privacy analysis by exploiting privacy level agreements – year: 2017 – year: 2018 article-title: Agile risk management for multi-cloud software development publication-title: IET Softw. – year: 2016 – year: 2018 – year: 2015 – ident: e_1_2_10_5_1 – ident: e_1_2_10_33_1 – volume-title: Agile quality assurance: deliver quality software-providing great business value year: 2017 ident: e_1_2_10_30_1 contributor: fullname: Baah A. – ident: e_1_2_10_2_1 – ident: e_1_2_10_6_1 doi: 10.1109/CNS.2017.8228701 – ident: e_1_2_10_10_1 – ident: e_1_2_10_24_1 doi: 10.1007/978-3-319-57186-7_57 – ident: e_1_2_10_29_1 doi: 10.1049/iet-sen.2018.5295 – ident: e_1_2_10_28_1 – ident: e_1_2_10_19_1 doi: 10.1109/CloudCom.2016.0063 – volume: 14 start-page: 48 issue: 3 year: 2018 ident: e_1_2_10_18_1 article-title: GDPR compliance challenges for interoperable health informaon exchanges (HIEs) and trustworthy research environments (TREs) publication-title: Eur. J. Biomed. Inf. contributor: fullname: Conley E. – ident: e_1_2_10_21_1 – volume-title: Introduction to risk management and insurance year: 1997 ident: e_1_2_10_32_1 contributor: fullname: Dorfmann M.S. – ident: e_1_2_10_27_1 – ident: e_1_2_10_26_1 – ident: e_1_2_10_20_1 – ident: e_1_2_10_25_1 doi: 10.1145/3098954.3104059 – ident: e_1_2_10_9_1 – ident: e_1_2_10_31_1 – ident: e_1_2_10_12_1 – ident: e_1_2_10_7_1 doi: 10.1109/CNS.2017.8228701 – volume: 10 start-page: 741 issue: 5 year: 2016 ident: e_1_2_10_13_1 article-title: Automatically enforcing security SLAs in the cloud publication-title: IEEE Trans. Serv. Comput. doi: 10.1109/TSC.2016.2540630 contributor: fullname: Casola V. – ident: e_1_2_10_15_1 – ident: e_1_2_10_16_1 doi: 10.1007/978-3-319-61566-0_81 – ident: e_1_2_10_4_1 – ident: e_1_2_10_8_1 doi: 10.1109/WETICE.2016.27 – ident: e_1_2_10_14_1 – ident: e_1_2_10_22_1 doi: 10.1109/APSCC.2012.54 – ident: e_1_2_10_23_1 doi: 10.1145/2695664.2699490 – ident: e_1_2_10_17_1 – ident: e_1_2_10_3_1 – ident: e_1_2_10_11_1 |
SSID | ssj0055539 |
Score | 2.3425398 |
Snippet | Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges... |
SourceID | crossref wiley iet |
SourceType | Aggregation Database Publisher Enrichment Source |
StartPage | 213 |
SubjectTerms | cloud computing contracts data protection DevOps framework European General Data Protection Regulation evidence collection formal specification GDPR compliance law enforcement authorities multicloud-based systems privacy controls quality assurance security assurance security controls security level objectives security of data service level agreement service provision Special Issue: Security and Privacy in Cloud-based Systems |
Title | Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems |
URI | http://digital-library.theiet.org/content/journals/10.1049/iet-sen.2018.5293 https://onlinelibrary.wiley.com/doi/abs/10.1049%2Fiet-sen.2018.5293 |
Volume | 13 |
hasFullText | 1 |
inHoldings | 1 |
isFullTextHit | |
isPrint | |
link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Lj9MwEB613QsX2OUhukBlIYQAKbuJYyfOsZSWgsRqRVu22osVv6SVVmnVx52fsL-RX8LYSbuqkEDikMtknEgzHs839ngG4A0TmhYmx9gkNzpiKdVRQTWPlM6YibmyQvjLyd8usvGMfZ3zeQsGu7swdX2I_Yabt4ywXnsDL1XdhQRBLSrxxm6itfUlTBNxxtFrteEI4Y3wU5uyy91yzDkP7cTQTSaREAnbH20W53984sA5tfH1IWQNPmd0DA8bsEj6tXZPoGWrx_Bo14iBNHb5BGxj8eTWpwCREmPosOv36-ed91KGfP50-Z3U2eNey6SsDFk3nesIwuftKpBvqnchwfD94HaxNfvRdbXn9VOYjYbTwThq-idEmqEkolxzZwRLjFOli_ERXKSZiQuV8JKWCH24NYpqp3IMwnTGc8Yw-imooSxzhqXPoFMtKvsciEmK3BoMpHMrmIsz5auo6pTGzinOFO_Ch53g5LIukyHD8TYrJIpRopSll7L0Uu7CW09rjGX9N8bXB4xfhlM5GV7cM8ilcV1Ig4r-_V85GV3Rj6MAc07_a9QLeID0ok4VewmdzWprXyEo2ahemHQ9OOr_mF3PfgOvXt59 |
link.rule.ids | 315,786,790,11589,27955,27956,46085,46509,50847,50956 |
linkProvider | Wiley-Blackwell |
linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LT9wwEB4BPZQLrxaxUIqFKtQiBRJnnDhHHrtdCqxQWcTerPglIaGA2N07P4HfyC-p7WS3WiFRqYdcnHEijT2eb-zxNwDfkCta6NzFJrlWEaZURQVVLJIqQx0zaTj3l5Mve1n3Bn8N2GAOTid3YWp-iOmGm7eMsF57A_cb0nXAiZ4k886MoqHxHKYJP2DObc3DB_SEcJ7fGa8m6zFjLNQTc34yiThPcHq2WRy--cSMd5p3r2cxa3A6nRVYatAiOaqHdxXmTLUGy5NKDKQxzE9gGpMn9z4HiJQuiA7bfq_PL95NafLz9Oo3qdPH_TCTstJk2JSuIw4_j59C8131PWQY_ji5fxjrae-a7nn4GW467f5JN2oKKEQKHdKLcsWs5phoK0sbu4cznmY6LmTCSlo67MOMllRZmbsoTGUsR3ThT0E1xcxqTNdhoXqozAYQnRS50S6Szg1HG2fS06iqlMbWSoaStWB_ojjxWPNkiHC-jYVwahROy8JrWXgtt2DPtzXWMnxPcHdG8KzdF9ft3l8B8ahtC9IwRP_-r7ju3NLjTsA5m__Vawc-dvuXF-LirHe-BYtOpqjzxr7AwuhpbLYdQhnJr2EC_gGsFuAn |
linkToPdf | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1La9wwEB7ygJJL36Gb9CFKKW3BiS2PbPnYbtZN-liWJqG5CesFgeCE7O69P6G_sb-kI9m7ZQkk0IMv8siGkUbzjTT6BuANSsMrW1JsUlqTYM5NUnEjEm0KtKnQTspwOfn7uDg8xS9n4mwNhou7MB0_xHLDLVhGXK-DgV9Z38WbGDgyz90smbpAYZrJPUFeax02sSAEEeidcbJYjoUQsZwYuckskTLD5dFmtX_jEyvOaZ1er0LW6HPqh3C_B4vsYze6j2DNtY_hwaIQA-vt8gm43uLZRUgBYg3F0HHX78-v38FLWfb5YPKDddnjYZRZ01o27SvXMYLP8-vYfN6-iwmG74cXl3O77N2xPU-fwmk9OhkeJn39hMQgAb2kNMJbiZn1uvEpPVLIvLBppTPR8Iagj3BWc-N1SUGYKUSJSNFPxS3HwlvMt2GjvWzdM2A2q0pnKZAunUSfFjqwqJqcp95rgVoM4MNCceqqo8lQ8XgbK0VqVKRlFbSsgpYH8Da09cYyvU3w9Yrg0ehEHY_G_wQUTYkB5HGI7v6vOq5_8k91hDk7_9XrFdybHNTq29H46y5skUjVZY09h43Z9dy9IHwy0y_j_PsLYlnfUA |
openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Service+level+agreement-based+GDPR+compliance+and+security+assurance+in+%28multi%29Cloud-based+systems&rft.jtitle=IET+software&rft.au=Rios%2C+Erkuden&rft.au=Iturbe%2C+Eider&rft.au=Larrucea%2C+Xabier&rft.au=Rak%2C+Massimiliano&rft.date=2019-06-01&rft.pub=The+Institution+of+Engineering+and+Technology&rft.issn=1751-8806&rft.eissn=1751-8814&rft.volume=13&rft.issue=3&rft.spage=213&rft.epage=222&rft_id=info:doi/10.1049%2Fiet-sen.2018.5293&rft.externalDocID=10_1049_iet_sen_2018_5293 |
thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1751-8806&client=summon |
thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1751-8806&client=summon |
thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1751-8806&client=summon |