Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence...

Full description

Saved in:

Bibliographic Details
Published in	IET software Vol. 13; no. 3; pp. 213 - 222
Main Authors	Rios, Erkuden, Iturbe, Eider, Larrucea, Xabier, Rak, Massimiliano, Mallouli, Wissam, Dominiak, Jacek, Muntés, Victor, Matthews, Peter, Gonzalez, Luis
Format	Journal Article
Language	English
Published	The Institution of Engineering and Technology 01.06.2019
Subjects	cloud computing contracts data protection DevOps framework European General Data Protection Regulation evidence collection formal specification GDPR compliance law enforcement authorities multicloud-based systems privacy controls quality assurance security assurance security controls security level objectives security of data service level agreement service provision Special Issue: Security and Privacy in Cloud-based Systems service provision law enforcement authorities multicloud-based systems contracts security assurance formal specification evidence collection service level agreement DevOps framework security of data privacy controls security controls quality assurance security level objectives data protection European General Data Protection Regulation cloud computing GDPR compliance
Online Access	Get full text

Cover

Loading…

Abstract	Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime.
AbstractList	Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime.
Author	Larrucea, Xabier Rios, Erkuden Rak, Massimiliano Dominiak, Jacek Muntés, Victor Iturbe, Eider Matthews, Peter Gonzalez, Luis Mallouli, Wissam
Author_xml	– sequence: 1 givenname: Erkuden surname: Rios fullname: Rios, Erkuden email: erkuden.rios@tecnalia.com organization: 1Fundación Tecnalia Research & Innovation, Derio, Spain – sequence: 2 givenname: Eider surname: Iturbe fullname: Iturbe, Eider organization: 1Fundación Tecnalia Research & Innovation, Derio, Spain – sequence: 3 givenname: Xabier surname: Larrucea fullname: Larrucea, Xabier organization: 1Fundación Tecnalia Research & Innovation, Derio, Spain – sequence: 4 givenname: Massimiliano orcidid: 0000-0001-6708-4032 surname: Rak fullname: Rak, Massimiliano organization: 2University of Campania Studies Luigi Vanvitelli, Naples, Italy – sequence: 5 givenname: Wissam surname: Mallouli fullname: Mallouli, Wissam organization: 3Montimage Research & Development, Paris, France – sequence: 6 givenname: Jacek surname: Dominiak fullname: Dominiak, Jacek organization: 4CA Technologies, Warszaw, Poland – sequence: 7 givenname: Victor surname: Muntés fullname: Muntés, Victor organization: 5CA Technologies, Barcelona, Spain – sequence: 8 givenname: Peter surname: Matthews fullname: Matthews, Peter organization: 6CA Technologies, Berkshire, UK – sequence: 9 givenname: Luis surname: Gonzalez fullname: Gonzalez, Luis organization: 7FAST Laboratory, Tampere University of Technology, Tampere, Finland
BookMark	eNqFkM9LwzAUx4NMcJv-Ad56dIfOJE261pvObQ6Gipt4DGnzIh39MZJ20v_e1A3xoHgILzy-n8d7nwHqlVUJCF0SPCaYxdcZ1L6FckwxicacxsEJ6pMJJ34UEdb7_uPwDA2s3WLMOQ_iPkrWYPZZCl4Oe8g9-W4ACihrP5EWlLe4f37x0qrY5ZksXUqWyrOQNiarW09a25ivdlZ6V0WT19lomleNOsK2tTUU9hydaplbuDjWIXqdzzbTB3_1tFhOb1d-ygjh_iTlWkWMKJ1Ijd2LeBSECscJ4ZJKzEMOKqGpTiaUxWnIJ4zFYRhTRVmoFQuGiBzmpqay1oAWO5MV0rSCYNFJEk6ScJJEJ0l0khxzc2A-shza_wGxnr_RuznGlHAHjw5wF9tWjSndeWI524j17PEHs1PaZf1fsn8v9gk8GY2y
CitedBy_id	crossref_primary_10_3390_electronics11223707 crossref_primary_10_2196_30691 crossref_primary_10_1145_3585538 crossref_primary_10_1007_s00766_023_00396_w crossref_primary_10_1016_j_compeleceng_2022_107690 crossref_primary_10_7717_peerj_cs_1898 crossref_primary_10_1365_s40702_020_00683_y crossref_primary_10_1016_j_csi_2019_103408 crossref_primary_10_1109_TII_2020_2974493 crossref_primary_10_14778_3450980_3450986 crossref_primary_10_3233_JHS_230080 crossref_primary_10_7717_peerj_cs_1171 crossref_primary_10_1007_s42045_020_00046_7
Cites_doi	10.1109/CNS.2017.8228701 10.1007/978-3-319-57186-7_57 10.1049/iet-sen.2018.5295 10.1109/CloudCom.2016.0063 10.1145/3098954.3104059 10.1109/TSC.2016.2540630 10.1007/978-3-319-61566-0_81 10.1109/WETICE.2016.27 10.1109/APSCC.2012.54 10.1145/2695664.2699490
ContentType	Journal Article
Copyright	The Institution of Engineering and Technology 2019 The Institution of Engineering and Technology
Copyright_xml	– notice: The Institution of Engineering and Technology – notice: 2019 The Institution of Engineering and Technology
DBID	AAYXX CITATION
DOI	10.1049/iet-sen.2018.5293
DatabaseName	CrossRef
DatabaseTitle	CrossRef
DatabaseTitleList
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
EISSN	1751-8814
EndPage	222
ExternalDocumentID	10_1049_iet_sen_2018_5293 SFW2BF00215
Genre	article
GrantInformation_xml	– fundername: Horizon 2020 Framework Programme grantid: 644429 – fundername: Horizon 2020 Framework Programme grantid: 780351 – fundername: Horizon 2020 Framework Programme funderid: 644429 – fundername: Horizon 2020 Framework Programme funderid: 780351
GroupedDBID	0R 24P 29I 3V. 4.4 4IJ 5GY 6IK 8AL 8FE 8FG 8VB AAJGR ABJCF ABPTK ABUWG ACDCL ACGFS ACIWK AENEX AFKRA ALMA_UNASSIGNED_HOLDINGS ARAPS AZQEC BENPR BFFAM BGLVJ BPHCQ CS3 DU5 DWQXO EBS EJD ESX GNUQQ GOZPB GRPMH HCIFZ HZ IFIPE IPLJI JAVBF K6V K7- L6V LAI LOTEE LXI M0N M43 M7S MS NADUK NXXTH O9- OCL P62 PQEST PQQKQ PQUKI PROAC PTHSS QWB RIE RNS RUI U5U UNMZH UNR ZL0 .DC 0R~ 0ZK 1OC 2QL 96U AAHHS AAHJG AAYOK ABMDY ABQXS ACCFJ ACESK ACGFO ACXQS ADEYR ADZOD AEEZP AEGXH AEQDE AFAZI AIWBW AJBDE ALUQN AVUZU CCPQU F8P GROUPED_DOAJ HZ~ IAO K1G MCNEO MS~ OK1 AAYXX CITATION ITC
ID	FETCH-LOGICAL-c4115-7c5fd841dfbaf0baf85836d09b15a2a0565edb2cfb7249c6574496692d246fd43
IEDL.DBID	24P
ISSN	1751-8806 1751-8814
IngestDate	Thu Sep 26 19:22:00 EDT 2024 Sat Aug 24 01:05:32 EDT 2024 Mon Jun 17 00:54:21 EDT 2019 Tue Jan 05 21:49:56 EST 2021
IsDoiOpenAccess	false
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Issue	3
Keywords	service provision law enforcement authorities multicloud-based systems contracts security assurance formal specification evidence collection service level agreement DevOps framework security of data privacy controls security controls quality assurance security level objectives data protection European General Data Protection Regulation cloud computing GDPR compliance
Language	English
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-c4115-7c5fd841dfbaf0baf85836d09b15a2a0565edb2cfb7249c6574496692d246fd43
ORCID	0000-0001-6708-4032
OpenAccessLink	https://ietresearch.onlinelibrary.wiley.com/doi/pdfdirect/10.1049/iet-sen.2018.5293
PageCount	10
ParticipantIDs	wiley_primary_10_1049_iet_sen_2018_5293_SFW2BF00215 iet_journals_10_1049_iet_sen_2018_5293 crossref_primary_10_1049_iet_sen_2018_5293
ProviderPackageCode	RUI
PublicationCentury	2000
PublicationDate	20190600 June 2019 2019-06-00
PublicationDateYYYYMMDD	2019-06-01
PublicationDate_xml	– month: 6 year: 2019 text: 20190600
PublicationDecade	2010
PublicationTitle	IET software
PublicationYear	2019
Publisher	The Institution of Engineering and Technology
Publisher_xml	– name: The Institution of Engineering and Technology
References	Casola, V.; De Benedictis, A.; Rak, M. (C12) 2016; 10 Conley, E.; Pocs, M. (C17) 2018; 14 Ripolles, O.; Muntes, V.; Matthews, P. (C28) 2018 2016; 10 1997 2018 2017 2016 2015 2012 2018; 14 e_1_2_10_23_1 e_1_2_10_24_1 e_1_2_10_21_1 e_1_2_10_22_1 e_1_2_10_20_1 e_1_2_10_2_1 e_1_2_10_4_1 e_1_2_10_3_1 e_1_2_10_19_1 e_1_2_10_6_1 e_1_2_10_16_1 e_1_2_10_5_1 e_1_2_10_17_1 e_1_2_10_8_1 e_1_2_10_14_1 Conley E. (e_1_2_10_18_1) 2018; 14 e_1_2_10_7_1 e_1_2_10_15_1 e_1_2_10_12_1 e_1_2_10_9_1 e_1_2_10_10_1 e_1_2_10_33_1 e_1_2_10_11_1 e_1_2_10_31_1 Dorfmann M.S. (e_1_2_10_32_1) 1997 Casola V. (e_1_2_10_13_1) 2016; 10 Baah A. (e_1_2_10_30_1) 2017 e_1_2_10_29_1 e_1_2_10_27_1 e_1_2_10_28_1 e_1_2_10_25_1 e_1_2_10_26_1
References_xml	– volume: 10 start-page: 741 issue: 5 year: 2016 end-page: 755 ident: C12 article-title: Automatically enforcing security SLAs in the cloud publication-title: IEEE Trans. Serv. Comput. contributor: fullname: Casola, V.; De Benedictis, A.; Rak, M. – volume: 14 start-page: 48 issue: 3 year: 2018 end-page: 61 ident: C17 article-title: GDPR compliance challenges for interoperable health informaon exchanges (HIEs) and trustworthy research environments (TREs) publication-title: Eur. J. Biomed. Inf. contributor: fullname: Conley, E.; Pocs, M. – year: 2018 ident: C28 article-title: Agile risk management for multi-cloud software development publication-title: IET Softw. contributor: fullname: Ripolles, O.; Muntes, V.; Matthews, P. – start-page: 83 year: 2016 end-page: 88 article-title: Per-service security SLA: a new model for security management in clouds – volume: 14 start-page: 48 issue: 3 year: 2018 end-page: 61 article-title: GDPR compliance challenges for interoperable health informaon exchanges (HIEs) and trustworthy research environments (TREs) publication-title: Eur. J. Biomed. Inf. – start-page: 374 year: 2012 end-page: 379 article-title: SLA-based service composition model with semantic support – start-page: 467 year: 2017 end-page: 475 article-title: Dynamic security assurance in multi-cloud DevOps – volume: 10 start-page: 741 issue: 5 year: 2016 end-page: 755 article-title: Automatically enforcing security SLAs in the cloud publication-title: IEEE Trans. Serv. Comput. – year: 2017 article-title: Self-healing multi-cloud application modelling – start-page: 786 year: 2017 end-page: 799 article-title: Security assurance of (multi-) cloud application with security SLA composition – year: 2017 article-title: SLA-based continuous security assurance in multi-cloud DevOps – start-page: 854 year: 2017 end-page: 863 article-title: A security metric catalogue for cloud applications – year: 1997 – start-page: 1219 year: 2015 end-page: 1224 article-title: SLA composition in service networks – start-page: 360 year: 2016 end-page: 365 article-title: Supporting model-based privacy analysis by exploiting privacy level agreements – year: 2017 – year: 2018 article-title: Agile risk management for multi-cloud software development publication-title: IET Softw. – year: 2016 – year: 2018 – year: 2015 – ident: e_1_2_10_5_1 – ident: e_1_2_10_33_1 – volume-title: Agile quality assurance: deliver quality software-providing great business value year: 2017 ident: e_1_2_10_30_1 contributor: fullname: Baah A. – ident: e_1_2_10_2_1 – ident: e_1_2_10_6_1 doi: 10.1109/CNS.2017.8228701 – ident: e_1_2_10_10_1 – ident: e_1_2_10_24_1 doi: 10.1007/978-3-319-57186-7_57 – ident: e_1_2_10_29_1 doi: 10.1049/iet-sen.2018.5295 – ident: e_1_2_10_28_1 – ident: e_1_2_10_19_1 doi: 10.1109/CloudCom.2016.0063 – volume: 14 start-page: 48 issue: 3 year: 2018 ident: e_1_2_10_18_1 article-title: GDPR compliance challenges for interoperable health informaon exchanges (HIEs) and trustworthy research environments (TREs) publication-title: Eur. J. Biomed. Inf. contributor: fullname: Conley E. – ident: e_1_2_10_21_1 – volume-title: Introduction to risk management and insurance year: 1997 ident: e_1_2_10_32_1 contributor: fullname: Dorfmann M.S. – ident: e_1_2_10_27_1 – ident: e_1_2_10_26_1 – ident: e_1_2_10_20_1 – ident: e_1_2_10_25_1 doi: 10.1145/3098954.3104059 – ident: e_1_2_10_9_1 – ident: e_1_2_10_31_1 – ident: e_1_2_10_12_1 – ident: e_1_2_10_7_1 doi: 10.1109/CNS.2017.8228701 – volume: 10 start-page: 741 issue: 5 year: 2016 ident: e_1_2_10_13_1 article-title: Automatically enforcing security SLAs in the cloud publication-title: IEEE Trans. Serv. Comput. doi: 10.1109/TSC.2016.2540630 contributor: fullname: Casola V. – ident: e_1_2_10_15_1 – ident: e_1_2_10_16_1 doi: 10.1007/978-3-319-61566-0_81 – ident: e_1_2_10_4_1 – ident: e_1_2_10_8_1 doi: 10.1109/WETICE.2016.27 – ident: e_1_2_10_14_1 – ident: e_1_2_10_22_1 doi: 10.1109/APSCC.2012.54 – ident: e_1_2_10_23_1 doi: 10.1145/2695664.2699490 – ident: e_1_2_10_17_1 – ident: e_1_2_10_3_1 – ident: e_1_2_10_11_1
SSID	ssj0055539
Score	2.3425398
Snippet	Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges...
SourceID	crossref wiley iet
SourceType	Aggregation Database Publisher Enrichment Source
StartPage	213
SubjectTerms	cloud computing contracts data protection DevOps framework European General Data Protection Regulation evidence collection formal specification GDPR compliance law enforcement authorities multicloud-based systems privacy controls quality assurance security assurance security controls security level objectives security of data service level agreement service provision Special Issue: Security and Privacy in Cloud-based Systems
Title	Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems
URI	http://digital-library.theiet.org/content/journals/10.1049/iet-sen.2018.5293 https://onlinelibrary.wiley.com/doi/abs/10.1049%2Fiet-sen.2018.5293
Volume	13
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
link	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Lj9MwEB613QsX2OUhukBlIYQAKbuJYyfOsZSWgsRqRVu22osVv6SVVmnVx52fsL-RX8LYSbuqkEDikMtknEgzHs839ngG4A0TmhYmx9gkNzpiKdVRQTWPlM6YibmyQvjLyd8usvGMfZ3zeQsGu7swdX2I_Yabt4ywXnsDL1XdhQRBLSrxxm6itfUlTBNxxtFrteEI4Y3wU5uyy91yzDkP7cTQTSaREAnbH20W53984sA5tfH1IWQNPmd0DA8bsEj6tXZPoGWrx_Bo14iBNHb5BGxj8eTWpwCREmPosOv36-ed91KGfP50-Z3U2eNey6SsDFk3nesIwuftKpBvqnchwfD94HaxNfvRdbXn9VOYjYbTwThq-idEmqEkolxzZwRLjFOli_ERXKSZiQuV8JKWCH24NYpqp3IMwnTGc8Yw-imooSxzhqXPoFMtKvsciEmK3BoMpHMrmIsz5auo6pTGzinOFO_Ch53g5LIukyHD8TYrJIpRopSll7L0Uu7CW09rjGX9N8bXB4xfhlM5GV7cM8ilcV1Ig4r-_V85GV3Rj6MAc07_a9QLeID0ok4VewmdzWprXyEo2ahemHQ9OOr_mF3PfgOvXt59
link.rule.ids	315,786,790,11589,27955,27956,46085,46509,50847,50956
linkProvider	Wiley-Blackwell
linkToHtml	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LT9wwEB4BPZQLrxaxUIqFKtQiBRJnnDhHHrtdCqxQWcTerPglIaGA2N07P4HfyC-p7WS3WiFRqYdcnHEijT2eb-zxNwDfkCta6NzFJrlWEaZURQVVLJIqQx0zaTj3l5Mve1n3Bn8N2GAOTid3YWp-iOmGm7eMsF57A_cb0nXAiZ4k886MoqHxHKYJP2DObc3DB_SEcJ7fGa8m6zFjLNQTc34yiThPcHq2WRy--cSMd5p3r2cxa3A6nRVYatAiOaqHdxXmTLUGy5NKDKQxzE9gGpMn9z4HiJQuiA7bfq_PL95NafLz9Oo3qdPH_TCTstJk2JSuIw4_j59C8131PWQY_ji5fxjrae-a7nn4GW467f5JN2oKKEQKHdKLcsWs5phoK0sbu4cznmY6LmTCSlo67MOMllRZmbsoTGUsR3ThT0E1xcxqTNdhoXqozAYQnRS50S6Szg1HG2fS06iqlMbWSoaStWB_ojjxWPNkiHC-jYVwahROy8JrWXgtt2DPtzXWMnxPcHdG8KzdF9ft3l8B8ahtC9IwRP_-r7ju3NLjTsA5m__Vawc-dvuXF-LirHe-BYtOpqjzxr7AwuhpbLYdQhnJr2EC_gGsFuAn
linkToPdf	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1La9wwEB7ygJJL36Gb9CFKKW3BiS2PbPnYbtZN-liWJqG5CesFgeCE7O69P6G_sb-kI9m7ZQkk0IMv8siGkUbzjTT6BuANSsMrW1JsUlqTYM5NUnEjEm0KtKnQTspwOfn7uDg8xS9n4mwNhou7MB0_xHLDLVhGXK-DgV9Z38WbGDgyz90smbpAYZrJPUFeax02sSAEEeidcbJYjoUQsZwYuckskTLD5dFmtX_jEyvOaZ1er0LW6HPqh3C_B4vsYze6j2DNtY_hwaIQA-vt8gm43uLZRUgBYg3F0HHX78-v38FLWfb5YPKDddnjYZRZ01o27SvXMYLP8-vYfN6-iwmG74cXl3O77N2xPU-fwmk9OhkeJn39hMQgAb2kNMJbiZn1uvEpPVLIvLBppTPR8Iagj3BWc-N1SUGYKUSJSNFPxS3HwlvMt2GjvWzdM2A2q0pnKZAunUSfFjqwqJqcp95rgVoM4MNCceqqo8lQ8XgbK0VqVKRlFbSsgpYH8Da09cYyvU3w9Yrg0ehEHY_G_wQUTYkB5HGI7v6vOq5_8k91hDk7_9XrFdybHNTq29H46y5skUjVZY09h43Z9dy9IHwy0y_j_PsLYlnfUA
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Service+level+agreement-based+GDPR+compliance+and+security+assurance+in+%28multi%29Cloud-based+systems&rft.jtitle=IET+software&rft.au=Rios%2C+Erkuden&rft.au=Iturbe%2C+Eider&rft.au=Larrucea%2C+Xabier&rft.au=Rak%2C+Massimiliano&rft.date=2019-06-01&rft.pub=The+Institution+of+Engineering+and+Technology&rft.issn=1751-8806&rft.eissn=1751-8814&rft.volume=13&rft.issue=3&rft.spage=213&rft.epage=222&rft_id=info:doi/10.1049%2Fiet-sen.2018.5293&rft.externalDocID=10_1049_iet_sen_2018_5293
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1751-8806&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1751-8806&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1751-8806&client=summon