Towards Automatic Comparison of Cloud Service Security Certifications

  • Martin LabajEmail author
  • Karol Rástočný
  • Daniela Chudá
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11376)


Cloud service providers who offer services to their users traditionally signal security of their offerings through certifications based on various certification schemes. Currently, a vast number of schemes and standards exists on one side (cloud service certifications), while another large set of security requirements stemming from internal needs or laws and regulations stand on the other side (users of cloud services). Determining whether a service with an arbitrary certificate in one country fulfills requirements imposed by the user in another country is a difficult task and therefore a project (EU-SEC) was started focusing on allowing cross-border usage of cloud services. In this paper, we propose automated comparison of cloud service security certification schemes and, subsequently, security of cloud services certified using these schemes. In the presented method, we map requirements in schemes, standards, laws, and regulations into a proposed cloud service security ontology. Due to the free-form text nature of these items, we also describe a supporting method for semi-automated conversion of free text into this ontology using natural language processing. The requirements described in ontology format are then easily compared against each other. We also describe an implementation of a prototype system supporting the conversion and comparison with preliminary results on describing and comparing two well-known schemes.


Cloud service certification Natural language processing Certification scheme ontology 



This work was partially supported by the project EU 731845 – EU-SEC.


  1. 1.
    Androcec, D., Vrcek, N., Seva, J.: Cloud computing ontologies: a systematic review. In: MOPAS 2012: The Third International Conference on Models and Ontology-Based Design of Protocols, Architectures and Services Cloud. IARIA, pp. 9–14 (2012)Google Scholar
  2. 2.
    Singh, V., Pandey, S.K.: A comparative study of cloud security ontologies. In: Proceedings of 3rd International Conference on Reliability, Infocom Technologies and Optimization. IEEE (2014)Google Scholar
  3. 3.
    Zhang, M., Ranjan, R., Haller, A., et al.: An ontology-based system for cloud infrastructure services’ discovery. In: 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). IEEE, Pittsburgh, pp. 524–530 (2012)Google Scholar
  4. 4.
    Zhu, J.: Survey on ontology mapping. Phys. Procedia 24, 1857–1862 (2012). Scholar
  5. 5.
    Hooi, Y.K., Hassan, M.F., Shariff, A.M.: A survey on ontology mapping techniques. In: Jeong, H.Y., S. Obaidat, M., Yen, N.Y., Park, J.J.(Jong Hyuk) (eds.) Advances in Computer Science and its Applications. LNEE, vol. 279, pp. 829–836. Springer, Heidelberg (2014). Scholar
  6. 6.
    Pedrinaci, C., Cardoso, J., Leidig, T.: Linked USDL: a vocabulary for web-scale service trading. In: Presutti, V., d’Amato, C., Gandon, F., d’Aquin, M., Staab, S., Tordai, A. (eds.) ESWC 2014. LNCS, vol. 8465, pp. 68–82. Springer, Cham (2014). Scholar
  7. 7.
    Gonzalez, N., Miers, C., Redígolo, F., et al.: A quantitative analysis of current security concerns and solutions for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 1, 11 (2012). Scholar
  8. 8.
    Veloudis, S., Paraskakis, I.: Ontological templates for modelling security policies in cloud environments. In: Proceedings of the 20th Pan-Hellenic Conference on Informatics - PCI 2016. ACM Press, New York (2016)Google Scholar
  9. 9.
    Garcia, J.M., Fernandez, P., Pedrinaci, C., et al.: Modeling service level agreements with linked USDL agreement. IEEE Trans. Serv. Comput. 10, 52–65 (2017). Scholar
  10. 10.
    Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cybersecurity in cloud computing. In: Proceedings of the 3rd International Conference on Security of Information and Networks - SIN 2010. ACM Press, New York, pp. 100–109 (2010)Google Scholar
  11. 11.
    Marcus, M.P., Marcinkiewicz, M.A., Santorini, B.: Building a large annotated corpus of English: the Penn treebank. Comput. Linguist. 19, 313–330 (1993)Google Scholar
  12. 12.
    Manning, C., Surdeanu, M., Bauer, J., et al.: The Stanford CoreNLP natural language processing toolkit. In: Proceedings of 52nd Annual Meeting of the Association for Computational Linguistics: System Demonstrations. Association for Computational Linguistics, Stroudsburg, pp. 55–60 (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Institute of Informatics, Information Systems and Software Engineering, Faculty of Informatics and Information TechnologiesSlovak University of Technology in BratislavaBratislava 4Slovak Republic

Personalised recommendations