Abstract
As security is essential for the adoption of cloud computing, several standards defining security domains, related threats and controls are being established. The common goal is to enable cloud security specific IT governance for cloud providers and client enterprises alike. The ensuing mandatory control objectives and control processes must cover regulatory compliance and risk management in view of the growing public sector and industry demand for cloud computing services. As of today, most of these standards are represented in textual or semi-structured form. However, the growing adoption of cloud computing calls for tool-supported monitoring and auditing. This paper shows how this can be accomplished based on a domain modelling approach that includes definitions and processing components for rules corresponding to control objectives and various aspects of control processes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baader, F., Brandt, S., Lutz, C.: Pushing the el envelope. In: Proceedings IJCAI, pp. 364–369. Professional Book Center (2005)
Baader, F., Brandt, S., Lutz, C.: Pushing the el envelope further (2008), http://lat.inf.tu-dresden.de/~clu/papers/
Baader, F., Nutt, W.: Basic description logics. In: Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P. (eds.) The Description Logic Handbook - Theory, Implementation and Algorithms, ch. 2, pp. 47–100. Cambridge University Press, Cambridge (2004)
Badger, L., Grance, T., Patt-Corner, R., Voas, J.: Cloud computing synopsis and recommendations. Tech. rep., National Institute of Standards and Technology, NIST (2011)
Boley, H., Tabet, S., Wagner, G.: Design rationale for RuleML: A markup language for semantic web rules (2001)
Breuker, J., Hoekstra, R., Boer, A., Berg, K.v.d., Sartot, G., Rubino, R., Wyner, A., Bench-Capon, T., Palmirani, M.: OWL Ontology of Basic Legal Concepts (LKIF-Core) (January 22, 2007), http://www.estrellaproject.org/lkif-core/
Carlsson, M.: SICStus prolog users manual. Tech. rep., Swedish Institute of Computer Science (2011)
CCRA: Common criteria for information technology security evaluation, parts 1 to 3 (2009)
Cloud Security Alliance: Security guidance for critical areas of focus in cloud computing (2010)
Committee Of Sponsoring Organizations of the Treadway Commission: Coso erm: Enterprise risk management - integrated framework (2004)
Donini, F.: Complexity of reasoning. In: Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P. (eds.) The Description Logic Handbook - Theory, Implementation and Algorithms, ch. 3, pp. 101–141. Cambridge University Press, Cambridge (2004)
Engel, P., Stanley, M., Hamscher, W., Shuetrim, G., van Kannon, D., Wallis, H.: Extensible Business Reporting Language (XBRL). Recommendation, XBRL International (2003)
Feier, C.: Complexity and optimization of combinations of rules and ontologies. Tech. rep., EU-IST Integrated Project (IP) 2009-231875 ONTORULE (2009)
Frühwirth, T.: Constraint Handling Rules. Cambridge University Press, Cambridge (2009)
Klyne, G., Caroll, J.: Resource description framework (RDF): Concepts and abstract syntax (2009)
Leibold, C., Krieger, U., Spies, M.: Ontology based modelling and reasoning in operational risks. In: Kenett, R., Raanan, Y. (eds.) Operational Risk Management: A Practical Approach to Intelligent Data Analysis, pp. 41–60. Wiley, New York (2010)
Mell, P., Grance, T.: The NIST definition of cloud computing (2011)
Mendelson, E.: Introduction to Mathematical Logic. Chapman Hall, London (1997)
Microsoft Inc.: Standard response to request for information security and privay - office365 (2011), http://www.microsoft.com/download/en/details.aspx?id=26647
Mitchell, S., Switzer, C.S.: GRC Assessment Tools ”Burgundy Book” – Tools for Evaluating Principled Performance 2.0. Open Compliance and Ethics Group, OCEG (2009)
Mitchell, S., Switzer, C.S.: GRC Capability Model ”Red Book” 2.0. Open Compliance and Ethics Group, OCEG (2009)
Motik, B., Grau, B.C., Horrocks, I., Wu, Z., Fokoue, A., Lutz, C.: OWL 2 web ontology language profiles (2009), http://www.w3.org/TR/owl2-profiles/
Motik, B., Patel-Schneider, P., Horrocks, I.: OWL 1.1 web ontology language structural specification and functional-style syntax (2006)
Motik, B., Patel-Schneider, P., Parsia, B.: OWL 2 web ontology language structural specification and functional-style syntax (2009), http://www.w3.org/TR/owl2-syntax/
Object Management Group: Ontology definition metamodel specification (2009)
Object Management Group: Object constraint language version 2.2. Tech. rep., Object Management Group (2010)
Object Management Group: OMG Argumentation Metamodel (ARM) (2010)
Object Management Group: OMG Software Assurance Evidence Metamodel (SAEM) (2010)
Paschke, A., Kozlenkov, A., Boley, H., Tabet, S., Kifer, M., Dean, M.: Reaction RuleML – reaction rules for the rule markup language (2007), http://ruleml.org/reaction/
Spies, M., Schacher, M., Gubser, R.: Intelligent regulatory compliance. In: Kenett, R., Raanan, Y. (eds.) Operational Risk Management: A Practical Approach to Intelligent Data Analysis, pp. 215–238. Wiley, New York (2010)
Spies, M.: Continuous auditing and risk management in cloud computing, http://raw.rutgers.edu/docs/wcars/21wcars/presentations/
Spies, M.: A software assurance evidence approach to cloud security. In: Proc. Database and Expert Systems Conference, Toulouse (2011)
Spies, M., Tabet, S.: Emerging standards and protocols for governance, risk and compliance management. In: Kajan, E. (ed.) Handbook of Research on E-Business Standards and Protocols: Documents, Data and Advanced Web Technologies. IGI Global, Hershey (in press, 2011)
Swain, B., Agcaoili, P., Pohlman, M., Boyle, K.: Cloud controls matrix (2010)
Tabet, S., GRC-XML Initiative: GRC-XML Risk and Control Taxonomy Alpha Release (2009)
The IT Governance Institute: Control objectives for information and related technology (COBIT®) 4.1. Tech. rep., Information Systems Audit and Control Association (2010)
The RuleML Group: Schema specification of RuleML, version 1.0 (2010)
Waltermire, D., Quinn, S., Scarfone, K.: The technical specification for the security content automation protocol, SCAP (2010), http://csrc.nist.gov/publications/PubsSPs.html#SP-800-126
Warmer, J., Kleppe, A.: The Object Constraint Language – Getting your Models ready for MDA, 2nd edn. Object Technology Series. Addison Wesley, Boston (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Spies, M. (2011). Rule-Enhanced Domain Models for Cloud Security Governance, Risk and Compliance Management. In: Olken, F., Palmirani, M., Sottara, D. (eds) Rule-Based Modeling and Computing on the Semantic Web. RuleML 2011. Lecture Notes in Computer Science, vol 7018. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24908-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-24908-2_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24907-5
Online ISBN: 978-3-642-24908-2
eBook Packages: Computer ScienceComputer Science (R0)