Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Erkuden Rios Velasco; Eider Iturbe; Xabier Larrucea; Massimiliano Rak; Wissam Mallouli; Jacek Dominiak; Victor Muntes; Peter Matthews; Luis Gonzalez Moctezuma; Luis Gonzalez

doi:10.1049/iet-sen.2018.5293

Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Erkuden Rios Velasco
, Eider Iturbe
, Xabier Larrucea
, Massimiliano Rak
, Wissam Mallouli
, Jacek Dominiak
, Victor Muntes
, Peter Matthews
, Luis Gonzalez Moctezuma
, Luis Gonzalez

Producción científica: Contribución a una revista › Artículo › revisión exhaustiva

35 Citas (Scopus)

3 Descargas (Pure)

Resumen

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.

Idioma original	Inglés
Páginas (desde-hasta)	213-222
Número de páginas	10
Publicación	IET Software
Volumen	unknown
N.º	3
DOI	https://doi.org/10.1049/iet-sen.2018.5293
Estado	Publicada - 1 jun 2019

Palabras clave

European General Data Protection Regulation
GDPR
Cloud-based systems
Privacy
Security
SLA

Project and Funding Information

Project ID
info:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSA
info:eu-repo/grantAgreement/EC/780351/EU/Trustworthy and Smart Actuation in IoT systems/ENACT
Funding Info
The research leading to these results has received_x000D_ funding from the European Union’s Horizon 2020 research_x000D_ and innovation programme under grant agreement No 644429_x000D_ and No 780351, MUSA project and ENACT project,_x000D_ respectively. We would also like to acknowledge all the_x000D_ members of the MUSA Consortium and ENACT Consortium_x000D_ for their valuable help.

Acceder al documento

10.1049/iet-sen.2018.5293

IET-SENVersión publicada final, 379 KB

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

@article{cb8e442c2fba49ecad489a4269d9341d,

title = "Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems",

abstract = "Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.",

keywords = "European General Data Protection Regulation, GDPR, Cloud-based systems, Privacy, Security, SLA, European General Data Protection Regulation, GDPR, Cloud-based systems, Privacy, Security, SLA",

author = "\{Rios Velasco\}, Erkuden and Eider Iturbe and Xabier Larrucea and Massimiliano Rak and Wissam Mallouli and Jacek Dominiak and Victor Muntes and Peter Matthews and \{Gonzalez Moctezuma\}, Luis and Luis Gonzalez",

note = "Publisher Copyright: {\textcopyright} 2019 The Institution of Engineering and Technology.",

year = "2019",

month = jun,

day = "1",

doi = "10.1049/iet-sen.2018.5293",

language = "English",

volume = "unknown",

pages = "213--222",

journal = "IET Software",

issn = "1751-8806",

publisher = "John Wiley \& Sons Inc.",

number = "3",

}

TY - JOUR

T1 - Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

AU - Rios Velasco, Erkuden

AU - Iturbe, Eider

AU - Larrucea, Xabier

AU - Rak, Massimiliano

AU - Mallouli, Wissam

AU - Dominiak, Jacek

AU - Muntes, Victor

AU - Matthews, Peter

AU - Gonzalez Moctezuma, Luis

AU - Gonzalez, Luis

PY - 2019/6/1

Y1 - 2019/6/1

N2 - Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.

AB - Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.

KW - European General Data Protection Regulation

KW - GDPR

KW - Cloud-based systems

KW - Privacy

KW - Security

KW - SLA

KW - European General Data Protection Regulation

KW - GDPR

KW - Cloud-based systems

KW - Privacy

KW - Security

KW - SLA

UR - https://www.scopus.com/pages/publications/85067495330

U2 - 10.1049/iet-sen.2018.5293

DO - 10.1049/iet-sen.2018.5293

M3 - Article

SN - 1751-8806

VL - unknown

SP - 213

EP - 222

JO - IET Software

JF - IET Software

IS - 3

ER -

Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Resumen

Palabras clave

Project and Funding Information

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto