Eliciting Metrics for Accountability of Cloud Systems

TitleEliciting Metrics for Accountability of Cloud Systems
Publication TypeJournal Article
Year of Publication2016
AuthorsD. Nuñez, C. Fernandez-Gago, and J. Luna
JournalComputers & Security
Volume62
Pagination149-164
Date Published08/2016
PublisherElsevier
ISSN Number0167-4048
Abstract

Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics. 

DOI10.1016/j.cose.2016.07.003
Citation Keynunez2016eliciting
Paper File: 
https://www.nics.uma.es/sites/default/files/papers/nunez2016eliciting.pdf

Supported by