Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Rules and Rule Markup Languages for the Semantic Web

RuleML 2011: Rule-Based Modeling and Computing on the Semantic Web pp 2–9Cite as

Rule-Enhanced Domain Models for Cloud Security Governance, Risk and Compliance Management

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7018))

Abstract

As security is essential for the adoption of cloud computing, several standards defining security domains, related threats and controls are being established. The common goal is to enable cloud security specific IT governance for cloud providers and client enterprises alike. The ensuing mandatory control objectives and control processes must cover regulatory compliance and risk management in view of the growing public sector and industry demand for cloud computing services. As of today, most of these standards are represented in textual or semi-structured form. However, the growing adoption of cloud computing calls for tool-supported monitoring and auditing. This paper shows how this can be accomplished based on a domain modelling approach that includes definitions and processing components for rules corresponding to control objectives and various aspects of control processes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Baader, F., Brandt, S., Lutz, C.: Pushing the el envelope. In: Proceedings IJCAI, pp. 364–369. Professional Book Center (2005)

    Google Scholar 

  2. Baader, F., Brandt, S., Lutz, C.: Pushing the el envelope further (2008), http://lat.inf.tu-dresden.de/~clu/papers/

  3. Baader, F., Nutt, W.: Basic description logics. In: Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P. (eds.) The Description Logic Handbook - Theory, Implementation and Algorithms, ch. 2, pp. 47–100. Cambridge University Press, Cambridge (2004)

    Google Scholar 

  4. Badger, L., Grance, T., Patt-Corner, R., Voas, J.: Cloud computing synopsis and recommendations. Tech. rep., National Institute of Standards and Technology, NIST (2011)

    Google Scholar 

  5. Boley, H., Tabet, S., Wagner, G.: Design rationale for RuleML: A markup language for semantic web rules (2001)

    Google Scholar 

  6. Breuker, J., Hoekstra, R., Boer, A., Berg, K.v.d., Sartot, G., Rubino, R., Wyner, A., Bench-Capon, T., Palmirani, M.: OWL Ontology of Basic Legal Concepts (LKIF-Core) (January 22, 2007), http://www.estrellaproject.org/lkif-core/

  7. Carlsson, M.: SICStus prolog users manual. Tech. rep., Swedish Institute of Computer Science (2011)

    Google Scholar 

  8. CCRA: Common criteria for information technology security evaluation, parts 1 to 3 (2009)

    Google Scholar 

  9. Cloud Security Alliance: Security guidance for critical areas of focus in cloud computing (2010)

    Google Scholar 

  10. Committee Of Sponsoring Organizations of the Treadway Commission: Coso erm: Enterprise risk management - integrated framework (2004)

    Google Scholar 

  11. Donini, F.: Complexity of reasoning. In: Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P. (eds.) The Description Logic Handbook - Theory, Implementation and Algorithms, ch. 3, pp. 101–141. Cambridge University Press, Cambridge (2004)

    Google Scholar 

  12. Engel, P., Stanley, M., Hamscher, W., Shuetrim, G., van Kannon, D., Wallis, H.: Extensible Business Reporting Language (XBRL). Recommendation, XBRL International (2003)

    Google Scholar 

  13. Feier, C.: Complexity and optimization of combinations of rules and ontologies. Tech. rep., EU-IST Integrated Project (IP) 2009-231875 ONTORULE (2009)

    Google Scholar 

  14. Frühwirth, T.: Constraint Handling Rules. Cambridge University Press, Cambridge (2009)

    Book  MATH  Google Scholar 

  15. Klyne, G., Caroll, J.: Resource description framework (RDF): Concepts and abstract syntax (2009)

    Google Scholar 

  16. Leibold, C., Krieger, U., Spies, M.: Ontology based modelling and reasoning in operational risks. In: Kenett, R., Raanan, Y. (eds.) Operational Risk Management: A Practical Approach to Intelligent Data Analysis, pp. 41–60. Wiley, New York (2010)

    Google Scholar 

  17. Mell, P., Grance, T.: The NIST definition of cloud computing (2011)

    Google Scholar 

  18. Mendelson, E.: Introduction to Mathematical Logic. Chapman Hall, London (1997)

    MATH  Google Scholar 

  19. Microsoft Inc.: Standard response to request for information security and privay - office365 (2011), http://www.microsoft.com/download/en/details.aspx?id=26647

  20. Mitchell, S., Switzer, C.S.: GRC Assessment Tools ”Burgundy Book” – Tools for Evaluating Principled Performance 2.0. Open Compliance and Ethics Group, OCEG (2009)

    Google Scholar 

  21. Mitchell, S., Switzer, C.S.: GRC Capability Model ”Red Book” 2.0. Open Compliance and Ethics Group, OCEG (2009)

    Google Scholar 

  22. Motik, B., Grau, B.C., Horrocks, I., Wu, Z., Fokoue, A., Lutz, C.: OWL 2 web ontology language profiles (2009), http://www.w3.org/TR/owl2-profiles/

  23. Motik, B., Patel-Schneider, P., Horrocks, I.: OWL 1.1 web ontology language structural specification and functional-style syntax (2006)

    Google Scholar 

  24. Motik, B., Patel-Schneider, P., Parsia, B.: OWL 2 web ontology language structural specification and functional-style syntax (2009), http://www.w3.org/TR/owl2-syntax/

  25. Object Management Group: Ontology definition metamodel specification (2009)

    Google Scholar 

  26. Object Management Group: Object constraint language version 2.2. Tech. rep., Object Management Group (2010)

    Google Scholar 

  27. Object Management Group: OMG Argumentation Metamodel (ARM) (2010)

    Google Scholar 

  28. Object Management Group: OMG Software Assurance Evidence Metamodel (SAEM) (2010)

    Google Scholar 

  29. Paschke, A., Kozlenkov, A., Boley, H., Tabet, S., Kifer, M., Dean, M.: Reaction RuleML – reaction rules for the rule markup language (2007), http://ruleml.org/reaction/

  30. Spies, M., Schacher, M., Gubser, R.: Intelligent regulatory compliance. In: Kenett, R., Raanan, Y. (eds.) Operational Risk Management: A Practical Approach to Intelligent Data Analysis, pp. 215–238. Wiley, New York (2010)

    Chapter  Google Scholar 

  31. Spies, M.: Continuous auditing and risk management in cloud computing, http://raw.rutgers.edu/docs/wcars/21wcars/presentations/

  32. Spies, M.: A software assurance evidence approach to cloud security. In: Proc. Database and Expert Systems Conference, Toulouse (2011)

    Google Scholar 

  33. Spies, M., Tabet, S.: Emerging standards and protocols for governance, risk and compliance management. In: Kajan, E. (ed.) Handbook of Research on E-Business Standards and Protocols: Documents, Data and Advanced Web Technologies. IGI Global, Hershey (in press, 2011)

    Google Scholar 

  34. Swain, B., Agcaoili, P., Pohlman, M., Boyle, K.: Cloud controls matrix (2010)

    Google Scholar 

  35. Tabet, S., GRC-XML Initiative: GRC-XML Risk and Control Taxonomy Alpha Release (2009)

    Google Scholar 

  36. The IT Governance Institute: Control objectives for information and related technology (COBIT®) 4.1. Tech. rep., Information Systems Audit and Control Association (2010)

    Google Scholar 

  37. The RuleML Group: Schema specification of RuleML, version 1.0 (2010)

    Google Scholar 

  38. Waltermire, D., Quinn, S., Scarfone, K.: The technical specification for the security content automation protocol, SCAP (2010), http://csrc.nist.gov/publications/PubsSPs.html#SP-800-126

  39. Warmer, J., Kleppe, A.: The Object Constraint Language – Getting your Models ready for MDA, 2nd edn. Object Technology Series. Addison Wesley, Boston (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Knowledge Management, LMU University of Munich, Germany

    Marcus Spies

Authors
  1. Marcus Spies
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Frank Olken University, P.O. Box 527, 94701, Berkeley, CA, USA

    Frank Olken

  2. University of Bologna, CIRSFID, Via Galliera 3, 40128, Bologna, Italy

    Monica Palmirani

  3. DEIS, Università di Bologna, Italy

    Davide Sottara

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Spies, M. (2011). Rule-Enhanced Domain Models for Cloud Security Governance, Risk and Compliance Management. In: Olken, F., Palmirani, M., Sottara, D. (eds) Rule-Based Modeling and Computing on the Semantic Web. RuleML 2011. Lecture Notes in Computer Science, vol 7018. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24908-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24908-2_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24907-5

  • Online ISBN: 978-3-642-24908-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation