Evidence Management for Continuous Certification as a Service in the Cloud

Civil SecurityHORIZON-IAID: 101120688
EC Contribution
€47,364
Consortium Size
11 orgs
Start Year
2023
Summary

Cloud-based services have grown from basic computing services to complex ecosystems, comprising (virtual) infrastructure, business processes and application code. These advanced services also increasingly leverage the usage of Artificial Intelligence, including Machine Learning or Natural Language Processing techniques, raising the complexity even higher. Due to the cascade of dependencies among the different products and services, the need arose to bring more agility to the certification process of cloud-based services, e.g., using continuous monitoring and assessment, as evidenced by references to it in the certifications of the EU Cybersecurity Act (EU CSA). To transform the continuous assessment and certification concept into the complete realization of a Certification-as-a-Service (CaaS), several challenges need to be solved: 1) current proposed proofs of concepts for continuous monitoring lack interoperability at technology level, 2) the adoption of cloud and edge computing and the incorporation of regulations on specific topics or domains, such as AI, put significant strain on companies to comply with a multitude of different security schemes, 3) existing market fragmentation for continuous certification (scope, methodologies), hinder transparency and accountability in the provision of European cloud services, 4),smart tools and models need to be adopted to ease the agile application and implementation of the CaaS concept reducing complexity in the whole cloud certification value chain easing the adoption of CaaS by the different stakeholders. To overcome these challenges, the design and implementation of the EMERALD CaaS solution leverages the H2020 project MEDINA’s outcomes and advances them to TRL 7 in the EMERALD core. Two PoCs will be provided; one for composite certification and one for mapping requirements to upcoming AI certification schemes. EMERALD will pave the road towards CaaS for continuous certification of harmonized cybersecurity schemes.

Consortium (11)

Project Results (31)

Source: CORDIS, the EU research results database.

Publications (5)
Blockchain-Based Evidence Trustworthiness System in Certification
Journal of Cybersecurity and Privacy· 2024DOI
Cristina Regueiro; Borja Urquizu
CertGraph: Towards a Comprehensive Knowledge Graph for Cloud Security Certifications
Proceedings of the ACM/IEEE 27th International Conference on Model Driven Engineering Languages and Systems· 2024DOI
Stefan Schöberl, Christian Banse, Verena Geist, Immanuel Kunz, Martin Pinzger
owl2proto: Enabling Semantic Processing in Modern Cloud Micro-Services
Proceedings of the 16th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management· 2024DOI
Christian Banse, Angelika Schneider, Immanuel Kunz
Automatic association of quality requirements and quantifiable metrics for cloud security certification
Proceedings of the 4th Italian Workshop on Artificial Intelligence and Applications for Business and Industries (AIABI 2024)DOI
John Bianchi, Shuya Dong, Luca Petrillo and Marinella Petrocchi
EMERALD: Evidence Management for Continuous Certification as a Service in the Cloud
Proceedings of the 15th International Conference on Cloud Computing and Services Science (CLOSER 2025)DOI
Christian Banse, Björn Fanta, Juncal Alonso, Cristina Martinez
Deliverables (25)
Other Results (1)
Periodic Reporting for period 1 - EMERALD (Evidence Management for Continuous Certification as a Service in the Cloud)