An Integrated Framework for Multi-layer Certification- based Assurance

Complexity, dynamism and overlays in networks and systems are some of the main challenges we face nowadays when reasoning on systems’ assurance and behavior. Security certification has shown to be a solid foundation to provide assurance and trust about system properties. This paper presents a certification framework for composite, layered and evolving systems, such as cloud systems or cyber physical systems. The framework's certification-based methodology defines a solid ground to provide security assurance aspects of these systems. The framework integrates two main domains of research: (i) certification, models and mechanisms (based on testing, monitoring, trusted computing, and hybrid evidences) for providing assurance of the system components and attesting properties of the composite systems; and (ii) software engineering, process, methodology and tools to enable developers engineer cloud applications with strong awareness and requirements on security assurance of underlying cloud platforms and services.