An architecture proposal for the MEDINA framework (Whitepaper)
12 May, 2022
By Iñaki Etxaniz (TECNALIA)

The MEDINA partners have produced a joint white paper, entitled “An architecture proposal for the MEDINA framework“, which focuses on the description of the software and hardware architecture of the MEDINA framework, which has been designed and implemented during the first 18 months of the EU MEDINA project.

The report briefly introduces the problem of trustworthiness in cloud services in the EU, the continuous monitoring of cloud services and the certification issues. The MEDINA project aims to provide CSPs with a tool that allows them to audit and certify Cloud Services in an automated and near real-time manner. The continuous certification proposed in MEDINA is aligned to the EUCS framework. The paper describes the principal concepts and ideas leading to the MEDINA framework, namely: the definition of a metrics catalogue based in EUCS; the implementation of a machine-readable language to allow the interpretation of natural-language specifications; the automated and continuous evidence collection and assessment; and the managing of digital evidences for accountability.

Then, an overview of MEDINA is presented, which includes the roles, workflows and tasks related to the framework, as they have been defined during the first half of the project. These are the main roles taking part in the basic workflow: the Compliance Manager, the Control Owner and the External Auditor.

Seven workflows are defined, that compose the whole tasks that the users of MEDINA have to undertake to achieve their goals. The workflows comprise the preparation of the components, the definition of the target of certification (ToC), the deployment of the framework on the ToC, the self-assessment, the compliance assessment, and the maintenance and report of the certificate. This part is completed with a diagram of the system architecture, that decomposes the framework in components that are dedicated to specific tasks, and that collaborate to provide the explained functionality.

Finally, the components of the MEDINA framework are described. The components in which we have divided MEDINA are the Catalogue of Controls & Security Schemes; the components that deal with the NLP (Natural Language Processing) techniques; the Risk Assessment and Optimisation Framework; the Continuous Evaluation; the Orchestrator and the Trustworthiness System; the Evidenced Collection and Security Assessment; the Certificate management System; and the Integrated User Interface that works as a wrapper of the rest of components for the final user. The functionality of each component is briefly presented, showing the interactions with the rest of the framework.

It is not the objective of this white paper to present a deep view into the technical issues tackled by each of the components, but a birds-eye view that allows the reader to grasp a general vision of what MEDINA tries to offer. In this sense, some screenshots of the prototypes developed in the project are also included throughout the text, which can help the reader to get an idea of the current state of development of the tools.

The Whitepaper can de downloaded at: https://www.slideshare.net/MEDINAContinuousclou/whitepaper-medina-architecture