HOME > LIBRARY > Publications

Publications

International Conferences
  1. Orue-Echevarria, L., Garcia, J. L., Banse, C., & Alonso, J. (2021). MEDINA: Improving Cloud Services trustworthiness through continuous audit-based certification. In CEUR Workshop Proceedings. CEUR-WS. Open access version
  2. Banse, C. (2021, November). Data Sovereignty in the Cloud-Wishful Thinking or Reality?. In Proceedings of the 2021 on Cloud Computing Security Workshop (pp. 153-154). DOI, Open access version
  3. Banse, C., Kunz, I., Schneider, A., & Weiss, K. (2021, September). Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis. In 2021 IEEE 14th International Conference on Cloud Computing (CLOUD) (pp. 13-19). IEEE. DOI, Open access version
  4. Kunz, I. & Binder, A. (2022, May). Application-Oriented Selection of Privacy Enhancing Technologies. In Privacy Technologies and Policy: 10th Annual Privacy Forum, APF 2022, Warsaw, Poland, June 23–24, 2022, Proceedings (pp. 75-87). DOI, Open access version
  5. Kunz, I., Schneider, A., & Banse, C. (2022). A Continuous Risk Assessment Methodology for Cloud Infrastructures. Cornell University arXiv:2206.07323. DOI, Open access version
  6. Kunz, I., Schneider, A.,  Banse, C., Weiss, K. & Binder, A. (2022, November). Poster: Patient Community — A Test Bed for Privacy Threat Analysis. In CCS’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.(pp. 3383-3385)DOI, Open access version
  7. Küchler, A. & Banse, C (2022, December). Representing LLVM-IR in a Code Property Graph. In 25th International Conference on Information Security (ISC). DOI, Open access version
  8. Kunz, I., Weiss, K., Schneider, A. & Banse, C.  (2023). Privacy Property Graph: Towards Automated Privacy Threat Modeling via Static Graph-based Analysis. In Proceedings on Privacy Enhancing Symposium 2023-0046 (pp. 171-187), DOI, Open access version
  9. Banse, C., Kunz, I., Haas, N., & Schneider, A. (2023, March). A Semantic Evidence-based Approach to Continuous Cloud Service Certification. In Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing (pp. 24-33), DOI, Open access version
  10.  CanKar, M., Petrovic, N., Pita, J., Cernivec, A., Antic, J., Martincic, T. & Stepec, D. (April 2023). Security in DevSecOps: Applying Tools and Machine Learning to Verification and Monitoring Steps.  In ICPE’23 Companion: Companion of the 2023 ACM/SPEC International Conference on Performance Engineering (pp 201-205)  DOI, Open access version
  11.  Antić, J., Pita, J., Černivec, A., Cankar, M., Martinčič, T., Potočnik, A., Benguria, G, Leligou, N. & Torre, I. (April 2023).  Runtime security monitoring by an interplay between rule matching and deep learning-based anomaly detection on logs.  In 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN). DOI, Open access version
  12. Deimling, F. & Fazzolari, M. (July 2023). AMOE: a Tool to Automatically Extract and Assess Organizational Evidence for Continuous Cloud Audit. In: Atluri, V., Ferrara, A.L. (eds) Data and Applications Security and Privacy XXXVII. DBSec 2023. Lecture Notes in Computer Science, vol 13942. Springer, Cham. DOI, Open access version
  13. Suhonen T and Martínez C. Continuous Auditing and Continuous Certification in MEDINA – Security Auditor’s View [version 1; peer review: awaiting peer review]. Open Res Europe 2023, 3:208. DOI, Open access version
  14. Martinez, C, Etxaniz, I, Molinuevo, A., Alonso, J. MEDINA Catalogue of Cloud Security controls and metrics: Towards Continuous Cloud Security compliance. [accepted for publication]. Open Res Europe 2023
International Journals
  1. Alonso, J., Orue-Echevarria, L., Casola, V. et al. Understanding the challenges and novel architectural models of multi-cloud native applications – a systematic literature review. J Cloud Comp 12, 6 (2023). DOI, Open access version
  2. Lange, F., Kunz I. Evolution of secure development lifecycles and maturity models in the context of hosted solutions. Journal of Software: Evolution and Process (2023) [submitted]
  3. Regueiro, C., Gómez-Goiri, A., De Diego, S., Urquizu, B. Leveraging Blockchain and Self-Sovereign Identity Technologies in Cybersecurity Certification. Journal of Cybersecurity [to be submitted in 2023]
Whitepapers
  1. MEDINA: First Impressions on Experimenting with Automated Monitoring Requirements of the Upcoming EU Cybersecurity Certification Scheme for Cloud Services .This whitepaper reports on lessons learned related to the experimentation performed by the MEDINA team on the topic of continuous (automated) monitoring, just as required by the High Assurance baseline of the draft version of the European Cybersecurity Certification Scheme for Cloud Service (EUCS). Besides the reported process and obtained results, we also provide a set of recommendations to relevant stakeholders (in particular Cloud Service Providers and Auditors) with the goal of supporting the uptake of EUCS for High Assurance.  Open access version
  2. An architecture proposal for the MEDINA framework .This whitepaper focuses on the description of the software and hardware architecture of the MEDINA framework, which has been designed and implemented during the first 18 months of the EU MEDINA project. Open access version
  3. EUROSCAL – Paving the Road Towards Automated Cybersecurity Certification in Europe. This whitepaper r introduces EUROSCAL, a MEDINA-driven initiative to promote the European use of NIST OSCAL (Open Security Controls Assessment Language) as a feasible solution for achieving interoperability and automating cloud security certification processes. Open access version
  4. The MEDINA Controlled Natural Language. This whitepaper provides an overview of the MEDINA Controlled Natural Language, which has been designed in the framework of the EU MEDINA project. This document highlights its pivotal role as a dedicated language designed to express requirements from schemes like the European Union Cloud Security Certification Scheme (EUCS) in a formal, machine-readable manner, to automate automatic compliance assessment for cybersecurity certification schemes. Open access version
  5. Metric Recommender System and the use of Natural Language Processing. This whitepaper provides an overview of the Metric Recommender system, which has been designed and implemented in the framework of the EU MEDINA project. This document highlights its role as a crucial component of the Cloud Security Certification Language toolchain and describes how Natural Language Processing (NLP) techniques are exploited to reach the scope. Open access version
  6. Continuous Life-Cycle Management of Cloud Security Certifications. This whitepaper explores the challenge of managing cloud security certifications automatically and the complexities involved in deciding certification statuses through automation. The whitepaper focuses on the final parts of the MEDINA pipeline, i.e., the components that aggregate and evaluate assessment results, aggregate decisive data and translate them into a certificate status, and which publish and secure the certificate. Open access version
Bachelor-Thesis
  1. “Modell-Diebstahl für Zeitreihenprognosen in Bezug auf ein Cybersecurity Governance Framework für Künstliche Intelligenz” (Acker V., Hochschule Albstadt-Sigmaringen, Germany, Aug-2022)  Open access version
  2. “Framework Für Cybersecurity-Metriken für die Einhaltung von vorschriften” (Habeck T. O.,  Hochschule der Medien, Germany, Apr-2023)  Open access version
  3. “Analyse und Vergleich von Compliance-Werkzeugen in Multi-Cloud-Umgebungen” (Levi Lübbe, Germany, July-2023) Open access version

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No: 952633.

Latest Tweets

Contact us

Parque Tecnológico de Bizkaia, C/ Geldo. Edificio 700. E-48160 Derio (Bizkaia)

+(34) 946.430.850

cristina.martinez@tecnalia.com

Follow Us

© 2023 TECNALIA. All rights reserved.
Parque Científico y Tecnológico de Bizkaia – C/ Geldo. Edificio 700. E-48160 Derio (Bizkaia). Tel.:  (+34) 946.430.850

Legal information | Privacy policy | Contact us