Publications

Whitepapers

1. MEDINA: First Impressions on Experimenting with Automated Monitoring Requirements of the Upcoming EU Cybersecurity Certification Scheme for Cloud Services .This whitepaper reports on lessons learned related to the experimentation performed by the MEDINA team on the topic of continuous (automated) monitoring, just as required by the High Assurance baseline of the draft version of the European Cybersecurity Certification Scheme for Cloud Service (EUCS). Besides the reported process and obtained results, we also provide a set of recommendations to relevant stakeholders (in particular Cloud Service Providers and Auditors) with the goal of supporting the uptake of EUCS for High Assurance.  Open access version
2. An architecture proposal for the MEDINA framework .This whitepaper focuses on the description of the software and hardware architecture of the MEDINA framework, which has been designed and implemented during the first 18 months of the EU MEDINA project. Open access version
3. EUROSCAL – Paving the Road Towards Automated Cybersecurity Certification in Europe. This whitepaper r introduces EUROSCAL, a MEDINA-driven initiative to promote the European use of NIST OSCAL (Open Security Controls Assessment Language) as a feasible solution for achieving interoperability and automating cloud security certification processes. Open access version

Scientific Publications

1. Orue-Echevarria, L., Garcia, J. L., Banse, C., & Alonso, J. (2021). MEDINA: Improving Cloud Services trustworthiness through continuous audit-based certification. In CEUR Workshop Proceedings. CEUR-WS. Open access version
2. Banse, C. (2021, November). Data Sovereignty in the Cloud-Wishful Thinking or Reality?. In Proceedings of the 2021 on Cloud Computing Security Workshop (pp. 153-154). DOI, Open access version
3. Banse, C., Kunz, I., Schneider, A., & Weiss, K. (2021, September). Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis. In 2021 IEEE 14th International Conference on Cloud Computing (CLOUD) (pp. 13-19). IEEE. DOI, Open access version
4. Kunz, I. & Binder, A. (2022, May). Application-Oriented Selection of Privacy Enhancing Technologies. In Privacy Technologies and Policy: 10th Annual Privacy Forum, APF 2022, Warsaw, Poland, June 23–24, 2022, Proceedings (pp. 75-87). DOI, Open access version
5. Kunz, I., Schneider, A., & Banse, C. (2022). A Continuous Risk Assessment Methodology for Cloud Infrastructures. Cornell University arXiv:2206.07323. DOI, Open access version
6. Kunz, I., Schneider, A.,  Banse, C., Weiss, K. & Binder, A. (2022, November). Poster: Patient Community — A Test Bed for Privacy Threat Analysis. In CCS’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.(pp. 3383-3385).  DOI, Open access version
7. Küchler, A. & Banse, C (2022, December). Representing LLVM-IR in a Code Property Graph. In 25th International Conference on Information Security (ISC). DOI, Open access version
8. Kunz, I., Weiss, K., Schneider, A. & Banse, C.  (2023). Privacy Property Graph: Towards Automated Privacy Threat Modeling via Static Graph-based Analysis. In Proceedings on Privacy Enhancing Symposium 2023-0046 (pp. 171-187), DOI, Open access version
9. Banse, C., Kunz, I., Haas, N., & Schneider, A. (2023, March). A Semantic Evidence-based Approach to Continuous Cloud Service Certification. In Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing (pp. 24-33), Open access version
10.  CanKar, M., Petrovic, N., Pita, J., Cernivec, A., Antic, J., Martincic, T. & Stepec, D. (April 2023). Security in DevSecOps: Applying Tools and Machine Learning to Verification and Monitoring Steps.  In ICPE’23 Companion: Companion of the 2023 ACM/SPEC International Conference on Performance Engineering (pp 201-205)  DOI, Open access version
11.  Antić, J., Pita, J., Černivec, A., Cankar, M., Martinčič, T., Potočnik, A., Benguria, G, Leligou, N. & Torre, I. (April 2023).  Runtime security monitoring by an interplay between rule matching and deep learning-based anomaly detection on logs.  In 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN). DOI, Open access version
12. Deimling, F. & Fazzolari, M. (July 2023). AMOE: a Tool to Automatically Extract and Assess Organizational Evidence for Continuous Cloud Audit. In: Atluri, V., Ferrara, A.L. (eds) Data and Applications Security and Privacy XXXVII. DBSec 2023. Lecture Notes in Computer Science, vol 13942. Springer, Cham. DOI, Open access version

Posters

• Deimling, F. Assessment and Management of Organisational Evidences – AMOE. ETSI Security Conference 2022, 3-5 October 2022, Sophia Antipolis, France. Download
• Kunz, I., Schneider, A., Banse, C., Weiss, K., Binder, A. Patient Community – A Test.Bed for Privacy Threat Analysis.  ACM CCS, 7-11 November 2022, Los Angeles, USA. Download

Bachelor-Thesis

1. “Modell-Diebstahl für Zeitreihenprognosen in Bezug auf ein Cybersecurity Governance Framework für Künstliche Intelligenz” (Acker V., Hochschule Albstadt-Sigmaringen, Germany, Aug-2022)  Open access version
2. “Framework Für Cybersecurity-Metriken für die Einhaltung von vorschriften” (Habeck T. O.,  Hochschule der Medien, Germany, Apr-2023)  Open access version
3. “Analyse und Vergleich von Compliance-Werkzeugen in Multi-Cloud-Umgebungen” (Levi Lübbe, Germany, July-2023) Open access version