Whitepapers
- MEDINA: First Impressions on Experimenting with Automated Monitoring Requirements of the Upcoming EU Cybersecurity Certification Scheme for Cloud Services download
- This whitepaper reports on lessons learned related to the experimentation performed by the MEDINA team on the topic of continuous (automated) monitoring, just as required by the High Assurance baseline of the draft version of the European Cybersecurity Certification Scheme for Cloud Service (EUCS). Besides the reported process and obtained results, we also provide a set of recommendations to relevant stakeholders (in particular Cloud Service Providers and Auditors) with the goal of supporting the uptake of EUCS for High Assurance.
- An architecture proposal for the MEDINA framework download
- This whitepaper focuses on the description of the software and hardware architecture of the MEDINA framework, which has been designed and implemented during the first 18 months of the EU MEDINA project.
Scientific Publications
- Orue-Echevarria, L., Garcia, J. L., Banse, C., & Alonso, J. (2021). MEDINA: Improving Cloud Services trustworthiness through continuous audit-based certification. In CEUR Workshop Proceedings. CEUR-WS.Open access version
- Banse, C. (2021, November). Data Sovereignty in the Cloud-Wishful Thinking or Reality?. In Proceedings of the 2021 on Cloud Computing Security Workshop (pp. 153-154). DOI, Open access version
- Banse, C., Kunz, I., Schneider, A., & Weiss, K. (2021, September). Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis. In 2021 IEEE 14th International Conference on Cloud Computing (CLOUD) (pp. 13-19). IEEE. DOI, Open access version
- Kunz, I. & Binder, A. (2022, May). Application-Oriented Selection of Privacy Enhancing Technologies. In Privacy Technologies and Policy: 10th Annual Privacy Forum, APF 2022, Warsaw, Poland, June 23–24, 2022, Proceedings (pp. 75-87). DOI, Open access version
- Kunz, I., Schneider, A., & Banse, C. (2022). A Continuous Risk Assessment Methodology for Cloud Infrastructures. Cornell University arXiv:2206.07323. DOI, Open access version
- Kunz, I. Schneider, A. Banse, C. Weiss, K. & Binder, A. (2022, November). Poster: Patient Community — A Test Bed for Privacy Threat Analysis. In CCS’22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.(pp. 3383-3385). DOI, Open access version
- Küchler, A. & Banse, C (2022, December). Representing LLVM-IR in a Code Property Graph. In 25th International Conference on Information Security (ISC). DOI, Open access version
- Kunz, I. Weiss, K, Schneider, A. & Banse, C. Privacy Property Graph: Towards Automated Privacy Threat Modeling via Static Graph-based Analysis. In Proceedings on Privacy Enhancing Symposium 2023-0046 (pp. 171-187), DOI, Open access version