ARCHITECTURE FOR COMPLIANCE ANALYSIS OF DISTRIBUTED SERVICE BASED SYSTEMS

Jonathan Sinclair, Benoit Hudzia, Maik Lindner, Alan Stewart, Terry Harmer

Abstract

Businesses today are required to comply with a litany of legislation, regulations and standards. However, with an increasing utilisation of the internet for delivering products as services, challenges arise in assessing and maintaining compliance. We propose to define an architecture that attempts to leverage the dynamism of service-based infrastructures in order to process the real-time compliance state of a system.

References

  1. Alliance, C. S. (2009). Security guidance for critical areas of focus in cloud computing. http://www.cloudsecurityalliance.org/csaguide.pdf.
  2. Baumann, C., Peitz, P., Raabe, O., and Wacker, R. (2010). Compliance for service based systems through formalization of law. In Filipe, J. and Cordeiro, J., editors, Proceedings of the 6th International Conference on Web Information Systems and Technology, volume 2, pages 367-371, Valencia, Spain. INSTICC Press.
  3. Blau, B., Kramer, J., Conte, T., and Dinther, C. v. (2009). Service value networks. In Proceedings of the 2009 IEEE Conference on Commerce and Enterprise Computing, pages 194-201, Washington, DC, USA. IEEE Computer Society.
  4. Brandic, I., Dustdar, S., Anstett, T., Schumm, D., Leymann, F., and Konrad, R. (2010). Compliant cloud computing (c3): Architecture and language support for user-driven compliance management in clouds. Cloud Computing, IEEE International Conference on, 0:244-251.
  5. Buyya, R., Yeo, C. S., and Venugopal, S. (2008). Marketoriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities. In HPCC 7808: Proceedings of the 2008 10th IEEE International Conference on High Performance Computing and Communications, pages 5-13, Washington, DC, USA. IEEE Computer Society.
  6. Cederquist, J., Corin, R., Dekker, M., Etalle, S., den Hartog, J., and Lenzini, G. (2007). Audit-based compliance control. International Journal of Information Security, 6:133-151. 10.1007/s10207-007-0017-y.
  7. Chesani, F., Mello, P., Montali, M., Riguzzi, F., Sebastianis, M., and Storari, S. (2009). Checking compliance of execution traces to business rules. In Aalst, W., Mylopoulos, J., Sadeh, N. M., Shaw, M. J., Szyperski, C., Ardagna, D., Mecella, M., and Yang, J., editors, Business Process Management Workshops, volume 17 of Lecture Notes in Business Information Processing, pages 134-145. Springer Berlin Heidelberg.
  8. Conrad, M., Funk, C., Raabe, O., and Waldhorst, O. (2007). A lawful framework for distributed electronic markets. In Camarinha-Matos, L., Afsarmanesh, H., Novais, P., and Analide, C., editors, Establishing The Foundation Of Collaborative Networks, IFIP International Federation for Information Processing, pages 233-240. Springer Boston.
  9. Council, P. C. I. S. S. (2004). Payment card industry data security standard.
  10. Elgammal, A., Turetken, O., Heuvel, W. v. d., and Papazoglou, M. (2010). On the formal specification of business contracts and regulatory compliance. Open access publications from tilburg university, Tilburg University.
  11. Etzion, O. and Niblett, P. (2010). Event Processing in Action. Manning Publications.
  12. Flint, D. (2009). Law shaping technology: Technology shaping the law. International Review of Law, Computers & Technology, 23 , 1:5-11.
  13. Heuser, L., Alsdorf, C., and Woods, D. (2008). International Research Forum 2007. Evolved Technologist Press.
  14. Jaeger, P., Lin, J., Grimes, J., and Simmons, S. (2009). Where is the cloud? geography, economics, environment, and jurisdiction in cloud computing. First Monday, 14:5.
  15. Janiesch, C., Niemann, M., and Repp, N. (2009). Towards a service governance framework for the internet of services. In 17th European conference on information systems (ECIS), pages 1 -13.
  16. Janvrin, D. (2007). The impact of information technology on the audit process: An assessment of the state of the art and implications for the future. Managerial Auditing Journal, 16:159-164.
  17. Law, U. S. P. (2000). Health insurance portability and accountability act.
  18. Li, X.-Y., Shi, Y., Guo, Y., and Ma, W. (2010). Multitenancy based access control in cloud. In Computational Intelligence and Software Engineering (CiSE), 2010 International Conference on, pages 1 -4.
  19. Mell, P. and Grance, T. (2009). Effectively and securely using the cloud computing paradigm. National Institute of Standards and Technology.
  20. Moreau, L., Groth, P., Miles, S., Vazquez-Salceda, J., Ibbotson, J., Jiang, S., Munroe, S., Rana, O., Schreiber, A., Tan, V., and Varga, L. (2008). The provenance of electronic data. Commun. ACM, 51, 4(4):52-58.
  21. (2000). An approach to compliance in software architectures. Computing and Control Engineering Journal, 4:195-200.
  22. Mulo, E., Zdun, U., and Dustdar, S. (2010). Monitoring web service event trails for business compliance.
  23. on Banking Supervision, B. C. (2009). International Convergence of Capital Measurement and Capital Standards. Bank for International Settlements Press & Communications CH-4002 Basel, Switzerland.
  24. Parliament, E. (1995). Directive 95/46/ec of the european parliament and of the council. Official Journal of the European Communities. http://ec.europa.eu/justice/policies/privacy/docs/95- 46-ce/dir1995-46 part1 en.pdf.
  25. Pearson, S. (2009). Taking account of privacy when designing cloud computing services. Software Engineering Challenges of Cloud Computing, IEEE, 2009:44-52.
  26. Rozsnyai, S., Vecera, R., Schiefer, J., and Schatten, A. (2007). Event cloud - searching for correlated business events. E-Commerce Technology, IEEE International Conference on, and Enterprise Computing, ECommerce, and E-Services, IEEE International Conference on, 0:409-420.
  27. Santos, N., Gummadi, K. P., and Rodrigues, R. (2009). Towards trusted cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing, HotCloud'09, pages 3-3, Berkeley, CA, USA. USENIX Association.
  28. Schmidt, M. T., Hutchison, B., Lambros, P., and Phippen, R. (2005). The enterprise service bus: making serviceoriented architecture real. IBM Syst. J., 44(4):781- 797.
  29. Silveira, P., Rodriguez, C., Casati, F., Daniel, F., D'Andrea, V., Worledge, C., and Taheri, Z. (2010). On the design of compliance governance dashboards for effective compliance and audit management. In Dan, A., Gittler, F., and Toumani, F., editors, Service-Oriented Computing. ICSOC/ServiceWave 2009 Workshops, volume 6275 of Lecture Notes in Computer Science, pages 208-217. Springer Berlin / Heidelberg.
  30. Skene, J. (2007). Language support for service-level agreements for application-service provision. PhD thesis, Department of Computer Science, UCL.
  31. Sotto, L., Treacy, B., and McLellan, M. (2010). Privacy and data security risks in cloud. Computing Electronic Commerce & Law Report, 15:186.
  32. Swanson, M., Bowen, P., Wohl Phillips, A., and Gallup, D., D. L. (2010). Contingency planning guide for federal information systems. NIST Special Publication 800- 34 Rev. 1.
  33. Weber, R. (1998). Information Systems Control and Audit. Pearson Education.
  34. Wood, L. (2009). Cloud computing and compliance: Be careful up there. Computerworld.
  35. Zhang, C., De Sterck, H., Aboulnaga, A., Djambazian, H., and Sladek, R. (2010). Case study of scientific data processing on a cloud using hadoop. In Mewhort, D., Cann, N., Slater, G., and Naughton, T., editors, High Performance Computing Systems and Applications, volume 5976 of Lecture Notes in Computer Science, pages 400-415. Springer Berlin / Heidelberg.
Download


Paper Citation


in Harvard Style

Sinclair J., Hudzia B., Lindner M., Stewart A. and Harmer T. (2011). ARCHITECTURE FOR COMPLIANCE ANALYSIS OF DISTRIBUTED SERVICE BASED SYSTEMS . In Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8425-52-2, pages 286-292. DOI: 10.5220/0003448702860292


in Bibtex Style

@conference{closer11,
author={Jonathan Sinclair and Benoit Hudzia and Maik Lindner and Alan Stewart and Terry Harmer},
title={ARCHITECTURE FOR COMPLIANCE ANALYSIS OF DISTRIBUTED SERVICE BASED SYSTEMS},
booktitle={Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2011},
pages={286-292},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003448702860292},
isbn={978-989-8425-52-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - ARCHITECTURE FOR COMPLIANCE ANALYSIS OF DISTRIBUTED SERVICE BASED SYSTEMS
SN - 978-989-8425-52-2
AU - Sinclair J.
AU - Hudzia B.
AU - Lindner M.
AU - Stewart A.
AU - Harmer T.
PY - 2011
SP - 286
EP - 292
DO - 10.5220/0003448702860292