Evidences that allows assurance of accountability attributes and verification of compliance with the principles of accountability by service-providers and attribution of responsibility for breaches within the chain of accountability is essential. Accountability evidence can be defined as a collection of data, metadata, formal operations performed on data and metadata, and routine information that provide irrefutable, attributable and verifiable account about the fulfillment of relevant obligations with respect to observable system. Evidence might be derived from a number of sources, events and traces at different architectural layers. By collecting potential evidence, the cloud will be more accountable, while providing its regular services.
The accountability attributes such as attributability, observability, assurance, and verifiability are primary interest for this work package and they are reflected in evidence. This report decompose scenario into: technical, obligation and evidence views. In technical view we describe an engineering analysis of overall problem description and identify measurable artifacts related to that scenario. It provides users practical analysis of the problem. An action in term of legal, contractual and ethical that users are obliged to take, constitute towards obligation view. An action that is performed inside cloud service chains should be legal, contractual and ethical for obligation view. The report provides detail explanation of accountability obligations. Based on those obligations we generate evidence which constitutes evidence view. For example user X does not receive message with topic similar to before certain timestamp. Based on evidence view we identify different types of evidence.
This deliverable describes the three scenarios:
• Data Retrievability deals with key security requirements for...