ClouDAT develops an open source tool for
documentation and assessment of security requirements and controls in cloud computing services and for generation of
documentation conforming to given standards.
The project aims at supporting small and medium-sized enterprises in certification of their cloud solutions.
Goal of the project is the development of a provider independent approach for planning, documenting and checking of security requirements and controls in cloud computing systems. The approach will be implemented as an open source tool which in turn is based on existing tools such as UML editors.
With ClouDAT we can document cloud computing systems on the different service levels including SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service) and IaaS (Infrastructure-as-a-Service) as well as the relevant business processes. These documentation will allow third parties to assess the given systems. Risks and threats, e.g. that secret data can be accessed by the cloud provider's staff, can be located and countermeasures documented. Our approach is applicable to public and private cloud systems.
The documentation process will consider the different legal regulations such as the German data protection law. A potential cloud customer will be enabled to assess whether a provided service fulfills his individual requirements. Therefore, ClouDAT develops a catalog of requirements, which enables a certification for IaaS, PaaS and SaaS, e.g. following the ISO 27001 standard. Besides legal requirements it will be possible to define individual requirements of small and medium-sized enterprises. For the documentation, ClouDAT provides a set of patterns, which allow users to specify concrete requirements by inserting concrete elements. The whole approach is based on standard notations such as UML and allows intergration into development processes. The use of an automated analysis tool will finally support a reasonably priced certification of cloud computing systems, which makes it attractive also for smaller enterprises.