Compliant Cloud Computing (C3): Architecture and Language Support for User-Driven Compliance Management in Clouds
Cloud computing represents a promising computing paradigm, where computational power is provided similar to utilities like water, electricity or gas. While most of the Cloud providers can guarantee some measurable non-functional performance metrics e.g., service availability or throughput, there is lack of adequate mechanisms for guaranteeing certifiable and auditable security, trust, and privacy of the applications and the data they process. This lack represents an obstacle for moving most business relevant applications into the Cloud. This paper devises a novel approach for compliance management in Clouds, which the authors' termed Compliant Cloud Computing (C3). On one hand, the paper proposes novel languages for specifying compliance requirements concerning security, privacy, and trust by leveraging domain specific languages and compliance level agreements.