A Journey into Security Certification

Marco Anisetti is Full Professor in the Department of Computer Science at the Università degli Studi di Milano. His research interests are in the area of Computational Intelligence and its application to the design and evaluation of complex systems and services. Specifically, he has been investigating innovative solutions for security assurance and software/service certification for modern Edge and AI-assisted systems. In this area, he defined new schemes for continuous and incremental Cloud/Web service security certification based on the distributed assurance evaluation architecture that had percolated in his Moon Cloud spin-off. He is the winner of the 2010 GIRPR award for the best Ph.D. thesis and the 2009 Chester Sall Award from the IEEE Consumer Electronics Society. He is an editorial board member of IEEE Transactions on Cloud Computing, IEEE Transactions on Services Computing, and Future Generation Computer Systems (FGCS)  at Elsevier. He has been a program committee member for several international conferences and workshops in the area of distributed systems, service-based architectures, and security. He contributed to a number of EU projects including FP7 ASSET4SOA and FP7 CUMULUS focused on certification of services and H2020 CONCORDIA investigating security assurance for modern systems.

Claudio Agostino Ardagna is a Full Professor in the Department of Computer Science at the Università degli Studi di Milano, Italy, the Director of the CINI National Lab on Data Science, and co-founder of Moon Cloud srl. His research interests are in the areas of distributed systems security and assurance, cloud-edge and AI/ML certification, and data science. He is the winner of the ERCIM (European Research Consortium for Informatics and Mathematics) WG STM 2009 Award for the Best Ph.D. Thesis on Security and Trust Management. He has been an invited professor at the Université Jean Moulin Lyon 3 and a visiting researcher at Beijing University of Posts and Telecommunications, Khalifa University, and George Mason University. He is a member of the Steering Committee for IEEE Transactions on Cloud Computing, member of the editorial board of the IEEE Transactions on Cloud Computing and IEEE Transactions on Services Computing, and secretary of the IEEE Technical Committee on Services Computing. He has been Program Chair of several international conferences and workshops in the area of distributed systems and security and privacy. He co-authored with Professors Ernesto Damiani and Nabil El Ioini the book Open Source Systems Security Certification, published by Springer.

Ernesto Damiani serves as the acting Dean of Computing and Mathematical Sciences and Director of the Center for Cyber Physical Systems (C2PS) at Khalifa University in the UAE. He is a full professor in the Department of Computer Science at the Università degli Studi di Milano, Italy, where he leads the SESAR research lab.  His research interests include secure service-oriented architectures (SOA), certifiable robust Artificial intelligence and Data Analytics models, and cyber-physical systems security. Dr. Damiani has served as the Editor-in-Chief of the IEEE Transactions on Service-oriented Computing and as an Associate Editor of the IEEE Transactions on Fuzzy Systems. He is a senior member of the IEEE and served as Vice-Chair of the IEEE Technical Committee on Industrial Informatics. In 2008, Dr. Damiani was nominated as an ACM Distinguished Scientist and received the Chester Sall Award from the IEEE Industrial Electronics Society. Later, he received a doctorate honoris causa from Institut National des Sciences Appliquées (INSA) of Lyon, France, for his contributions to Big Data analysis platforms and architectures. In 2022, Ernesto was awarded the rank of Officer of the Order of the Star of Italy for his contribut

Preface.- Introduction.- History of Software Security Certification.-  Evidence-based Certification of Cloud Services.-  Certification of Modern Distributed Systems.- Beyond Cloud Service Certification.- Conclusions and Open Issues.