Data protection metrics for cloud services

Supervisor(s)Sebastian Luhn, MSc


Cloud services are a ubiquitous part of company IT infrastructures. Still, many questions regarding the security of data stored “in the cloud” as well as data protection issues arising from the fact that stored data can reside anywhere in the world are unanswered. The research project “VeriMetrix” aims to answer some of the questions regarding the compliance of cloud services with data protection laws. For this, measurements are automatically taken by probes in VMs of Infrastructure as a Service (IaaS) cloud platforms. These measurements are combined and condensed to metrics, showing whether a cloud service is or is not compliant to data protection demands.

This thesis comprises the development and implementation of said metrics. Firstly, on a theoretical level, available data has to be combined in a sensible way to allow for assessments of the cloud service regarding data protection issues. Secondly, if statistical analyses are used, data has to be preprocessed to be suitable for these analytical techniques. Finally, the metrics have to be implemented and evaluated.


  • Ammann, F.-E. and Sowa, A. Systematische Entwicklung von Metriken zur Beurteilung der Datensicherheit. Datenschutz und Datensicherheit (DuD), 36, 4 (2012), 247–251.
  • Chapin, D.A. and Akridge, S. How Can Security Be Measured? Information Systems Control Journal, 2, (2005), 43–47.
  • Sowa, A. Metriken – der Schlüssel zum erfolgreichen Security und Compliance Monitoring. Springer Berlin Heidelberg, 2011.