CSA Releases CloudTrust Protocol Prototype Source Code

Thanks to the support of our peer reviewers and contributors (including the EU projects SPECS, A4Cloud and CUMULUS), CSA is pleased to announce the release of an open-source prototype implementation of the CTP API.

The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service customers can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. CTP notably aims to define a standardised RESTful API that enables cloud customers to obtain measurements related to the security level of a cloud service, based on explicit security metrics.

The source code implements a CTP server that acts as a gateway between cloud customers and cloud providers:

• A cloud provider can push security measurements to the CTP server.
• A cloud customer can query the CTP server with the CTP API to access these measurements.

This prototype will be used to test, validate and fine-tune the CTP API specification and will be showcased as a monitoring interface in the context of the SPECS EU project. The code is released under the Apache Licence 2, and will be updated regularly with project results and community contributions.

For more information about the Cloud Trust Protocol (CTP) click here.

Download the source code

The Cloud Security Alliance is a partner in the EU FP7 SPECS project.

About the SPECS project

The SPECS project aims at developing and implementing an open source framework to offer Security-as-a-Service, by relying on the notion of security parameters specified in Service Level Agreements (SLA), and also providing the techniques to systematically manage their life-cycle.

For more information about the SPECS, visit the SPECS website at http://www.specs-project.eu/ or follow us on twitter @FP7SPECS.