Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate the security mechanisms enforced by service provider. Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Customers are interested in tools to verify and monitor the implemented security requirements. On the other hand, developers need tools to deploy Cloud applications offering measurable security grants to end users. In this paper, we propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security. It enables a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform. �� 2014 SCPE.
Developing secure cloud applications / Rak, Massimiliano; Ficco, Massimo; Battista, Ermanno; Casola, Valentina; Mazzocca, Nicola. - In: SCALABLE COMPUTING. PRACTICE AND EXPERIENCE. - ISSN 1895-1767. - 15:1(2014), pp. 49-62. [10.12694/scpe.v15i1.965]
Developing secure cloud applications
Massimiliano Rak;Ermanno Battista;Valentina Casola;Nicola Mazzocca
2014
Abstract
Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate the security mechanisms enforced by service provider. Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Customers are interested in tools to verify and monitor the implemented security requirements. On the other hand, developers need tools to deploy Cloud applications offering measurable security grants to end users. In this paper, we propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security. It enables a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform. �� 2014 SCPE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
