IRIS

Multi-cloud applications, i.e.Those that are deployed over multiple independent Cloud providers, pose a number of challenges to the security-Aware development and operation. Security assurance in such applications is hard due to the lack of insights of security controls ap-plied by Cloud providers and the need of controlling the security levels of all the components and layers at a time. This paper presents the MUSA approach to Service Level Agreement (SLA)-based continuous security assurance in multi-cloud applications. The paper details the proposed model for capturing the security controls in the offered application Se-curity SLA and the approach to continuously monitor and asses the controls at operation phase. This new approach enables to easily align development security requirements with controls monitored at operation as well as early react at operation to any possible security incident or SLA violation.

SLA-Based continuous security assurance in multi-cloud devops / Rios, Erkuden; Rak, Massimiliano; Iturbe, Eider; Mallouli, Wissam. - 1977:(2017), pp. 50-68. (Intervento presentato al convegno 2017 International Workshop on Secure Software Engineering in DevOps and Agile Development, SecSE 2017 tenutosi a nor nel 2017).

SLA-Based continuous security assurance in multi-cloud devops

Rak, Massimiliano;
2017

Abstract

Multi-cloud applications, i.e.Those that are deployed over multiple independent Cloud providers, pose a number of challenges to the security-Aware development and operation. Security assurance in such applications is hard due to the lack of insights of security controls ap-plied by Cloud providers and the need of controlling the security levels of all the components and layers at a time. This paper presents the MUSA approach to Service Level Agreement (SLA)-based continuous security assurance in multi-cloud applications. The paper details the proposed model for capturing the security controls in the offered application Se-curity SLA and the approach to continuously monitor and asses the controls at operation phase. This new approach enables to easily align development security requirements with controls monitored at operation as well as early react at operation to any possible security incident or SLA violation.
2017
SLA-Based continuous security assurance in multi-cloud devops / Rios, Erkuden; Rak, Massimiliano; Iturbe, Eider; Mallouli, Wissam. - 1977:(2017), pp. 50-68. (Intervento presentato al convegno 2017 International Workshop on Secure Software Engineering in DevOps and Agile Development, SecSE 2017 tenutosi a nor nel 2017).
4.1 Articoli in Atti di convegno
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/986024
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact