Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud Provider prospective in order to securely integrate frameworks and Infrastructures as a Services (IaaS) in a Cloud datacenter. There is no way to monitor and evaluate the provided security. In fact, Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Users are interested in tools to verify and monitor the implemented security requirements. On the other side, developers need tools to deploy Cloud application offering measurable security grants to end users. In this paper we will propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security and enable a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform. �� 2013 IEEE.
Developing secure cloud applications: A case study / Battista, Ermanno; Casola, Valentina; Mazzocca, Nicola; Ficco, Massimo; Rak, Massimiliano. - (2014), pp. 432-439. (Intervento presentato al convegno 15th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2013 tenutosi a Timisoara; Romania nel 23 September 2013 - 26 September 2013) [10.1109/SYNASC.2013.63].
Developing secure cloud applications: A case study
Ermanno Battista;Valentina Casola;Nicola Mazzocca;
2014
Abstract
Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud Provider prospective in order to securely integrate frameworks and Infrastructures as a Services (IaaS) in a Cloud datacenter. There is no way to monitor and evaluate the provided security. In fact, Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Users are interested in tools to verify and monitor the implemented security requirements. On the other side, developers need tools to deploy Cloud application offering measurable security grants to end users. In this paper we will propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security and enable a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform. �� 2013 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
