Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak*, Erkuden Rios

*Corresponding author for this work

Research output: Contribution to journalConference articlepeer-review

31 Citations (Scopus)

Abstract

This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

Original languageEnglish
Pages (from-to)53-62
Number of pages10
JournalProcedia Computer Science
Volume97
DOIs
Publication statusPublished - 2016
Event2nd International Conference on Cloud Forward: From Distributed to Complete Computing, CF 2016 - Madrid, Spain
Duration: 18 Oct 201620 Oct 2016

Keywords

  • Secure Cloud Applications
  • Secure Multi-cloud Applications
  • Security by design
  • Security SLA
  • Threat analysis

Fingerprint

Dive into the research topics of 'Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications'. Together they form a unique fingerprint.

Cite this