Abstract
This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.
Original language | English |
---|---|
Pages (from-to) | 53-62 |
Number of pages | 10 |
Journal | Procedia Computer Science |
Volume | 97 |
DOIs | |
Publication status | Published - 2016 |
Event | 2nd International Conference on Cloud Forward: From Distributed to Complete Computing, CF 2016 - Madrid, Spain Duration: 18 Oct 2016 → 20 Oct 2016 |
Keywords
- Secure Cloud Applications
- Secure Multi-cloud Applications
- Security by design
- Security SLA
- Threat analysis