Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

Valentina Casola; Alessandra De Benedictis; Massimiliano Rak; Erkuden Rios

doi:10.1016/j.procs.2016.08.280

Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

Valentina Casola
, Alessandra De Benedictis
, Massimiliano Rak^*
, Erkuden Rios

^*Corresponding author for this work

General

Research output: Contribution to journal › Conference article › peer-review

33 Citations (Scopus)

2 Downloads (Pure)

Abstract

This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

Original language	English
Pages (from-to)	53-62
Number of pages	10
Journal	Procedia Computer Science
Volume	97
DOIs	https://doi.org/10.1016/j.procs.2016.08.280
Publication status	Published - 2016
Event	2nd International Conference on Cloud Forward: From Distributed to Complete Computing, CF 2016 - Madrid, Spain Duration: 18 Oct 2016 → 20 Oct 2016

Keywords

Secure Cloud Applications
Secure Multi-cloud Applications
Security SLA
Security by design
Threat analysis

Access to Document

10.1016/j.procs.2016.08.280

Security-by-design in cloudsFinal published version, 291 KBLicence: CC BY-NC-ND

Cite this

@article{1f3a70acc37f4349a18c4fa17ffb4d67,

title = "Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications",

abstract = "This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.",

keywords = "Secure Cloud Applications, Secure Multi-cloud Applications, Security SLA, Security by design, Threat analysis",

author = "Valentina Casola and \{De Benedictis\}, Alessandra and Massimiliano Rak and Erkuden Rios",

year = "2016",

doi = "10.1016/j.procs.2016.08.280",

language = "English",

volume = "97",

pages = "53--62",

journal = "Procedia Computer Science",

issn = "1877-0509",

publisher = "Elsevier BV",

note = "2nd International Conference on Cloud Forward: From Distributed to Complete Computing, CF 2016 ; Conference date: 18-10-2016 Through 20-10-2016",

}

TY - JOUR

T1 - Security-by-design in Clouds

T2 - 2nd International Conference on Cloud Forward: From Distributed to Complete Computing, CF 2016

AU - Casola, Valentina

AU - De Benedictis, Alessandra

AU - Rak, Massimiliano

AU - Rios, Erkuden

PY - 2016

Y1 - 2016

N2 - This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

AB - This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

KW - Secure Cloud Applications

KW - Secure Multi-cloud Applications

KW - Security SLA

KW - Security by design

KW - Threat analysis

UR - https://www.scopus.com/pages/publications/84999025090

U2 - 10.1016/j.procs.2016.08.280

DO - 10.1016/j.procs.2016.08.280

M3 - Conference article

AN - SCOPUS:84999025090

SN - 1877-0509

VL - 97

SP - 53

EP - 62

JO - Procedia Computer Science

JF - Procedia Computer Science

Y2 - 18 October 2016 through 20 October 2016

ER -

Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this