Abstract
Multi-cloud applications, i.e.Those that are deployed over multiple independent Cloud providers, pose a number of challenges to the security-Aware development and operation. Security assurance in such applications is hard due to the lack of insights of security controls ap-plied by Cloud providers and the need of controlling the security levels of all the components and layers at a time. This paper presents the MUSA approach to Service Level Agreement (SLA)-based continuous security assurance in multi-cloud applications. The paper details the proposed model for capturing the security controls in the offered application Se-curity SLA and the approach to continuously monitor and asses the controls at operation phase. This new approach enables to easily align development security requirements with controls monitored at operation as well as early react at operation to any possible security incident or SLA violation.
Original language | English |
---|---|
Pages (from-to) | 50-68 |
Number of pages | 19 |
Journal | CEUR Workshop Proceedings |
Volume | 1977 |
Publication status | Published - 2017 |
Event | 2017 International Workshop on Secure Software Engineering in DevOps and Agile Development, SecSE 2017 - Oslo, Norway Duration: 14 Sept 2017 → … |
Keywords
- Cloud security controls
- Cloud security SLA
- Multi-cloud monitoring
- Multi-cloud security
- Security assurance
- Security in DevOps
Project and Funding Information
- Project ID
- info:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSA
- Funding Info
- The MUSA project leading to this paper has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No. 644429.