Methodology to obtain the security controls in multi-cloud applications

Samuel Olaiya Afolaranmi; Luis E. Gonzalez Moctezuma; Massimiliano Rak; Valentina Casola; Erkuden Rios; Jose L. Martinez Lastra

doi:10.5220/0005912603270332

Methodology to obtain the security controls in multi-cloud applications

Samuel Olaiya Afolaranmi
, Luis E. Gonzalez Moctezuma
, Massimiliano Rak
, Valentina Casola
, Erkuden Rios
, Jose L. Martinez Lastra

CIBERSEC and DLT

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

9 Citas (Scopus)

21 Descargas (Pure)

Resumen

What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications’ security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications’ SLAs for their monitoring and fulfilment assurance at operation.

Idioma original	Inglés
Título de la publicación alojada	unknown
Editores	Jorge Cardoso, Jorge Cardoso, Donald Ferguson, Victor Mendez Munoz, Markus Helfert
Editorial	SCITEPRESS Digital Library
Páginas	327-332
Número de páginas	6
ISBN (versión digital)	9789897581823
ISBN (versión impresa)	978-989-758-182-3
DOI	https://doi.org/10.5220/0005912603270332
Estado	Publicada - 2016
Evento	6th International Conference on Cloud Computing and Services Science, CLOSER 2016 - Rome, Italia Duración: 23 abr 2016 → 25 abr 2016

Serie de la publicación

Nombre	1

Conferencia

Conferencia	6th International Conference on Cloud Computing and Services Science, CLOSER 2016
País/Territorio	Italia
Ciudad	Rome
Período	23/04/16 → 25/04/16

Palabras clave

Multi-cloud
Security-by-design
Cyber-security methodologies
Threat modelling

Project and Funding Information

Project ID
info:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSA
Funding Info
European Commission's H2020

Acceder al documento

10.5220/0005912603270332

Methodology to obtain the security controls in multicloud applicationsVersión publicada final, 465 KB

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

@inproceedings{d1174c9a54ac41c689d5dd23f340cb3c,

title = "Methodology to obtain the security controls in multi-cloud applications",

abstract = "What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications{\textquoteright} security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications{\textquoteright} SLAs for their monitoring and fulfilment assurance at operation.",

keywords = "Multi-cloud, Security-by-design, Cyber-security methodologies, Threat modelling, Multi-cloud, Security-by-design, Cyber-security methodologies, Threat modelling",

author = "Afolaranmi, \{Samuel Olaiya\} and \{Gonzalez Moctezuma\}, \{Luis E.\} and Massimiliano Rak and Valentina Casola and Erkuden Rios and \{Martinez Lastra\}, \{Jose L.\}",

note = "Publisher Copyright: Copyright {\textcopyright} 2016 by SCITEPRESS-Science and Technology Publications, Lda. All rights reserved.; 6th International Conference on Cloud Computing and Services Science, CLOSER 2016 ; Conference date: 23-04-2016 Through 25-04-2016",

year = "2016",

doi = "10.5220/0005912603270332",

language = "English",

isbn = "978-989-758-182-3",

series = "1",

publisher = "SCITEPRESS Digital Library",

pages = "327--332",

editor = "Jorge Cardoso and Jorge Cardoso and Donald Ferguson and Munoz, \{Victor Mendez\} and Markus Helfert",

booktitle = "unknown",

}

Afolaranmi, SO, Gonzalez Moctezuma, LE, Rak, M, Casola, V, Rios, E & Martinez Lastra, JL 2016, Methodology to obtain the security controls in multi-cloud applications. En J Cardoso, J Cardoso, D Ferguson, VM Munoz & M Helfert (eds.), unknown. 1, SCITEPRESS Digital Library, pp. 327-332, 6th International Conference on Cloud Computing and Services Science, CLOSER 2016, Rome, Italia, 23/04/16. https://doi.org/10.5220/0005912603270332

Methodology to obtain the security controls in multi-cloud applications. / Afolaranmi, Samuel Olaiya; Gonzalez Moctezuma, Luis E.; Rak, Massimiliano et al.
unknown. ed. / Jorge Cardoso; Jorge Cardoso; Donald Ferguson; Victor Mendez Munoz; Markus Helfert. SCITEPRESS Digital Library, 2016. p. 327-332 (1).

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

TY - GEN

T1 - Methodology to obtain the security controls in multi-cloud applications

AU - Afolaranmi, Samuel Olaiya

AU - Gonzalez Moctezuma, Luis E.

AU - Rak, Massimiliano

AU - Casola, Valentina

AU - Rios, Erkuden

AU - Martinez Lastra, Jose L.

PY - 2016

Y1 - 2016

N2 - What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications’ security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications’ SLAs for their monitoring and fulfilment assurance at operation.

AB - What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications’ security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications’ SLAs for their monitoring and fulfilment assurance at operation.

KW - Multi-cloud

KW - Security-by-design

KW - Cyber-security methodologies

KW - Threat modelling

KW - Multi-cloud

KW - Security-by-design

KW - Cyber-security methodologies

KW - Threat modelling

UR - https://www.scopus.com/pages/publications/84979747685

U2 - 10.5220/0005912603270332

DO - 10.5220/0005912603270332

M3 - Conference contribution

SN - 978-989-758-182-3

T3 - 1

SP - 327

EP - 332

BT - unknown

A2 - Cardoso, Jorge

A2 - Ferguson, Donald

A2 - Munoz, Victor Mendez

A2 - Helfert, Markus

PB - SCITEPRESS Digital Library

T2 - 6th International Conference on Cloud Computing and Services Science, CLOSER 2016

Y2 - 23 April 2016 through 25 April 2016

ER -

Methodology to obtain the security controls in multi-cloud applications

Resumen

Serie de la publicación

Conferencia

Palabras clave

Project and Funding Information

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto