Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

Valentina Casola; Alessandra De Benedictis; Massimiliano Rak; Erkuden Rios

doi:10.1016/j.procs.2016.08.280

Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

Valentina Casola
, Alessandra De Benedictis
, Massimiliano Rak^*
, Erkuden Rios

^*Autor correspondiente de este trabajo

Generales

Producción científica: Contribución a una revista › Artículo de la conferencia › revisión exhaustiva

33 Citas (Scopus)

3 Descargas (Pure)

Resumen

This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

Idioma original	Inglés
Páginas (desde-hasta)	53-62
Número de páginas	10
Publicación	Procedia Computer Science
Volumen	97
DOI	https://doi.org/10.1016/j.procs.2016.08.280
Estado	Publicada - 2016
Evento	2nd International Conference on Cloud Forward: From Distributed to Complete Computing, CF 2016 - Madrid, Espana Duración: 18 oct 2016 → 20 oct 2016

Acceder al documento

10.1016/j.procs.2016.08.280

Security-by-design in cloudsVersión publicada final, 291 KBLicencia: CC BY-NC-ND

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

@article{1f3a70acc37f4349a18c4fa17ffb4d67,

title = "Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications",

abstract = "This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.",

keywords = "Secure Cloud Applications, Secure Multi-cloud Applications, Security SLA, Security by design, Threat analysis",

author = "Valentina Casola and \{De Benedictis\}, Alessandra and Massimiliano Rak and Erkuden Rios",

year = "2016",

doi = "10.1016/j.procs.2016.08.280",

language = "English",

volume = "97",

pages = "53--62",

journal = "Procedia Computer Science",

issn = "1877-0509",

publisher = "Elsevier BV",

note = "2nd International Conference on Cloud Forward: From Distributed to Complete Computing, CF 2016 ; Conference date: 18-10-2016 Through 20-10-2016",

}

TY - JOUR

T1 - Security-by-design in Clouds

T2 - 2nd International Conference on Cloud Forward: From Distributed to Complete Computing, CF 2016

AU - Casola, Valentina

AU - De Benedictis, Alessandra

AU - Rak, Massimiliano

AU - Rios, Erkuden

PY - 2016

Y1 - 2016

N2 - This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

AB - This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

KW - Secure Cloud Applications

KW - Secure Multi-cloud Applications

KW - Security SLA

KW - Security by design

KW - Threat analysis

UR - https://www.scopus.com/pages/publications/84999025090

U2 - 10.1016/j.procs.2016.08.280

DO - 10.1016/j.procs.2016.08.280

M3 - Conference article

AN - SCOPUS:84999025090

SN - 1877-0509

VL - 97

SP - 53

EP - 62

JO - Procedia Computer Science

JF - Procedia Computer Science

Y2 - 18 October 2016 through 20 October 2016

ER -

Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

Resumen

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto