Browsing by Author "Mallouli, Wissam"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems(2019-06-01) Rios Velasco, Erkuden; Iturbe, Eider; Larrucea, Xabier; Rak, Massimiliano; Mallouli, Wissam; Dominiak, Jacek; Muntes, Victor; Matthews, Peter; Gonzalez Moctezuma, Luis; Gonzalez, Luis; Tecnalia Research & Innovation; CIBERSEC&DLTCompliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.Item SLA-Based continuous security assurance in multi-cloud devops(2017) Rios, Erkuden; Rak, Massimiliano; Iturbe, Eider; Mallouli, Wissam; CIBERSEC&DLTMulti-cloud applications, i.e.Those that are deployed over multiple independent Cloud providers, pose a number of challenges to the security-Aware development and operation. Security assurance in such applications is hard due to the lack of insights of security controls ap-plied by Cloud providers and the need of controlling the security levels of all the components and layers at a time. This paper presents the MUSA approach to Service Level Agreement (SLA)-based continuous security assurance in multi-cloud applications. The paper details the proposed model for capturing the security controls in the offered application Se-curity SLA and the approach to continuously monitor and asses the controls at operation phase. This new approach enables to easily align development security requirements with controls monitored at operation as well as early react at operation to any possible security incident or SLA violation.