Methodology to obtain the security controls in multi-cloud applications

Thumbnail Image
Files
Methodology to obtain the security controls in multicloud applications.pdf (464.98 KB)
Identifiers
ISBN: 978-989-758-182-3
ISBN: 9789897581823
DOI: 10.5220/0005912603270332
Publication date
2016
Authors
Advisors
Journal Title
Journal ISSN
Volume Title
Publisher
SCITEPRESS Digital Library
Citations
Google Scholar
Export
Research Projects
Organizational Units
Journal Issue
Abstract
What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications’ security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications’ SLAs for their monitoring and fulfilment assurance at operation.
Description
Publisher Copyright: Copyright © 2016 by SCITEPRESS-Science and Technology Publications, Lda. All rights reserved.
Keywords
Multi-cloud , Security-by-design , Cyber-security methodologies , Threat modelling , Multi-cloud , Security-by-design , Cyber-security methodologies , Threat modelling , Computer Science (miscellaneous) , Computer Science Applications , Software , Project ID , info:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSA , info:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSA , Funding Info , European Commission's H2020 , European Commission's H2020
Type
conference output
Citation
Afolaranmi , S O , Gonzalez Moctezuma , L E , Rak , M , Casola , V , Rios , E & Martinez Lastra , J L 2016 , Methodology to obtain the security controls in multi-cloud applications . in J Cardoso , J Cardoso , D Ferguson , V M Munoz & M Helfert (eds) , unknown . 1 , SCITEPRESS Digital Library , pp. 327-332 , 6th International Conference on Cloud Computing and Services Science, CLOSER 2016 , Rome , Italy , 23/04/16 . https://doi.org/10.5220/0005912603270332
conference