Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud Provider prospective in order to securely integrate frameworks and Infrastructures as a Services (IaaS) in a Cloud datacenter. There is no way to monitor and evaluate the provided security. In fact, Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Users are interested in tools to verify and monitor the implemented security requirements. On the other side, developers need tools to deploy Cloud application offering measurable security grants to end users. In this paper we will propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security and enable a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform.

Developing Secure Cloud Applications: A Case Study

FICCO, Massimo;
2013-01-01

Abstract

Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud Provider prospective in order to securely integrate frameworks and Infrastructures as a Services (IaaS) in a Cloud datacenter. There is no way to monitor and evaluate the provided security. In fact, Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Users are interested in tools to verify and monitor the implemented security requirements. On the other side, developers need tools to deploy Cloud application offering measurable security grants to end users. In this paper we will propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security and enable a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform.
2013
978-1-4799-3035-7
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4776183
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact