Developing secure cloud applications: A case study

Proceedings - 15th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2013

Volumn , Issue , 2013, Pages 432-439

  Battista, Ermanno ^a   Casola, Valentina ^a   Mazzocca, Nicola ^a   Ficco, Massimo ^b   Rak, Massimiliano ^b  

^a UNIVERSITY OF NAPLES FEDERICO II   (Italy)

^b SECOND UNIVERSITY OF NAPLES   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY;

APPLICATION DESIGN; CLOUD ADOPTIONS; CLOUD APPLICATIONS; SECURITY INTERACTIONS; SECURITY MECHANISM; SECURITY REQUIREMENTS; SERVICE LEVEL AGREEMENTS; SERVICE PROVIDER;

INFRASTRUCTURE AS A SERVICE (IAAS);

EID: 84904560034     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SYNASC.2013.63     Document Type: Conference Paper

References (27)

1. M. Ficco, L. Tasquier, and B. Di Martino, "Interconnection of federated clouds," Studies in Computational Intelligence, vol. 511, pp. 243-248, 2014.
2. W. Theilmann, R. Yahyapour, and J. Butler, "Multi-level sla management for service-oriented infrastructures," vol. 5377, pp. 324-335, 2008. [Online]. Available: http://dx.doi.org/10.1007/978-3-540-89897-9 28
3. M. Comuzzi, C. Kotsokalis, C. Rathfelder, W. Theilmann, U. Winkler, and G. Zacco, "A framework for multi-level sla management," vol. 6275, pp. 187-196, 2010. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-16132-2 18
4. CONTRAIL, "Contrail: Open computing infrastructres for elastic computing," http://contrail-project.eu/, 2010.
5. mOSAIC Project, "mosaic: Open source api and platform for multiple clouds," http://www.mosaic-cloud.eu, 2010.
6. A. Andrieux, K. Czajkowski, A. Dan, K. Keahey, H. Ludwig, T. Nakata, J. Pruyne, J. Rofrano, S. Tuecke, and M. Xu, "Web services agreement specification (ws-agreement)," in Global Grid Forum. The Global Grid Forum (GGF), 2004.
7. M. Ficco, "Security event correlation approach for cloud computing," High Performance Computing and Networking, vol. 7, no. 3, pp. 173-185, 2013.
8. M. Ficco and L. Romano, "A generic intrusion detection and diagnoser system based on complex event processing," in Proc. of the IEEE Int. Conf. on Data Compression, Communications and Processing (CCP'11). IEEE CPS, 2011, pp. 275-284.
9. I. Ivanov, M. van Sinderen F. Leymann, B. S. SciTePress, and T. Publications, Eds., Towards a cross platform Cloud API. Components for Cloud Federation, 2011.
10. V. Casola, A. Mazzeo, N. Mazzocca, and V. Vittorini, "A security metric for public key infrastructures," Journal of Computer Security, vol. 15, no. 2, 2007.
11. R. Preziosi, M. Rak, L. Troiano, and V. Casola, "A reference model for security level evaluation: Policy and fuzzy techniques," Journal of Universal Computer Science, January 2005.
12. V. Casola, A. Mazzeo, N. Mazzocca, and M. Rak, "A sla evaluation methodology in service oriented architectures," Advances in Information Security, vol. 23, pp. 119-130, 2006.
13. M. Ficco and M. Rak, "Intrusion tolerant approach for denial of service attacks to web services," Proc. of the IEEE Int. Conf. on Data Compression, Communications and Processing (CCP'11), pp. 285-292, 2011.
14. M. Ficco, M. Rak, and B. Di Martino, "An intrusion detection framework for supporting sla assessment in cloud computing," Proc. of the 4th IEEE Int. Conf. on Computational Aspects of Social Networks, pp. 244-249, 2012.
15. M. Ficco, S. Venticinque, and B. Di Martino, "mosaic-based intrusion detection framework for cloud computing," On the Move to Meaningful Internet Systems: OTM 2012, vol. 7566, pp. 628-644, 2012.
16. M. Jensen, N. Gruschka, R. Herkenhoner, and N. Luttenberger, "Soa and web services: new technologies, new standards-new attacks," Proc. of the 5th European Conf. on web services, pp. 35-44, 2007.
17. N. Gruschka and N. Luttenberger, "Protecting web services from dos attacks by soap message validation," IFIP Advances in Information and Communication Technology, vol. 201, pp. 171-182, 2011.
18. M. Ficco and M. Rak, "Intrusion tolerance in cloud applications: The mosaic approach," Proc. of the 6th International Conference on Complex, Intelligent, and Software Intensive Systems, (CISIS'12), pp. 170-176, 2012.
19. W.-Z. Lu and S.-Z. Yu, "An http flooding detection method based on browser behavior," Proc. of the Int. Conf. on Computational Intelligence and Security, vol. 2, pp. 1151-1154, 2006.
20. M. Ficco, L. Tasquier, and R. Aversa, "Intrusion detection in cloud computing," Proc. of the 8th Int. Conf.on P2P, Parallel, Grid, Cloud and Internet Computing, pp. 276-283, 2013.
21. M. Zulkernine, M. Graves, and M. Khan, "Integrating software specification into intrusion detection," Journal on Information Security, vol. 6, pp. 345-357, 2007.
22. D. Gilliam, J. Powell, E. Haugh, and M. Bishop, "Addressing software security risk and mitigations in the life cycle," Proc. of the 28th Annual NASA Goddard Software Engineering Workshop (SEW'03), pp. 201-206, 2003.
23. M. Hussein and M. Zulkernine, "Intrusion detection aware componentbased system: A specification-based framework," Journal of System and Software, vol. 80, no. 5, pp. 700-710, 2007.
24. Hussein and M. Zulkernine, "Umlintr-A uml profile for specifying intrusions," Proc. of the 13th IEEE International Conference and Workshop on the Engineering of Computer-Based Systems, pp. 279-286, 2006.
25. S. Eckmann, G. Vigna, and R. Kemmerer, "Statl-an attack language for state-based intrusion detection," Journal of Computer Security, vol. 10, no. 1-2, pp. 71-104, 2002.
26. M. Raihan and M. Zulkernine, "Asmlsec: An extension of abstract state machine language for attack scenario specification," Proc. of the 2nd Int. Confe. on Availability, Reliability and Security (ARES'07), pp. 775-782, 2007.
27. F. den Braber, I. Hogganvik, M. Lund, K. Stlen, and F. Vraalsen, "Model-based security analysis in seven steps-A guided tour to the coras method," BT Technology Journal, vol. 25, no. 1, pp. 101-117, 2007.