Methodology to obtain the security controls in multi-cloud applications

CLOSER 2016 - Proceedings of the 6th International Conference on Cloud Computing and Services Science

Volumn 1, Issue , 2016, Pages 327-332

  Afolaranmi, Samuel Olaiya ^a   Gonzalez Moctezuma, Luis E ^a   Rak, Massimiliano ^b   Casola, Valentina ^c   Rios, Erkuden ^d   Martinez Lastra, Jose L ^a  

^a TAMPERE UNIVERSITY OF TECHNOLOGY   (Finland)

^b SECOND UNIVERSITY OF NAPLES   (Italy)

^c UNIVERSITY OF NAPLES FEDERICO II   (Italy)

^d TECNALIA RESEARCH AND INNOVATION   (Spain)

Author keywords

Cyber security Methodologies; Multi cloud; Security by design; Threat Modelling

Indexed keywords

CLOUD COMPUTING; RISK ASSESSMENT;

APPLICATION PROVIDERS; COMPLEX SOFTWARE SYSTEMS; CYBER SECURITY; MULTI-CLOUDS; SECURITY CONTROLS; SECURITY MEASURE; SECURITY REQUIREMENTS; SERVICE LEVEL AGREEMENTS;

APPLICATION PROGRAMS;

EID: 84979747685     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.5220/0005912603270332     Document Type: Conference Paper

References (30)

1. Ferry, N., Rossini, A., Chauvel, F., Morin, B., & Solberg, A. (2013, June). Towards a model-driven provisioning, deployment, monitoring, and adaptation of multi-cloud systems. In Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on (pp. 887-894). IEEE.
2. Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R., Krishnan, R., Ahn, G. J., & Bertino, E. (2013). Collaboration in multicloud computing environments: Framework and security issues. Computer, (2), 76-84.
3. Bernstein, D., Ludvigson, E., Sankar, K., Diamond, S., & Morrow, M. (2009, May). Blueprint for the intercloudprotocols and formats for cloud computing interoperability. In Internet and Web Applications and Services, 2009. ICIW'09. Fourth International Conference on (pp. 328-336). IEEE.
4. Celesti, A., Tusa, F., Villari, M., & Puliafito, A. (2010, July). How to enhance cloud architectures to enable cross-federation. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on (pp. 337-345). IEEE.
5. Bohli, J.-M., Gruschka, N., Jensen, M., Iacono, L. L., and Marnau, N. (2013). Security and Privacy-Enhancing Multicloud Architectures. IEEE Transactions on Dependable and Secure Computing, 10(4):212-224.
6. Global Inter-cloud Technology Forum (2010). Use Cases and Functional Requirements for Inter-Cloud Computing. Technical report.
7. Nikolay Grozev and Buyya, R. (2012). Inter-Cloud architectures and application brokering: taxonomy and survey. Software - Practice and Experience, 44(3):369-390.
8. Petcu D, Crciun C, Neagul M, Panica S, Di Martino B, Venticinque S, Rak M, Aversa R. Architecturing a sky computing platform. In Proceedings of the International Conference Towards a Service-Based Internet Service Wave'10, Vol. 6569, Cezon M, Wolfsthal Y (eds). Springer-Verlag: Ghent, Belgium, 2011; 1-13.
9. Ferrer AJ, Hernández F, Tordsson J, Elmroth E, Ali-Eldin A, Zsigri C, Sirvent R, Guitart J, Badia RM, Djemame K, Ziegler W, Dimitrakos T, Nair SK, Kousiouris G, Konstanteli K, Varvarigou T, Hudzia B, Kipp A, Wesner S, Corrales M, Forgó N, Sharif T, Sheridan C. OPTIMIS: a holistic approach to cloud service provisioning. Future Generation Computer Systems 2012; 28(1):66-77.
10. Zeginis, D., D'Andria, F., Bocconi, S., Gorronogoitia Cruz, J., Collell Martin, O., Gouvas, P., Ledakis, G., and Tarabanis, K. a. (2013). A user-centric multi-PaaS application management solution for hybrid multi-Cloud scenarios. Scalable Computing: Practice and Experience, 14(1):17-32.
11. Alzain, M., Soh, B., and Pardede, E. (2014). TMRMCDB: Enhancing Security in a Multi-cloud Model through Improvement of Service Dependability.
12. Bernstein, D. and Vij, D. (2010). Intercloud security considerations. Proceedings - 2nd IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2010, pages 537-544.
13. Yan, Z., Hongxin, H., Gail-Joon, A., and Mengyang, Y. (2012). Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage. IEEE Transactions on Parallel and Distributed Systems,,23(12):2231-2244.2
14. Oliveira, P. F., Lima, L., Vinhoza, T. T. V., Barros, J., and Medard, M. (2010). Trusted Storage over Untrusted Networks. Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE, pages 1-5.
15. Myagmar, S. (2005). Threat Modeling as a Basis for Security Requirements. In StorageSS '05: Proceedings of the 2005 ACM workshop on Storage security and survivability, pages 94-102.
16. Shostack, A. (2008). Experiences threat modeling at Microsoft. CEUR Workshop Proceedings, 413:1{11.
17. Saini, V., Duan, Q., and Paruchuri, V. (2008). Threat modeling using attack trees. Journal of Computing Sciences, (APRIL):124-131.
18. Oladimeji, E. a., Supakkul, S., and Chung, L. (2006). Security threat modeling and analysis: A goal-oriented approach. Proc of the 10th IASTED International Conference on Software Engineering and Applications SEA 2006, pages 13-15.
19. Sodiya, A. S., Onashoga, S. A., and Oladunjoye, B. A. (2007). Threat modeling using fuzzy logic paradigm. Informing Science: International Journal of an Emerging Transdiscipline, 4(1):53-61.
20. Hussain, S., Kamal, A., Ahmad, S., Rasool, G., and Iqbal, S. (2014). Threat Modelling Methodologies: a Survey. 26(4):1607-1609.
21. Tondel, I. A., Jaatun, M. G., and Meland, P. H. (2008). Security requirements for the rest of us: A survey. IEEE Software, 25(1):20-27.
22. Open Web Application Security Project (OWASP). Application Threat Modeling. Available at: https://www.owasp.org/index.php/Application-Threat-Modeling
23. EU directive 95/46/EC. Available at: http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
24. Finnish Personal Data Act (523/1999). Available at: www.finlex.fi/en/laki/kaannokset/1999/19990523
25. National Institute of Standards and Technology (NIST), "SP 800-53 Rev.4 - Security and Privacy Controls for Federal Information Systems and Organizations," Natl. Inst. Stand. Technol. - Spec. Publ., vol. 800-53, pp. 1-460, 2014.
26. Cloud Security Alliance, "Cloud Controls Matrix, Version 1.2", Aug. 2011; https://cloudsecurityalliance.org/research/initiativesccm.
27. Valentina Casola, Alessandra de Benedictis, Massimiliano Rak," On the Adoption of Security SLAs in the Cloud", Springer International Publishing, 2015
28. Jesus Luna, Neeraj Suri, Michaela Iorga and Anil Kamel, "Leveraging the Potential of Cloud Security Service Level Agreements through Standards", IEEE Cloud Computing Magazine, Volume 2, Issue 3, Pages 32-40, July 2015
29. Valentina Casola, Alessandra De benedictis, Massimiliano Rak and Umberto Villano, "SLA-based Secure Cloud Application Development: the SPECS Framework", In MICAS 2015, Timisoara, 21-22 September 2015.
30. Bernsmed, K., Hakon Meland, P., Gilje Jaatun, M. (2015). Cloud Security Requirements. SINTEF ICT, Norway, 2015