• DocumentCode
    2186516
  • Title

    Developing Secure Cloud Applications: A Case Study

  • Author

    Battista, Ermanno ; Casola, V. ; Mazzocca, Nicola ; Ficco, Massimo ; Rak, Massimiliano

  • Author_Institution
    Dept. of Electr. Eng. & Inf. Technol., Univ. of Naples Federico II, Naples, Italy
  • fYear
    2013
  • fDate
    23-26 Sept. 2013
  • Firstpage
    432
  • Lastpage
    439
  • Abstract
    Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud Provider prospective in order to securely integrate frameworks and Infrastructures as a Services (IaaS) in a Cloud datacenter. There is no way to monitor and evaluate the provided security. In fact, Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Users are interested in tools to verify and monitor the implemented security requirements. On the other side, developers need tools to deploy Cloud application offering measurable security grants to end users. In this paper we will propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security and enable a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform.
  • Keywords
    cloud computing; computer centres; contracts; security of data; IaaS; application design process; cloud adoption; cloud datacenter; cloud platforms; cloud provider prospective; infrastructures as a services; mOSAIC platform; secure cloud applications; security guarantees; security loss perception; security mechanisms; security requirements; service level agreements; Cloud computing; Monitoring; Queueing analysis; Security; Virtual machining; XML;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), 2013 15th International Symposium on
  • Conference_Location
    Timisoara
  • Print_ISBN
    978-1-4799-3035-7
  • Type

    conf

  • DOI
    10.1109/SYNASC.2013.63
  • Filename
    6821180