Multi-level Security for Deploying Distributed Applications on Clouds, Devices and Things

The deployment of the components of distributed systems is now often very dynamic - server-side components are virtualised so they can be dynamically deployed on a range of platforms including public and private clouds, while users expect to be able to install clients on devices from phones to tablets. This can introduce security problems that place data at risk. This paper describes a new method for modeling the security of a distributed application and generating the set of possible deployment options that meet the overall security requirements. The model encompasses the entities that influence the security of a distributed system: data, services networks and platforms (e.g. Clouds, devices and "things"). The paper describes the method and how it can be used to answer a range of security questions, using a set of case studies including federated clouds and mobile clients.