Skip to main content
Springer Nature Link
Log in

Security-Based Adaptation of Multi-cloud Applications

  • Conference paper
Data Privacy Management, and Security Assurance (DPM 2015, QASA 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9481))

  • 1023 Accesses

Abstract

Multi-cloud application management can optimize the provisioning of cloud-based applications by exploiting whole variety of services offered by cloud providers and avoiding vendor lock-in. To enable such management, model-driven approaches promise to partially automate the provisioning process. However, such approaches tend to neglect security aspects and focus only on low-level infrastructure details or quality of service aspects. As such, our previous work proposed a security meta-model, bridging the gap between high- and low-level security requirements and capabilities, able to express security models exploited by a planning algorithm to derive an optimal application deployment plan by considering both types of security requirements. This work goes one step further by focusing on runtime adaptation of multi-cloud applications based on security aspects. It advocates using adaptation rules, expressed in the event-condition-action form, which drive application adaptation behaviour and enable assuring a more-or-less stable security level. Firing such rules relies on deploying security metrics and adaptation code in the cloud to continuously monitor rule event conditions and fire adaptation actions for applications when the need arises.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    www.openvas.org.

  2. 2.

    activiti.org.

  3. 3.

    www.fail2ban.org.

  4. 4.

    www.snort.org.

  5. 5.

    www.ossec.net.

  6. 6.

    suricata-ids.org.

  7. 7.

    https://www.aescrypt.com/.

  8. 8.

    https://diskcryptor.net/wiki/Main_Page.

  9. 9.

    https://veracrypt.codeplex.com/.

  10. 10.

    www.choco-solver.org.

References

  1. Rossini, A., Nikolov, N., Romero, D., Domaschka, J., Kritikos, K., Kirkham, T., Solberg, A.: D2.1.2 – CloudML Implementation Documentation. Paasage project deliverable, April 2014

    Google Scholar 

  2. Massonet, P., Luna, J., Pannetrat, A., Trapero, R.: Idea: optimising multi-cloud deployments with security controls as constraints. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 102–110. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  3. Kritikos, K., Massonet, P.: An integrated security meta-model for run-time and design time cloud deployment adaptation. Submitted to IEEE Transactions on Cloud Computing (2015)

    Google Scholar 

  4. Kritikos, K., Domaschka, J., Rossini, A.: SRL: a scalability rule language for multi-cloud environments. In: CloudCom 2014, pp. 1–9 (2014)

    Google Scholar 

  5. Cloud Control Matrix (2011). http://www.cloudsecurityalliance.org/cm.html

  6. Pannetrat, A.: D2.1: Security-aware SLA specification language and cloud security dependency model. Cumulus Project Deliverable (2013)

    Google Scholar 

  7. The Center for Internet Security: The CIS security metrics v.1.10, USA, Technical report 28 (2010)

    Google Scholar 

  8. Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., Robinson, W.: Performance measurement guide for information security. National Institute of Standards and Technology, USA, Technical report, July 2008

    Google Scholar 

  9. Mello Ferreira, A., Kritikos, K., Pernici, B.: Energy-aware design of service-based applications. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 99–114. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Hwang, C., Yoon, K.: Multiple Criteria Decision Making. Lect. Notes Econ. Math. (1981)

    Google Scholar 

  11. Saati: The Analytic Hierarchy Process. McGraw-Hill (1980)

    Google Scholar 

  12. Xiong, P., Pu, C., Zhu, X., Griffith, R.: vperfguard: An automated model-driven framework for application performance diagnosis in consolidated cloud environments. In: ICPE, pp. 271–282. ACM, New York (2013)

    Google Scholar 

  13. Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009, pp. 183–194. ACM, New York (2009)

    Google Scholar 

  14. Almorsy, M., Grundy, J., Ibrahim, A.: Adaptable, model-driven security engineering for saas cloud-based applications. Autom. Softw. Eng. 21(2), 187–224 (2014)

    Article  Google Scholar 

  15. Kang, E., Jackson, D.: A model-based framework for security configuration analysis (manuscript, 2012)

    Google Scholar 

  16. Kalloniatis, C., Mouratidis, H., Islam, S.: Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Eng. 18(4), 299–319 (2013). ISSN: 0947-3602

    Article  Google Scholar 

Download references

Acknowledgements

This work is partially funded by the EU FP7 PaaSage project.

Author information

Authors and Affiliations

  1. ICS-FORTH, Heraklion, Greece

    Kyriakos Kritikos

  2. CETIC, Gosselies, Belgium

    Philippe Massonet

Authors
  1. Kyriakos Kritikos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Philippe Massonet
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philippe Massonet .

Editor information

Editors and Affiliations

  1. Telecom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. Universitat Autònoma de Barcelona, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. University of Urbino, Urbino, Italy

    Alessandro Aldini

  4. National Research Council - C.N.R., Pisa, Italy

    Fabio Martinelli

  5. Department of Computer Science, TU Darmstadt, Darmstadt, Germany

    Neeraj Suri

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Kritikos, K., Massonet, P. (2016). Security-Based Adaptation of Multi-cloud Applications. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management, and Security Assurance. DPM QASA 2015 2015. Lecture Notes in Computer Science(), vol 9481. Springer, Cham. https://doi.org/10.1007/978-3-319-29883-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29883-2_4

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29882-5

  • Online ISBN: 978-3-319-29883-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation