Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

https://doi.org/10.1016/j.procs.2016.08.280Get rights and content
Under a Creative Commons license
open access

Abstract

This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats.

The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

Keywords

Security by design
Secure Cloud Applications
Secure Multi-cloud Applications
Security SLA
Threat analysis

Cited by (0)

Peer-review under responsibility of organizing committee of the international conference on cloud forward: From Distributed to Complete Computing.