ADAPTIVE SECURITY POLICY MODEL TO DEPLOY BUSINESS PROCESS IN CLOUD INFRASTRUCTURE
Wendpanga Francis Ouedraogo, Frédérique Biennier, Parisa Ghodous
2012
Abstract
The development of collaborative service ecosystem relies mostly on software services spanning multiple organisations in order to provide agile support for business applications. By moving part of their information system on Cloud infrastructure, companies take advantage of new Business models and scalable environments, increasing IT productivity while reducing IS management costs. Nevertheless, this underlying outsourcing strategy may be braked by a lack of security and trust on this new infrastructure model as traditional security engineering and deployment methods are not designed for such an agile and opened environment. To overcome this limit, we propose a multi-dimensional model integrating both the cloud level (XaaS) and the cloud characteristics (Private, public, hybrid) to generate convenient security policy in a dynamic way. Based on security patterns, our multi-dimensional solution has been implemented to capture security requirements related to both information system design and runtime environment.
References
- PROCESS 2.0 project, 2010.
- http://research.petalslink.org/display/process20/Process+2. 0+Overview.
- Scheer, A., Nüttgens, M., 2000. ARIS Architecture and Reference Models for Business Process Management, Springer-Verlag London, UK.
- Rodriguez, A., Fernandez-Medina, E., Piattini, M., 2007. A BPMN extension foe the modelling of security requirements in business processes the institute of electronics, Information and Communication Engineers (IEICE), Vol.E90-D, NO.4.
- Mülle J, von Stackelberg S, Klemen A. 2011. Security Language for BPMN Process Models, Karlsruhe institute of technology, Germany.
- ANSSI, 2004. Expression des besoins et identification des objectifs de sécurité. la démarche ” France.
- Club de la sécurité de l'Information Français (CLUSIF), 2010. MEHARI 2010. Guide de la démarche d'analyse et de traitement des risques, France.
- Alberts, C., Dorofee, A., Stevens J., Woody C., 2003. Introduction to the OCTAVE Approach, Carnegie Mellon University, Pittsburgh.
- Cloud Cube Model, April 2009, Selecting Cloud Formations for Secure Collaboration, Jericho Forum.
- Sinclair, J., Hudzia, B., Lindner, M., 2011. “Architecture for compliance analysis of distributed service based systems”. The first International Conference on Cloud Computing and Services Science, CLOSER 2011 Belfast, Northern Ireland, U.K.
- Organization for the Advancement of Structured Information Standards (OASIS), 2009. OASIS: Reference Architecture Foundation for Service Oriented Architecture, Version 1.0, pp. 96-102.
Paper Citation
in Harvard Style
Francis Ouedraogo W., Biennier F. and Ghodous P. (2012). ADAPTIVE SECURITY POLICY MODEL TO DEPLOY BUSINESS PROCESS IN CLOUD INFRASTRUCTURE . In Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8565-05-1, pages 287-290. DOI: 10.5220/0003929202870290
in Bibtex Style
@conference{closer12,
author={Wendpanga Francis Ouedraogo and Frédérique Biennier and Parisa Ghodous},
title={ADAPTIVE SECURITY POLICY MODEL TO DEPLOY BUSINESS PROCESS IN CLOUD INFRASTRUCTURE},
booktitle={Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2012},
pages={287-290},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003929202870290},
isbn={978-989-8565-05-1},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - ADAPTIVE SECURITY POLICY MODEL TO DEPLOY BUSINESS PROCESS IN CLOUD INFRASTRUCTURE
SN - 978-989-8565-05-1
AU - Francis Ouedraogo W.
AU - Biennier F.
AU - Ghodous P.
PY - 2012
SP - 287
EP - 290
DO - 10.5220/0003929202870290