Towards Self-Protective Multi-Cloud Applications - MUSA – a Holistic Framework to Support the Security-Intelligent Lifecycle Management of Multi-Cloud Applications
Erkuden Rios, Eider Iturbe, Leire Orue-Echevarria, Massimiliano Rak, Valentina Casola
2015
Abstract
The most challenging applications in heterogeneous cloud ecosystems are those that are able to maximise the benefits of the combination of the cloud resources in use: multi-cloud applications. They have to deal with the security of the individual components as well as with the overall application security including the communications and the data flow between the components. In this paper we present a novel approach currently in progress, the MUSA framework. The MUSA framework aims to support the security-intelligent lifecycle management of distributed applications over heterogeneous cloud resources. The framework includes security-by-design mechanisms to allow application self-protection at runtime, as well as methods and tools for the integrated security assurance in both the engineering and operation of multi-cloud applications. The MUSA framework leverages security-by-design, agile and DevOps approaches to enable the security-aware development and operation of multi-cloud applications.
References
- A4Cloud Project. (2014). Accountability For Cloud and Other Future Internet Services. Retrieved from Accountability For Cloud and Other Future Internet Services.: www.a4cloud.eu/
- AgileManifesto. (2001, February 17). Manifiesto for Agile Development. Retrieved December 8, 2013, from Manifiesto for Agile Development: http://agilemanifesto.org/
- Almorsy, M., Grundy, J., & Ibrahim, A. S. (2011). Collaboration-based cloud computing security management framework. IEEE International Conference on Cloud Computing (CLOUD) (pp. 364- 371). IEEE.
- Antonescu, A.-F., Robinson, P., & Braun, T. (2012). Dynamic Topology Orchestration for Distributed Cloud-Based Applications. NCCA, (pp. 116 - 223).
- Apache. (2012). Apache jclouds. Retrieved April 2014, from Apache jclouds: http://jclouds.apache.org/
- ARTIST Consortium. (2012). ARTIST Projec . Retrieved April 15th, 2014, from ARTIST Project: http://www.artist-pro-ject.eu/
- ARTIST Consortium. (2013, September). Deliverable 7.2.1. Cloud services modelling and performance analysis framework. Retrieved April 2014, from Deliverable 7.2.1. Cloud services modelling and performance analysis framework: http://www.artistproject.eu/sites/default/files/D7.2.1%20Cloud%20serv ices%20modeling%20and%20performance%20analysi s%20framework_M12_30092013.pdf.
- ARTIST Consortium. (2013, September). Deliverable D4.3.1 Dissemination report. Retrieved April 2014, from Deliverable D4.3.1 Dissemination report: http://www.artistproject.eu/sites/default/files/D4.3.1%20Dissemination %20report_M12_01102013.pdf.
- Bitcurrent cloud computing survey. (2011). Bitcurrent cloud computing survey 2011. Bitcurrent cloud computing survey 2011.
- Bohli, J. et al. (2013). Security and Privacy Enhancing Multi-Cloud Architectures.
- Cloud Security Alliance. (2014). Cloud Controls Matrix. Retrieved April 2014, from Cloud Controls Matrix: https://cloudsecurityalliance.org/research/ccm.
- Cloud Data Protection Cert. (2013). Cloud Data Protection Cert. Retrieved April 2014, from Cloud Data Protection Cert: http://clouddataprotection.org/cert.
- CloudML project. (2013). Model-based provisioning and deployment of cloud based systems. CloudML project. Retrieved April 2014, from Model-based provisioning and deployment of cloud based systems. CloudML project: http://cloudml.org.
- Dekker, M., & Hogben, G. (2011). Survey and analysis of security parameters in cloud SLAs across the European public sector. Retrieved April 2014, from Survey and analysis of security parameters in cloud SLAs across the European public sector: http://www.enisa.europa.eu/activities/Resilience-andCIIP/cloud-computing/survey-and-analysis-ofsecurity-parameters-in-cloud-slas-across-theeuropean-public-sector.
- Expert Group Report. European Commission, I. S. (2010). The Future of Cloud Computing: Opportunities for European Cloud Computing Beyond 2010.
- Ferry, N. et al. (2013). Towards model-driven provisioning, deployment, monitoring, and adaptation of multi-cloud systems. CLOUD 2013: IEEE 6th International Conference on Cloud Computing, (pp. 887-894).
- Ferry, N., Chauve, F., Rossini, A., Morin, B., & Solberg, A. (2013). Managing multi-cloud systems with the CloudML framework. NordiCloud'13: 2nd Nordic Symposium on Cloud Computing & Internet Technologies. Oslo, Normay.
- Gartner. (n.d.). Gartner IT Glossary - Runtime Application Self-Protection (RASP). Retrieved April 2014, from http://www.gartner.com/it-glossary/runtimeapplication-self-protection-rasp (Retrieved April 2014).
- Hubbard, D., & Sutton, M. (2010). Top Threats to Cloud Computing V1. 0. Cloud Secuirty Alliance.
- IDC Cloud research. (2013, September). IDC Cloud research. Retrieved March 2014, from IDC Cloud research: http://www.idc.com/getdoc.jsp?containerId=prUS2429 8013.
- ISO/IEC 17826:2012. (2012). ISO/IEC 17826:2012 Information technology -- Cloud Data Management Interface (CDMI).
- ISO/IEC 27001. (n.d.). ISO/IEC 27001 Information Technology - Security Techniques - Information Security management Systems - requirements.
- Kandukuri, B., Paturi, V. R., & Rakshit, A. (2009). Cloud security issues. SCC'09. IEEE International Conference on Services Computing, 2009., (pp. 517- 520).
- Kreizman, G., & Robertson, B. (n.d.). Incorporating Security into the Enterprise Architecture Process. Retrieved April 2014, from Incorporating Security into the Enterprise Architecture Process: http://www.gartner.com/DisplayDocument?ref=g_sear ch&id=488575.
- Luna, J., et al. (2013). Negotiating and Brokering Cloud Resources based on Security Level Agreements. CLOSER 2013, (pp. 533-541).
- Mell, P., & Grance, T. (2010). The NIST definition of cloud computing. In ACM (Ed.), Communications of the ACM, 53, no. 6, p. 50.
- Miller, P. (2013, September). Sector RoadMap: Multicloud management in 2013.
- ModaClouds consortium. (2013, September). Deliverable 4.2.1 MODACloudML development - Initial version. Retrieved April 2014, from Deliverable 4.2.1 MODACloudML development - Initial version: http://www.modaclouds.eu/wpcontent/uploads/2012/09/MODAClouds_D4.2.1_MO DACloudMLDevelopmentInitialVersion.pdf.
- NIST 800-53r4. (2013). 291 NIST Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved April 2014, from 291 NIST Security and Privacy Controls for Federal Information Systems and Organizations: nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.S P.800-53r4.pdf.
- NIST SP500. (2010). 291 NIST Cloud Computing Standards Roadmap. Retrieved April 2014, from 291 NIST Cloud Computing Standards Roadmap: http://www.nist.gov/itl/cloud/upload/NIST_SP-500- 291_Version-2_2013_June18_FINAL.pdf.
- North Bridge in partnership with GigaOM Research. (2013). The future of cloud computing, 3rd annual survey 2013. Retrieved March 2014, from The future of cloud computing, 3rd annual survey 2013: http://www.northbridge.com/2013-cloud-computingsurvey.
- OASIS. (2013). Topology and Orchestration Specification for Cloud Applications Standard. Retrieved April 2014, from TOSCA standard by OASIS: www.oasisopen.org/committees/tc_home.php?wg_abbrev=tosca.
- PaaSage Consortium. (2014, April 30). Deliverable D2.1.2: CloudML Implementation Documentation (First version). Retrieved from Deliverable D2.1.2: CloudML Implementation Documentation (First version): http://www.paasage.eu/images/documents/paasage_d2 .1.2_final.pdf.
- REMICS Consortium. (2012). Deliverable 4.1 PIM4Cloud. Retrieved March 2014, from Deliverable 4.1 PIM4Cloud: http://www.remics.eu/system/files/REMICS_D4.1_V2 .0_LowResolution.pdf.
- Seaclouds consortium. (2013). Seaclouds project. Seamless adaptive multi-cloud management of service-based applications. Retrieved from Seaclouds project. Seamless adaptive multi-cloud management of service-based applications: http://www.seacloudsproject.eu/project.html.
- SPECS Project. (2014). Secure Provisioning of Cloud Services based on SLA management. Retrieved from Secure Provisioning of Cloud Services based on SLA management: http://specs-project.eu/
- Symantec. (2013). Choosing a Cloud Hosting Provider with Confidence. Retrieved April 2014, from Choosing a Cloud Hosting Provider with Confidence: http://www.itwhitepapers.com/content20287.
- VukoliC, M. (2010). The Byzantine empire in the intercloud. 41(3), 105-111.
- Waidner, M. (2009, November). Cloud computing and security. Lecture Univ. Stuttgart (November 2009). Retrieved from Cloud computing and security. Lecture Univ. Stuttgart (November 2009).
- Wikipedia ITS. (2014). Intelligent Transport Systems and Services (ITS) Factory Wiki. Retrieved April 2014, from Intelligent Transport Systems and Services (ITS) Factory Wiki: http://wiki.itsfactory.fi/index.php/ITS_Factory_Develo per_Wiki.
Paper Citation
in Harvard Style
Rios E., Iturbe E., Orue-Echevarria L., Rak M. and Casola V. (2015). Towards Self-Protective Multi-Cloud Applications - MUSA – a Holistic Framework to Support the Security-Intelligent Lifecycle Management of Multi-Cloud Applications . In Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-104-5, pages 551-558. DOI: 10.5220/0005492905510558
in Bibtex Style
@conference{closer15,
author={Erkuden Rios and Eider Iturbe and Leire Orue-Echevarria and Massimiliano Rak and Valentina Casola},
title={Towards Self-Protective Multi-Cloud Applications - MUSA – a Holistic Framework to Support the Security-Intelligent Lifecycle Management of Multi-Cloud Applications},
booktitle={Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2015},
pages={551-558},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005492905510558},
isbn={978-989-758-104-5},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Towards Self-Protective Multi-Cloud Applications - MUSA – a Holistic Framework to Support the Security-Intelligent Lifecycle Management of Multi-Cloud Applications
SN - 978-989-758-104-5
AU - Rios E.
AU - Iturbe E.
AU - Orue-Echevarria L.
AU - Rak M.
AU - Casola V.
PY - 2015
SP - 551
EP - 558
DO - 10.5220/0005492905510558