Towards Self-Protective Multi-Cloud Applications: MUSA – a Holistic Framework to Support the Security-Intelligent Lifecycle Management of Multi-Cloud Applications

The most challenging applications in heterogeneous cloud ecosystems are those that are able to maximise the benefits of the combination of the cloud resources in use: multi-cloud applications. They have to deal with the security of the individual components as well as with the overall application security including the communications and the data flow between the components. In this paper we present a novel approach currently in progress, the MUSA framework. The MUSA framework aims to support the security-intelligent lifecycle management of distributed applications over heterogeneous cloud resources. The framework includes security-by-design mechanisms to allow application self-protection at runtime, as well as methods and tools for the integrated security assurance in both the engineering and operation of multi-cloud applications. The MUSA framework leverages security-by-design, agile and DevOps approaches to enable the security-aware development and operation of multi-cloud applications.European Commission's H202

Negotiating and brokering Cloud resources based on Security Level Agreements

Cloud users often motivate their choice of Cloud Service Provider (CSP) based on requirements related with the offered Service Level Agreements (SLA) and costs. Unfortunately, while security has started to play an important role in the decision of using the Cloud, it is quite uncommon for CSPs to specify the security levels associated with their services. This often results in users without the means (i.e., tools and semantics) to negotiate their security requirements with CSPs, in order to choose the one that best suits their needs. However, the recent industrial efforts on specification of Cloud security parameters in SLAs, also known as "Security Level Agreements" or SecLAs is a positive development. In this paper we propose a practical approach to enable the user-centric negotiation and brokering of Cloud resources, based on both the common semantic established by the use of SecLAs and, its quantitative evaluation. The contributed techniques and architecture are the result of jointly applying the security metrology-related techniques being developed by the EU FP7 project ABC4Trust and, the framework for SLA-based negotiation and Cloud resource brokering proposed by the EU FP7 mOSAIC project. The proposed negotiation approach is both feasible and well-suited for Cloud Federations, as demonstrated in this paper with a real-world case study. The presented scenario shows the negotiation of a user's security requirements with respect to a set of CSPs SecLAs, using both the information available in the Cloud Security Alliance's "Security, Trust & Assurance Registry" (CSA STAR) and the WS-Agreement standard