Towards Self-Protective Multi-Cloud Applications: MUSA – a Holistic Framework to Support the Security-Intelligent Lifecycle Management of Multi-Cloud Applications

The most challenging applications in heterogeneous cloud ecosystems are those that are able to maximise the benefits of the combination of the cloud resources in use: multi-cloud applications. They have to deal with the security of the individual components as well as with the overall application security including the communications and the data flow between the components. In this paper we present a novel approach currently in progress, the MUSA framework. The MUSA framework aims to support the security-intelligent lifecycle management of distributed applications over heterogeneous cloud resources. The framework includes security-by-design mechanisms to allow application self-protection at runtime, as well as methods and tools for the integrated security assurance in both the engineering and operation of multi-cloud applications. The MUSA framework leverages security-by-design, agile and DevOps approaches to enable the security-aware development and operation of multi-cloud applications.European Commission's H202

SecLA-based negotiation and brokering of cloud resources

As the popularity of Cloud computing has grown during the last years, the choice of Cloud Service Provider (CSP) has become an important issue from user’s perspective. Although the Cloud users are more and more concerned about their security in the Cloud and might have some specific security requirements, currently this choice is based on requirements related to the offered Service Level Agreements (SLA) and costs. Most of the CSPs do not provide user- understandable information regarding the security levels associated with their services, and in this way impede the users to negotiate their security requirements. In other words, the users do not have the technical means in terms of tools and semantics to choose the CSP that best suits their security demands. Industrial efforts on specification of Cloud security parameters in SLAs, also known as “Security Level Agreements” or SecLAs represent the initial steps towards solving this problem. The aim of this paper is to propose a practical approach that enables user-centric negotiation and brokering of Cloud resources. The proposed methodology relies on both the notion of SecLAs for establishing a common semantic between the CSPs and the users, and on a quantitative approach to evaluate the security levels associated with the specific SecLAs. This work is a result of the joint effort spent on the security metrologyrelated techniques being developed by the EU FP7 projects ABC4Trust/ SPECS and, the framework for SLA-based negotiation and Cloud resource brokering proposed by the EU FP7 mOSAIC project. The feasibility of the proposed negotiation approach and its applicability for Cloud Federations is demonstrated in the paper with a real-world case study considering a scenario presented in the FP7 project SPECS. The presented scenario shows the negotiation of a user’s security requirements with respect to a set of CSPs SecLAs, using both the information available in the Cloud Security Alliance’s “Security, Trust & Assurance Registry” (CSA STAR) and the WS-Agreement standard. © Springer International Publishing Switzerland 2014