Towards secure and at-runtime tailorable customer-driven public cloud deployment

Cloud computing as a facility for outsourcing IT related tasks is a growing trend. Customer-driven application deployment in public clouds has to be secure and flexible by means of easing security configuration as well as by avoiding the vendor lock-in problem. In this paper we present an approach intending to meet these needs by (1) easing security configuration(s), (2) automating the consideration of security best practices and adding/enabling anonymity components at-runtime, and (3) by using Open Virtualization Format (OVF) in order to overcome the vendor lock-in problem. The requirements gathering is based on the needs of three projects from different business domains, the EU FP7 digital.me project, the multidisciplinary iFishWatcher/iAngle combined project and the joint german-french research and development project ReSCUe IT. All projects require empowering lay as well as experienced customers to (re-)deploy their own applications and migrate them easily by considering security thereby. Supporting tailorability of the deployed environment by adding anonymity components at-runtime without downtimes is a specific requirement in these projects. We present first results and discuss experiences and future work directions

Interdependent Security and Compliance in Service Selection

Application development today is characterized by ever shorter release cycles and more frequent change requests. Hence development methods such as service composition are increasingly arousing interest as viable alternative approaches. While employing web services as building blocks rapidly reduces development times, it raises new challenges regarding security and compliance since their implementation remains a black box which usually cannot be controlled. Security in particular gets even more challenging since some applications require domainspecific security objectives such as location privacy. Another important aspect is that security objectives are in general no singletons but subject to interdependence. Hence this thesis addresses the question of how to consider interdependent security and compliance in service composition. Current approaches for service composition do neither consider interdependent security nor compliance. Selecting suiting services for a composition is a combinatorial problem which is known to be NP-hard. Often this problem is solved utilizing genetic algorithms in order to obtain near-optimal solutions in reasonable time. This is particularly the case if multiple objectives have to be optimized simultaneously such as price, runtime and data encryption strength. Security properties of compositions are usually verified using formal methods. However, none of the available methods supports interdependence effects or defining arbitrary security objectives. Similarly, no current approach ensures compliance of service compositions during service selection. Instead, compliance is verified afterwards which might necessitate repeating the selection process in case of a non-compliant solution. In this thesis, novel approaches for considering interdependent security and compliance in service composition are being presented and discussed. Since no formal methods exist covering interdependence effects for security, this aspect is covered in terms of a security assessment. An assessment method is developed which builds upon the notion of structural decomposition in order to assess the fulfillment of arbitrary security objectives in terms of a utility function. Interdependence effects are being modeled as dependencies between utility functions. In order to enable compliance-awareness, an approach is presented which checks compliance of compositions during service selection and marks non-compliant parts. This enables to repair the corresponding parts during the selection process by replacing the current services and hence avoids the necessity to repeat the selection process. It is demonstrated how to embed the presented approaches into a genetic algorithm in order to ease integration with existing approaches for service composition. The developed approaches are being compared to state-of-the-art genetic algorithms using simulations