TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Methodology to obtain the security controls in multi-cloud applications

Tutkimustuotosvertaisarvioitu

Yksityiskohdat

AlkuperäiskieliEnglanti
OtsikkoCLOSER 2016 - Proceedings of the 6th International Conference on Cloud Computing and Services Science
KustantajaSCITEPRESS
Sivut327-332
Sivumäärä6
Vuosikerta1
ISBN (elektroninen)9789897581823
DOI - pysyväislinkit
TilaJulkaistu - 2016
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaINTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND SERVICES SCIENCE -
Kesto: 1 tammikuuta 1900 → …

Conference

ConferenceINTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND SERVICES SCIENCE
Ajanjakso1/01/00 → …

Tiivistelmä

What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications whose components are deployed in heterogeneous clouds is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications' security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications' SLAs for their monitoring and fulfilment assurance at operation.