Your search keyword '"Casola, Valentina"' showing total 27 results

1. A Security SLA-driven Methodology to Set-Up Security Capabilities on Top of Cloud Services

Author

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Madalina Erascu, Casola, Valentina, Benedictis, A.D., Erascu, M., Rak, M., Villano, U., Barolli L.,Xhafa F.,Ikeda M., Casola, Valentina, Benedictis, Alessandra De, Erascu, Madalina, Rak, Massimiliano, Villano, Umberto, Casola, V., De Benedictis, A., Erascu, M., Rak, M., and Villano, U.

Subjects

Cloud computing security, Computer science, 05 social sciences, 020207 software engineering, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Security testing, Security service, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, Security through obscurity, Security convergence, 0501 psychology and cognitive sciences, computer, 050107 human factors, Software

Abstract

The extensive use of cloud services by both individual users and organizations induces several security risks. The risk perception is higher when Cloud Service Providers (CSPs) do not clearly state their security policies and/or when such policies do not directly match user-defined requirements. Security-oriented Service Level Agreements (Security SLAs) represent a fundamental means to encourage the adoption of cloud services in contexts where security is mandatory. Nevertheless, despite the number of existing initiatives aimed at formalizing Security SLAs and at representing security guarantees by taking into account both customers' and providers' perspectives, they are far from being commonly adopted in practice by CSPs, due to the difficulty in automatically enforcing and monitoring the security capabilities agreed with customers. In this paper we illustrate, through a case study, a methodology to set-up a catalogue of security capabilities that can be offered as-a-service, on top of which specific guarantees can be specified through a Security SLA. Such a methodology, which explicitly takes into account the constraints behind the definition of formal guarantees related to security, is meant to serve as a guideline for providers willing to offer for their services specific security features that can be monitored and assessed by customers during operation.

Published

2016

2. Per-service security SLAs for cloud security management: Model and implementation

Author

Alessandra De Benedictis, Massimiliano Rak, Valentina Casola, Umberto Villano, Jolanda Modic, Casola, V., De Benedictis, A., Modic, J., Rak, M., Villano, U., Casola, Valentina, De Benedictis, Alessandra, Modic, Jolanda, Rak, Massimiliano, and Villano, Umberto

Subjects

Computer science, Context (language use), Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Security service level agreement, Management Information Systems, Management Information System, 0202 electrical engineering, electronic engineering, information engineering, Service (business), Cloud computing security, business.industry, Applied Mathematics, Per-service SLA, Provisioning, Computer Science Applications1707 Computer Vision and Pattern Recognition, 020207 software engineering, Computer Science Applications, Web container, Service level, Cloud security, 020201 artificial intelligence & image processing, Software architecture, business, computer

Abstract

In the cloud computing context, Service Level Agreements (SLAs) 'tailored' to specific Cloud Service Customers (CSCs) seem to be still an utopia, and things are even worse as regards the security terms to be guaranteed. In fact, existing cloud SLAs focus only on a few service terms, and Cloud Service Providers (CSPs) mainly provide uniform guarantees for all offered services and for all customers, regardless of any particular service characteristics or of customer-specific needs. This paper presents a framework that enables the adoption of a per-service SLA model, supporting the automatic implementation of cloud security SLAs tailored to the needs of each customer for specific service instances. In particular, the process and the software architecture for per-service SLA implementation are shown. A case study application, related to the provisioning of a secure web container service, is presented and discussed, to demonstrate the feasibility and effectiveness of the proposed solution.

Published

2018

3. Security SLA in Next Generation Data Centers, the SPECS Approach

Author

Silvio La Porta, Massimiliano Rak, Valentina Casola, Andrew Byrne, Rak, Massimiliano, Casola, V. La Porta, S, Byrne, A., Ferguson D.,Helfert M.,Cardoso J.,Mendez Munoz V., Rak, Massimiliano, Casola, Valentina, La Porta, Silvio, and Byrne, Andrew

Subjects

ngDC, Computer science, media_common.quotation_subject, Cloud computing, 02 engineering and technology, computer.software_genre, Computer security, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Mathematics (all), media_common, Cloud computing security, Security SLA, business.industry, Computer Science (all), 020206 networking & telecommunications, Provisioning, Virtualization, Negotiation, Security service, Cloud security, Information technology management, Key (cryptography), business, Cloud, computer

Abstract

Next generation Data Centers (ngDC) provide a significant evolution how storage resources can be provisioned. They are cloud-based architectures offering flexible IT infrastructure and services through the virtualization of resources: managing in an integrated way compute, network and storage resources. Despite the multitude of benefits available when leveraging a Cloud infrastructure, wide scale Cloud adoption for sensitive or critical business applications still faces resistance. One of the key limiting factors holding back larger adoption of Cloud services is trust. To cope with this, datacenter customers need more guarantees about the security levels provided, creating the need for tools to dynamically negotiate and monitor the security requirements. The SPECS project proposes a platform that offers security features with an as-a-service approach, furthermore it uses Security Service Level Agreements (Security SLA) as a means for establishing a clear statement between customers and providers to define a mutual agreement. This paper presents an industrial use case from EMC that integrates the SPECS Platform with their innovative solutions for the ngDC. In particular, the paper illustrates how it is possible to negotiate, enforce and monitor a Security SLA in a cloud infrastructure offering.

Published

2017

4. Automatically Enforcing Security SLAs in the Cloud

Author

Madalina Erascu, Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Jolanda Modic, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Modic, Jolanda, Erascu, Madalina, and DE BENEDICTIS, Alessandra

Subjects

Information Systems and Management, Cloud security security service level agreement optimal resource allocation, Computer Networks and Communications, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Logical security, Security information and event management, Security engineering, 0202 electrical engineering, electronic engineering, information engineering, 020203 distributed computing, Cloud computing security, optimal resource allocation, security service level agreement, Computer Science Applications1707 Computer Vision and Pattern Recognition, Computer security model, Computer Science Applications, Computer Networks and Communication, Security service, Software security assurance, Hardware and Architecture, Cloud security, Network security policy, 020201 artificial intelligence & image processing, computer

Abstract

Dealing with the provisioning of cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that they are understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLOs)), (ii) automating the provisioning of security mechanisms able to grant desired security features (by means of a security-driven resource allocation process), and (iii) continuously monitoring the services in order to verify the fulfillment of specified Security SLOs (by means of cloud security monitoring solutions). We propose to face the Security SLA life cycle management with a framework able to enrich cloud applications with security features. In this paper we (i) present a novel Security SLA model and (ii) illustrate a security-driven planning process that can be adopted to determine the (optimum) deployment of security-related software components. Such process takes into account both specific implementation constraints of the security components to be deployed and customers security requirements, and enables the automatic provisioning and configuration of all needed resources. In order to demonstrate the applicability of the approach, we present and discuss a practical application of the model on a real case study.

Published

2017

5. Towards Model-Based Security Assessment of Cloud Applications

Author

Alessandra De Benedictis, Valentina Casola, Roberto Nardone, Casola, Valentina, DE BENEDICTIS, Alessandra, and Nardone, Roberto

Subjects

Cloud computing security, business.industry, Process (engineering), Computer science, Computer Science (all), Model-based security assessment, 020207 software engineering, Cloud computing, 02 engineering and technology, Requirements elicitation, Theoretical Computer Science, Test case, Cloud security, Secure cloud applications, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Secure cloud application, Software engineering, business, Abstraction (linguistics)

Abstract

Security issues are still posing limitations to the full exploitation of the potential of the cloud computing paradigm, and cloud developers are more and more required to take security into account from the very beginning of the development process. Unfortunately, the application of classical security best practices may be not enough due to the involvement of cloud services provided by third-parties and out of the control of the developer. In this paper, to overcome this issue, we introduce and discuss a model-based process for the security assessment of cloud applications. In particular, we suggest a complete process that can be executed within the lifecycle of a cloud application, from the requirement elicitation up to the validation (both static and dynamic through the generation and execution of suitable test cases) of the final deployment against security requirements. In this work, we sketch the process main phases and illustrate the high-level modelling languages that have been defined to describe an application at different levels of abstraction and to formalize both security requirements of applications and security features offered by existing cloud services. A running example involving the assessment of a simple yet realistic cloud application is used throughout the paper to better illustrate the proposal and to demonstrate its feasibility and effectiveness.

Published

2017

6. Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

Author

Massimiliano Rak, Erkuden Rios, Valentina Casola, Alessandra De Benedictis, Keith Jeffery, Lutz Schubert, Vassiliki Andronikou, Efstathios Karanastasis and Geir Horn, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Rios, Erkuden, DE BENEDICTIS, Alessandra, and Rios Velasco, Erkuden

Subjects

Computer science, Vulnerability, Cloud computing, Secure Cloud Application, 02 engineering and technology, Secure Cloud Applications, Asset (computer security), Computer security, computer.software_genre, Security testing, Security information and event management, Secure Multi-cloud Applications, Risk analysis (business), 0202 electrical engineering, electronic engineering, information engineering, General Environmental Science, Cloud computing security, Security SLA, business.industry, Security by design, 020207 software engineering, Information security, Computer security model, Web application security, Security controls, Secure by design, Countermeasure, Security service, Software security assurance, Secure Multi-cloud Application, Security through obscurity, General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, business, Threat analysis, computer

Abstract

This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

Published

2016

7. Per-service security sla: A new model for security management in clouds

Author

Massimiliano Rak, Umberto Villano, Alessandra De Benedictis, Valentina Casola, Jolanda Modic, Sumitra M. Reddy, West Virginia University, USA Walid Gaaloul, Institut Mines, Télécom SudParis, Paris, France, Casola, Valentina, De Benedictis, Alessandra, Modic, Jolanda, Rak, Massimiliano, Villano, Umberto, and DE BENEDICTIS, Alessandra

Subjects

Service (business), Cloud computing security, Computer science, business.industry, Service level objective, Per-service SLA, 020207 software engineering, Service level requirement, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Security service level agreement, Computer Networks and Communication, Security service, Hardware and Architecture, Cloud testing, Cloud security, Modeling and Simulation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Data as a service, business, computer

Abstract

In the cloud computing context, Service Level Agreements (SLAs) are contracts between Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs), stating the guaranteed quality level of the services offered by CSPs. Existing cloud SLAs focus only on few service terms, completely ignoring all security related aspects. They are often reported in a way that is hardly understandable for customers. Moreover, they offer guarantees uniform for all offered services and all customers, regardless of particular service characteristics or customers specific needs. This paper presents a framework that enables the adoption of a per-service SLA model, by supporting the automatic implementation of cloud Security SLAs tailored to the needs of each customer for specific service instances. In particular, the process and the software architecture for per-service SLA implementation are shown. A case study application demonstrates the feasibility and effectiveness of the proposed solution.

Published

2016

8. SLA-based secure cloud application development

Author

Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Valentina Casola, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Villano, Umberto, and DE BENEDICTIS, Alessandra

Subjects

Service (business), Cloud computing security, General Computer Science, business.industry, Computer science, Computer Science (all), Services computing, 020206 networking & telecommunications, Provisioning, Cloud computing, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, Security service level agreement, Application lifecycle management, Security service, Automatic enforcement of security, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Secure cloud application, business, computer

Abstract

The perception of lack of control over resources deployed in the cloud may represent one of the critical factors for an organization to decide to cloudify or not its own services. The flat security features offered by commercial cloud providers to every customer, from simple practitioners to managers of huge amounts of sensitive data and services, is an additional problem. In recent years, the concept of Security Service Level Agreements (Security SLAs) is assuming a key role for the secure provisioning of cloud resources and services. This paper illustrates how to develop cloud applications that deliver services covered by Security SLAs by means of the services and tools provided by the SPECS framework, developed in the context of the SPECS (Secure Provisioning of Cloud Services based on SLA Management) European Project. The whole (SPECS) application's life cycle is dealt with, in order to give a comprehensive view of the different parties involved and of the processes needed to offer security guarantees on top of cloud services. The discussed development process is exemplified by means of a real-world case study consisting in a cloud application offering a secure web container service.

Published

2016

9. Providing security SLA in next generation Data Centers with SPECS: The EMC case study

Author

Valentina Casola, Massimiliano Rak, Andrew Byrne, Silvio La Porta, Casola, Valentina, Rak, Massimiliano, La Porta, Silvio, Byrne, Andrew, and Munoz V.M.,Helfert M.,Cardoso J.,Ferguson D.,Cardoso J.

Subjects

Cloud computing security, Security SLA, Computer science, business.industry, media_common.quotation_subject, Control (management), Cloud computing, Computer Science Applications1707 Computer Vision and Pattern Recognition, Computer security model, Computer security, computer.software_genre, Security information and event management, Negotiation, Security service, Software security assurance, Cloud security, NgDC, Computer Science (miscellaneous), business, computer, Cloud, Software, media_common

Abstract

Next generation Data Centers (ngDC) are the cloud-based architectures devoted to offering infrastructure services in flexible ways: managing in an integrated way compute, network and storage services. This solution is very attractive from an organisation’s perspective but one of the main challenges to adoption is the perception of loss of security and control over resources that are dynamically acquired in the cloud and that reside on remote providers. For a full adoption, datacenter customers need more guarantees about the security levels provided, creating the need for tools to dynamically negotiate and monitor the security requirements. The SPECS project proposes a platform that offers security features with an as-a-service approach, furthermore it uses Security Service Level Agreements (Security SLA) as a means for establishing a clear statement between customers and providers to define a mutual agreement. This paper presents an industrial experience from EMC that integrates the SPECS Platform and their innovative solutions for ngDC. In particular, the paper will illustrate how it is possible to negotiate, enforce and monitor a Security SLA in a cloud infrastructure offering.

Published

2016

10. Healthcare-Related Data in the Cloud: Challenges and Opportunities

Author

Kim-Kwang Raymond Choo, Aniello Castiglione, Christian Esposito, Valentina Casola, Casola, Valentina, Castiglione, Aniello, Choo, Kk, and Esposito, Cristian

Subjects

Underpinning, Cloud computing security, Computer Networks and Communications, business.industry, Computer science, Medical record, Internet privacy, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Column (database), Computer Science Applications, Health care, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Key (cryptography), 020201 artificial intelligence & image processing, Confidentiality, business, computer, Software

Abstract

A key issue in electronic health systems is the underlying security and privacy risk. For example, confidential patient information or medical records ending up in the hands of a person not privy to the information could have far-reaching consequences. With the trend toward cloud computing use in the healthcare industry continuing to grow (for example, using cloud platforms to digitally manage health-related data including electronic health records), security and privacy concerns must be adequately addressed, and regulations on data protections made to be in compliance. This column examines several key issues and requirements underpinning the use of cloud computing for managing healthcare-related data as well as potential solutions.

Published

2016

11. SLA-Based Secure Cloud Application Development: The SPECS Framework

Author

Alessandra De Benedictis, Valentina Casola, Massimiliano Rak, Umberto Villano, Valentina Casola, Alessandra De Benedictis , Massimiliano Rak, Umberto Villano, Casola, Valentina, Benedictis, Alessandra De, Rak, Massimiliano, Villano, Umberto, and DE BENEDICTIS, Alessandra

Subjects

Web server, Numerical Analysis, Cloud computing security, Control and Optimization, business.industry, Computer science, Supply chain, Cloud computing, Provisioning, Context (language use), Computer Science Applications1707 Computer Vision and Pattern Recognition, SPECS, Computer security, computer.software_genre, Secure Web Server, Computer Networks and Communication, Security service, Secure Cloud Application Development, Computational Mathematic, Key (cryptography), Security Service Level Agreement, business, computer

Abstract

The perception of lack of control over resources deployed in the cloud may represent one of the critical factors for an organization to decide to cloudify or not their own services. Furthermore, in spite of the idea of offering security-as-a-service, the development of secure cloud applications requires security skills that can slow down the adoption of the cloud for nonexpert users. In the recent years, the concept of Security Service Level Agreements (Security SLA) is assuming a key role in the provisioning of cloud resources. This paper presents the SPECS framework, which enables the development of secure cloud applications covered by a Security SLA. The SPECS framework offers APIs to manage the whole Security SLA life cycle and provides all the functionalities needed to automatize the enforcement of proper security mechanisms and to monitor userdefined security features. The development process of SPECS applications offering security-enhanced services is illustrated, presenting as a real-world case study the provisioning of a secure web server.

Published

2016

12. Cloud Security: From Per-Provider to Per-Service Security SLAs

Author

Alessandra De Benedictis, Valentina Casola, Massimiliano Rak, Umberto Villano, Casola, Valentina, DE BENEDICTIS, Alessandra, Rak, Massimiliano, Villano, Umberto, De Benedictis, Alessandra, Casola, V., Rak, M., Villano, U., and De Benedictis, Alessandra

Subjects

Service (business), 021110 strategic, defence & security studies, Cloud computing security, Security SLA, business.industry, Computer science, Comparing Cloud Service Provider, Supply chain, Software as a service, Service lifecycle, 0211 other engineering and technologies, Computer Science Applications1707 Computer Vision and Pattern Recognition, Context (language use), Cloud computing, 02 engineering and technology, Cloud service provider, Computer security, computer.software_genre, Computer Networks and Communication, Cloud security, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, Cloud, computer

Abstract

Cloud Security is still considered one of the main factors inhibiting the diffusion of the Cloud Computing paradigm. Potential Cloud Service Customers (CSCs) do not trust delegating every kind of resources and data to external Cloud Service Providers (CSPs). The problem grows in complexity due to the increasing adoption of complex supply chains: CSPs that offer Sofware-as-a-Service (SaaS) cloud services often do not have their own data centers, but just acquire resources and services from other CSPs. This makes ithard, if not impossible, to ascribe the responsibility of a securityincident. A possible solution is the adoption of Security ServiceLevel Agreements (SLAs): CSPs should deliver services withan SLA that details each guarantee offered in terms of security, and CSCs should be able to compare offerings from differentCSPs and verify that SLAs are respected during service lifecycle. This paper shows how it is possible to build up a per-serviceSecurity SLA in a chain of cloud services, proposing asolution based on a security evaluation technique to comparedifferent cloud service supply chains based on their SecuritySLAs.

Published

2016

13. Security Monitoring in the Cloud: An SLA-Based Approach

Author

Alessandra De Benedictis, Valentina Casola, Massimiliano Rak, Casola, Valentina, DE BENEDICTIS, Alessandra, Rak, Massimiliano, Stefan Katzenbeisser, Abdelmalek Benzekri, and De Benedictis, Alessandra

Subjects

Cloud computing security, Open VAS, business.industry, Computer science, Sherwood Applied Business Security Architecture, Covert channel, Computer Science Applications1707 Computer Vision and Pattern Recognition, Computer security model, Security information and event management, Cloud security monitoring, Computer Networks and Communication, Security service, Distributed System Security Architecture, Hardware and Architecture, Software security assurance, Security Service Level Agreement, Vulnerability monitoring, Software engineering, business, Computer network

Abstract

In this paper we present a monitoring architecture that is automatically configured and activated based on a signed Security SLA. Such monitoring architecture integrates different security-related monitoring tools (either developed ad-hoc or already available as open-source or commercial products) to collect measurements related to specific metrics associated with the set of security Service Level Objectives (SLOs) that have been specified in the Security SLA. To demonstrate our approach, we discuss a case study related to detection and management of vulnerabilities and illustrate the integration of the popular open source monitoring system Open VAS into our monitoring architecture. We show how the system is configured and activated by means of available Cloud automation technologies and provide a concrete example of related SLOs and metrics.

Published

2015

14. On the adoption of security SLAs in the cloud

Author

Alessandra De Benedictis, Valentina Casola, Massimiliano Rak, Casola, Valentina, DE BENEDICTIS, Alessandra, Rak, Massimiliano, Fernandez-Gago C.,Felici M., and De Benedictis, Alessandra

Subjects

Cloud computing security, Cover (telecommunications), Standardization, Security SLA, Computer science, business.industry, media_common.quotation_subject, Computer Science (all), Cloud computing, Computer security, computer.software_genre, Theoretical Computer Science, Negotiation, Service-level agreement, SLA life cycle, Security service, Service Level Agreement, Enforcement, business, computer, media_common

Abstract

Can security be provided as-a-Service? Is it possible to cover a security service by a proper Service Level Agreement? This paper tries to reply to these questions by presenting some ongoing research activities from standardization bodies and academia, trying to cope with the open issues in the management of Security Service Level Agreement in its whole life cycle, made of negotiation, enforcement and monitoring phases. © Springer International Publishing Switzerland 2015.

Published

2015

15. DoS Protection in the Cloud through the SPECS Services

Author

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Messina F.,Xhafa F.,Ogiela M.R.,Barolli L, Casola, Valentina, Benedictis, Alessandra De, Rak, Massimiliano, Villano, Umberto, and DE BENEDICTIS, Alessandra

Subjects

Cloud computing security, Computer Networks and Communications, OSSEC, Computer security model, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Cloud security monitoring, Security service, Software security assurance, Security through obscurity, Security convergence, DoS attack, Security Service Level Agreement, Business, computer

Abstract

Security in cloud environments is always considered an issue, due to the lack of control over leased resources. In this paper, we present a solution that offers security-as-a-service by relying on Security Service Level Agreements (Security SLAs) as a means to represent the security features to be granted. In particular, we focus on a security mechanism that is automatically configured and activated in an as-a-service fashion in order to protect cloud resources against DoS attacks. The activities reported in this paper are part of a wider work carried out in the FP7-ICT programme project SPECS, which aims at building a framework offering Security-as-a-Service using an SLA-based approach. The proposed approach founds on the adoption of SPECS Services to negotiate, to enforce and to monitor suitable security metrics, chosen by cloud customers, negotiated with the provider and included in a signed Security SLA.

Published

2015

16. Developing Secure Cloud Applications

Author

Valentina Casola, Massimo Ficco, Nicola Mazzocca, Massimiliano Rak, Ermanno Battista, Rak, Massimiliano, Ficco, Massimo, Battista, Ermanno, Casola, Valentina, Mazzocca, Nicola, Battista, E, Casola, V, and Mazzocca, N.

Subjects

Cloud computing security, General Computer Science, secure application design, Computer science, Sale, Computer security model, Computer security, computer.software_genre, Security testing, Security information and event management, Security engineering, Security service, Cloud security, security engineering, Human-computer interaction in information security, Security through obscurity, Cloud security, Secure application design, Security engineering, Tool, Application design, Cloud applications, Cloud securities, Cloud service providers, Security engineering, Security interactions, Security requirements, Service Level Agreement, computer

Abstract

Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate the security mechanisms enforced by service provider. Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Customers are interested in tools to verify and monitor the implemented security requirements. On the other hand, developers need tools to deploy Cloud applications offering measurable security grants to end users. In this paper, we propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security. It enables a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform.

Published

2014

17. A Cloud Application for Security Service Level Agreement Evaluation

Author

Valentina Casola, Giuseppe Alfieri, Massimiliano Rak, INSTICC, Casola, V., Rak, Massimiliano, Alfieri, G., Casola, Valentina, and Alfieri, Giuseppe

Subjects

Cloud computing security, Computer science, business.industry, Cloud application, Cloud computing, SPECS, Computer security model, Computer security, computer.software_genre, Security information and event management, Negotiation, Service-level agreement, Security service, Security, Security through obscurity, Security convergence, SLA, business, computer

Abstract

Cloud security is today considered the main limit to a widespread adoption of Cloud Computing. In this paradigm, due to the serlf-service on-demand characteristic, all data, servers infrastructures resides on the cloud and charged on a pay-per-use basis. If this implies great advantages from business point of view, because there are no maintenance and start-up costs for infrastructures, there is the perception of a loss of control over the resources, that impacts the security requirements. Academic works and the Cloud community (e.g., work-groups at the European Network and Information Security Agency, ENISA) have identified that specifying security parameters in Service Level Agreements actually enables the establishment of a common semantic in order to model security among users and Cloud Service providers (CSPs). However, despite the state of the art efforts aiming at building and representing Cloud SecLAs there is still a gap on the techniques to reason about them. Moreover a lot of activities are being carrying out to clearly state which are the parameters to be shared, their meanings and how they affect service provisioning. In this paper we propose to build up cloud applications that are able to offer Security level Evaluation over SLA expressed in many different ways. Such applications can be offered as a service by Third Parties in order to help customers to evaluate the offerings from providers. Such application can be used in order to help customers to negotiate security parameters in a Multi-Cloud system and perform Cloud brokering on the basis of a quantitative evaluation of security parameters.

Published

2014

18. Developing Secure Cloud Applications: A Case Study

Author

Nicola Mazzocca, Ermanno Battista, Massimo Ficco, Valentina Casola, Massimiliano Rak, IEEE CS Press, Battista, E, Casola, V, Mazzocca, N, Ficco, Massimo, Rak, Massimiliano, Battista, Ermanno, Casola, Valentina, and Mazzocca, Nicola

Subjects

Security engineering, Cloud computing security, Security service, Software security assurance, Computer science, Security through obscurity, Computer security model, Computer security, computer.software_genre, computer, Logical security, Security information and event management

Abstract

Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud Provider prospective in order to securely integrate frameworks and Infrastructures as a Services (IaaS) in a Cloud datacenter. There is no way to monitor and evaluate the provided security. In fact, Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Users are interested in tools to verify and monitor the implemented security requirements. On the other side, developers need tools to deploy Cloud application offering measurable security grants to end users. In this paper we will propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security and enable a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform. �� 2013 IEEE.

Published

2013

19. Security as a Service Using an SLA-Based Approach via SPECS

Author

Neeraj Suri, Valentina Casola, Massimiliano Rak, Umberto Villano, Dana Petcu, Jesus Luna, CloudCom, Rak, Massimiliano, Suri, Neeraj, Luna, Jesu, Petcu, Dana, Casola, Valentina, Villano, Umberto, and Suri, Nerraj

Subjects

Computer science, Standard of Good Practice, Data security, Covert channel, Cloud computing, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Security testing, Cloud Security, Security engineering, Corporate security, Cloud computing security, Service Level Agreements, business.industry, Security as a service, Information security, Service provider, Computer security model, Cloud Computing, Security-as-a-Service, ITIL security management, Security service, Software security assurance, Security through obscurity, Security convergence, Network security policy, business, computer

Abstract

The cloud offers attractive options to migrate corporate applications, without any implication for the corporate security manager to manage or to secure physical resources. While this ease of migration is appealing, several security issues arise: can the validity of corporate legal compliance regulations still be ensured for remote data storage? How is it possible to assess the Cloud Service Provider (CSP) ability to meet corporate security requirements? Can one monitor and enforce the agreed cloud security levels? Unfortunately, no comprehensive solutions exist for these issues. In this context, we introduce a new approach, named SPECS. It aims to offer mechanisms to specify cloud security requirements and to assess the security features offered by CSPs, and to integrate the desired security services (e.g., credential and access management) into cloud services with a Security-as-a-Service approach. Furthermore, SPECS intends to provide systematic approaches to negotiate, to monitor and to enforce the security parameters specified in Service Level Agreements (SLA), to develop and to deploy security services that are cloud SLA-aware and are implemented as an open-source Platform-as-a-Service (PaaS). This paper introduces the main concepts of SPECS.

Published

2013

20. An SLA-based approach to manage sensor networks as-a-service

Author

Giuseppe Aversano, Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Casola, Valentina, DE BENEDICTIS, Alessandra, Rak, Massimiliano, Aversano, Giuseppe, Villano, Umberto, CloudCom, and Benedictis, Alessandra de

Subjects

Computer science, Distributed computing, Cloud computing, computer.software_genre, Sensor networks Cloud application, Cloud testing, Mobile wireless sensor network, Model sensor, Cloud computing security, mOSAIC, business.industry, Operational parameter, Virtualization, Sensor web, Key distribution in wireless sensor networks, Non-functional feature, Resource Virtualization, Cloud provider, The Internet, Data as a service, SLA, business, Wireless sensor network, computer, Data as a service (DaaS), Computer network

Abstract

The integration of sensing infrastructures into the Cloud gives a number of advantages in providing sensor data as a service over the Internet. Many solutions are now available in the literature, and most of them focus on modeling sensor networks as part of the infrastructure to be offered as a service (IaaS), directly managed by means of the Cloud tools that provide resource virtualization. We propose a different approach: sensor networks are modeled as providers that offer their resources to a Cloud application that runs independently from Cloud providers. Being offered as a Service, any user can negotiate with the provider his desired requirements in terms of operational parameters and non-functional features (i.e. security, dependability, etc). In particular, we propose a SLA-based approach for the specification and management of usage term guarantees related to the access and configuration of private sensor networks. To this end, a Cloud Sensing Brokering Platform is designed to illustrate the innovative way to integrate Cloud and Sensor Networks.

Published

2013

21. Security and Performance Trade-off in PerfCloud

Author

Valentina Casola, Massimiliano Rak, Antonio Cuomo, Umberto Villano, MARIO GUARRACINO, FRDRIC VIVIEN, JESPER TRFF, MARIO CANNATORO, MARCO DANELUTTO, ANDERS HAST, FRANCESCA PERLA, ANDREAS KNPFER, BENIAMINO DI MARTINO, MICHAEL ALEXANDER, Valentina, Casola, Antonio, Cuomo, Rak, Massimiliano, Umberto, Villano, M. R. Guarracino et al., Casola, Valentina, Cuomo, Antonio, and Villano, Umberto

Subjects

Access control, Parallel architecture, Cloud computing security, business.industry, Computer science, Distributed computing, Access control, Cloud computing, Computer security model, Grid, Computer security, computer.software_genre, Distributed System Security Architecture, Cloud services, Computing paradigm, Distributed resources, Identity federation, Integrated architecture, Quantitative result, Security and performance, Security level, Identity (object-oriented programming), Overhead (computing), business, computer

Abstract

Both cloud and GRID are computing paradigms that manage large distributed resources, and currently there is a lot of interest in their integration. An integrated architecture cloud-GRID requires fine-grained access control and identity federation among untrusted distributed domains in the cloud. This paper deals with the trade-off between security and performance in such architectures, comparing the overhead introduced by cloud services with different security levels. The quantitative results obtained in PerfCloud, an existing cloudgrid infrastructure, are presented and discussed.

Published

2011

22. SeNsIM-SEC: security in heterogeneous sensor networks

Author

Alessandra De Benedictis, Nicola Mazzocca, Valentina Casola, Antonino Mazzeo, Casola, Valentina, DE BENEDICTIS, Alessandra, Mazzeo, Antonino, and Mazzocca, Nicola

Subjects

Cloud computing security, Distributed System Security Architecture, Security service, Computer science, business.industry, Distributed computing, Network Access Control, Integration platform, Computer security model, business, Wireless sensor network, Heterogeneous network, Computer network

Abstract

Wireless sensor networks are widely used in several application domains thanks to their data acquisition and processing capabilities and their decentralized and self-organizing nature. A widely distributed monitoring system is typically characterized by the need to integrate a large amount of data; if considering complex critical environments such as hospitals, these data often have different security requirements, to be addressed by means of specific security protocols and architectures. In such a distributed system, security must be addressed at different levels, namely the physical node level, the inter-node communication level, and the application level. In this paper, we focus our attention on security problems related to the data exchange between sensor nodes and propose an hybrid cryptosystem based on Elliptic Curves, aimed to ensure confidentiality, integrity ad authentication requirements to the inter-nodes communication. The integration issue has been addressed by proposing an extension of the SeNsIM integration platform, in order to enable the management of heterogeneous networks having different security requirements. At this aim, we have developed a flexible wrapper to connect the whole system to the secured network, and carried out a performance analysis of the overhead introduced by security mechanisms, showing the feasibility of the proposed cryptosystem and the platform scalability and extensibility features.

Published

2011

23. Identity Federation in Cloud Computing

Author

Massimiliano Rak, Umberto Villano, Valentina Casola, Casola, Valentina, Rak, Massimiliano, Villano, Umberto, V., Casola, and U., Villano

Subjects

Cloud computing security, Computer science, business.industry, Distributed computing, Security domain, Context (language use), Cloud computing, computer.software_genre, Grid, Semantic grid, Utility computing, Grid computing, business, computer

Abstract

Both cloud and GRID are computing paradigms for the large-scale management of distributed resources. Even if the first is usually oriented to transaction-based applications, and the latter to High Performance Computation, there is a lot of interest in their integration. This is typically obtained through the Infrastructure-as-a-Service cloud model, which is exploited in the GRID context to offer machine with full administration rights to users. In this paper the focus is on the security problems linked to the integration of cloud and GRID computing. It is proposed the adoption of identify federation between different security domains to manage the relationship between the user machines and the standard GRID infrastructure. This solution is experimented within PerfCloud, a cloud implementation that exploits an underlying GRID platform.

Published

2010

24. Preliminary design of a platform-as-a-service to provide security in cloud

Author

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, INSTICC, Casola, V., De Benedictis, A., Rak, Massimiliano, Villano, U., Casola, Valentina, DE BENEDICTIS, Alessandra, and Villano, Umberto

Subjects

Cloud computing security, Computer science, business.industry, Security as a service, Sherwood Applied Business Security Architecture, Cloud computing, Computer security model, Computer security, computer.software_genre, Security testing, Requirement, Security service, Cloud security, Security through obscurity, SLA, business, computer, Cloud

Abstract

Cloud computing is an emerging paradigm, recently widely adopted in distributed and business computing. Even if it is very attractive, due to its business model (pay-per-use) and its flexibility (self-service on demand approach), one of the main limits for its adoption is the perception of loss of security and control over resources that are dynamically acquired in the cloud and that reside on remote providers. Moreover, security mechanisms are usually integrated into system architectures, and are not offered to users in a way that enables customization and is easy to use. As a consequence, as far as security is concerned, cloud customers are usually tied to a limited set of offerings made available by providers, often without real grants about the way in which such mechanisms are actually implemented and enforced. This paper deals with the architecture underlying the SPECS platform, which aims at offering security features by an as-a-service approach, using Service Level Agreements as a mean for clear statement between customers and providers to define mutual rights and constraints. The goal is to show the main requirements of such platform and to present the global architecture, in terms of components and their interactions, dedicated to negotiate, to monitor and to enforce the security mechanisms to be applied over existing cloud providers.

25. MUSA Deployer: Deployment of Multi-cloud Applications

Author

Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Angel Rego, Erkuden Rios, Giancarlo Capone, Valentina Casola, Valentina Casola, Alessandra De Benedictis,Massimiliano Rak, Umberto Villano, Erkuden Rios,Angel Rego, Giancarlo Capone, Cellary W.,Fugini M.,Reddy S., Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Villano, Umberto, Rios, Erkuden, Rego, Angel, Capone, Giancarlo, DE BENEDICTIS, Alessandra, Erkuden, Rio, and Angel, Rego

Subjects

020203 distributed computing, Cloud computing security, business.industry, Computer science, Per-service SLA, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Security service level agreement, Computer Networks and Communication, Security service, Hardware and Architecture, Software deployment, Order (exchange), Cloud security, 0202 electrical engineering, electronic engineering, information engineering, Virtual machining, Business, Management and Accounting (miscellaneous), 020201 artificial intelligence & image processing, DevOps, business, computer

Abstract

The development of applications based on services offered by different, not conscious, providers, is expected to be growing in the next years. In order to offer effectively multicloud applications, many challenges still need to be faced. At this aim, the MUSA framework provides a DevOps approach to develop multi-cloud applications with desired Security Service Level Agreements (SLAs). This paper describes the MUSA Deployer models, which help developers to express their security requirements, and a Deployer tool that automatically provides cloud security services to offer Security SLAs.

26. An automatic tool for benchmark testing of cloud applications

Author

Alessandra De Benedictis, Valentina Casola, Massimiliano Rak, Umberto Villano, Casola, V., De Benedictis, A., Rak, M., Villano, U., Cardoso J.,Munoz V.M.,Pahl C.,Cardoso J.,Helfert M.,Ferguson D., Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Villano, Umberto, and DE BENEDICTIS, Alessandra

Subjects

Cloud computing security, Security SLA, business.industry, Computer science, Performance, 05 social sciences, 050301 education, 020206 networking & telecommunications, Cloud computing, SDET, Computer Science Applications1707 Computer Vision and Pattern Recognition, 02 engineering and technology, computer.software_genre, Software, Cloud testing, Cloud security, 0202 electrical engineering, electronic engineering, information engineering, Operating system, Computer Science (miscellaneous), business, 0503 education, computer, Cloud

Abstract

The performance testing of cloud applications is a challenging research topic, due to the multiplicity of different possibilities to allocate application services to Cloud Service Providers (CSPs). Currently available benchmarks mainly focus on evaluating specific services or infrastructural resources offered by different CSPs, but are not always useful to evaluate complete cloud applications and to discover performance bugs. This paper proposes a methodology to define an evaluation performance process, particularly suited for cloud applications, and an automatic procedure to set up and to execute benchmark tests. The methodology is based on the evaluations of two performance indexes, and is validated by presenting a complete case study application, developed within the FP7-EU-SPECS project. The analysis of the measurement results, produced automatically, can help the developer to discover possible bottlenecks and to take actions to improve both the usability and the performance of a cloud application.

27. Methodology to Obtain the Security Controls in Multi-cloud Applications

Author

Samuel Olaiya Afolaranmi, Erkuden Rios, Luis E. Gonzalez Moctezuma, Jose L. Martinez Lastra, Valentina Casola, Massimiliano Rak, Olaiya Afolaranmi, Samuel, Gonzalez Moctezuma, Lui, Rak, Massimiliano, Casola, Valentina, Rios, Erkuden, Martinez Lastra, Jose, Helfert M.,Ferguson D.,Munoz V.M.,Cardoso J.,Cardoso J, Afolaranmi, Samuel Olaiya, Gonzalez Moctezuma, Luis E., and Martinez Lastra, Jose L.

Subjects

Computer science, 02 engineering and technology, Computer security, computer.software_genre, Security testing, Security information and event management, Multi-cloud, Security-by-design, Information security audit, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Threat modelling, 020203 distributed computing, Cloud computing security, 020207 software engineering, Cyber-security Methodologie, Computer Science Applications1707 Computer Vision and Pattern Recognition, Computer security model, Threat Modelling, Security controls, Cyber-security methodologies, Security service, Risk analysis (engineering), Software security assurance, computer, Software

Abstract

What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications’ security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications’ SLAs for their monitoring and fulfilment assurance at operation. European Commission's H2020