Your search keyword '"Casola, Valentina"' showing total 356 results

151. Design of Policy-Based Security Mechanisms in a Distributed Web Services Architecture.

Author

Dongarra, Jack, Madsen, Kaj, Wasniewski, Jerzy, Casola, Valentina, Mazzeo, Antonino, Mazzocca, Nicola, and Venticinque, Salvatore

Abstract

In the recent years, modern complex infrastructures are built on integration and cooperation of legacy and/or new systems; the emerging technology, to primary face the involved interoperability problems, is based on web service solutions. It is based on open standards and common data formats which allow a deep cooperation among Entities and applications and guarantee strong resource sharing. In such context security plays a primary role to control access to data and functionalities offered by distributed services. In this paper we illustrate a policy-based approach to manage security and personalization, in particular we have designed a hybrid infrastructure based on web services in which policy enforcer mechanisms are managed both in a centralized way by the registry server and in a distributed way, i.e. each service implements security mechanisms to authenticate and authorize users. A case study is illustrated showing a distributed architecture for health-care applications. [ABSTRACT FROM AUTHOR]

Published

2006

152. An Innovative Policy-Based Cross Certification Methodology for Public Key Infrastructures.

Author

Chadwick, David, Zhao, Gansen, Casola, Valentina, Mazzeo, Antonino, Mazzocca, Nicola, and Rak, Massimiliano

Abstract

Cross Certification among CAs is a very huge problem which is actually manually performed by security experts and organizational people, trying to understand if two CAs could cooperate. The evaluation process is based on the evaluation of the Certificate policies which are usually expressed in a not formalized (and native language) way. In this paper we propose a methodology to automatically evaluate and compare security policies for Cross Certification. The methodology consists in the formalization of a policy template and in the building of a reference evaluation model. The proposed approach can be applied on several models of Cross Certification. [ABSTRACT FROM AUTHOR]

Published

2005

153. Avances recientes en la aplicación de la ciencia de datos a la ciberseguridad industrial.

Author

Jove, Esteban, Calvo-Rolle, José-Luis, Urda, Daniel, Herrero, Álvaro, Zurutuza, Urko, and Casola, Valentina

Published

2021

154. A semantic approach for fine-grain access control of e-health documents.

Author

Amato, Flora, Casola, Valentina, Mazzocca, Nicola, and Romano, Sara

Subjects

SEMANTIC computing, ELECTRONIC health records, ACCESS control, DATA protection, COMPUTER security laws, DATA privacy, SECURITY systems, COMPUTER software

Abstract

Fine-grain access control is now possible to enforce thanks to the adoption of available standard de facto and access control models; they allow to protect data and resources as long as they are properly structured. Furthermore, in many critical domains of the e-government (as the e-health, for example) the introduction of access control mechanisms is needed to respect laws in force on security and privacy. The main problem to face in such contexts is related to the coexistence of both structured and unstructured data; this, indeed, represents a huge limitation for documents management in public and private contexts. In particular, the adoption of unstructured documents, even if stored on digital media, make fine-grain access control mechanisms useless. In this article, we have exploited the adoption of different techniques aiming at analysing texts and automatically extracting relevant information to structure and manage them. We propose a semantic-based framework for data transformation that is able to locate and identify critical sections of medical records to be protected and then enable a protection system to enforce proper security policies. [ABSTRACT FROM AUTHOR]

Published

2013

155. Cooperative 3D Air Quality Assessment with Wireless Chemical Sensing Networks.

Author

De Vito, Saverio, Fattoruso, Grazia, Liguoro, Raffaele, Oliviero, Antonio, Massera, Ettore, Sansone, Carlo, Casola, Valentina, and Di Francia, Girolamo

Abstract

Abstract: Indoor Air Quality assessment is an emerging application field for chemical sensing due to raising concerns about indoor VOC pollution levels. Local and distributed assessment of chemicals concentrations is also significant for safety (gas spills detection, pollution monitoring) and security applications as well as for HVAC automation for energy efficiency. Mobile robot based and wireless sensor network based approaches are under investigation for providing efficient solutions. Here, we report results obtained by a network of wireless intelligent electronic noses in a semi-controlled environment for the detection of pollutants in complex mixtures. The w-noses are equipped with local discrimination and quantification capabilities sustained by trained artificial neural networks overcoming interferents issues. 3D chemicals concentration reconstruction is obtained by a sensor fusion algorithm at datasink on the basis of the w-noses responses. [Copyright &y& Elsevier]

Published

2012

156. An Architectural Model for Trusted Domains in Web Services

Author

Casola, Valentina, Coppolino, Luigi, Massimiliano Rak, V., Casola, L., Coppolino, Rak, Massimiliano, Casola, Valentina, and M., Rak

Subjects

security policy, Web Service security, security evaluation

157. Securing freight trains for hazardous material transportation: A WSN-based monitoring system

Author

Casola, Valentina, Benedictis, Alessandra, Drago, Annarita, Esposito, Mariana, Francesco Flammini, and Mazzocca, Nicola

158. Hacking Goals: A Goal-Centric Attack Classification Framework

Author

Caturano, Francesco, Perrone, Gaetano, Romano, Simon Pietro, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

159. Inspecting Code Churns to Prioritize Test Cases

Author

Altiero, Francesco, Corazza, Anna, Di Martino, Sergio, Peron, Adriano, Starace, Luigi Libero Lucio, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

160. Automated Transition Coverage in Behavioural Conformance Testing

Author

Marsso, Lina, Mateescu, Radu, Serwe, Wendelin, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

161. A Comparative Study on Combinatorial and Random Testing for Highly Configurable Systems

Author

Jin, Hao, Kitamura, Takashi, Choi, Eun-Hye, Tsuchiya, Tatsuhiro, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

162. Automatic Fairness Testing of Machine Learning Models

Author

Sharma, Arnab, Wehrheim, Heike, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

163. Architecture Based on Keyword Driven Testing with Domain Specific Language for a Testing System

Author

Pereira, Ricardo B., Brito, Miguel A., Machado, Ricardo J., Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

164. Using an SMT Solver for Checking the Completeness of FSM-Based Tests

Author

Vinarskii, Evgenii, Laputenko, Andrey, Yevtushenko, Nina, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

165. An Executable Mechanised Formalisation of an Adaptive State Counting Algorithm

Author

Sachtleben, Robert, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

166. Methods for Live Testing of Cloud Services

Author

Jebbar, Oussama, Khendek, Ferhat, Toeroe, Maria, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

167. A Technique for Parallel GUI Testing of Android Applications

Author

Tramontana, Porfirio, Amatucci, Nicola, Fasolino, Anna Rita, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

168. Trigger Alarm: A Smart NFC Sniffer for High-Precision Measurements

Author

Erb, Martin, Steger, Christian, Troyer, Martin, Preishuber-Pflügl, Josef, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

169. Measurement-Based Analysis of a DoS Defense Module for an Open Source Web Server

Author

Catillo, Marta, Pecchia, Antonio, Villano, Umberto, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

170. Trust Is in the Air: A New Adaptive Method to Evaluate Mobile Wireless Networks

Author

Mocanu (Mihaita), Alexandra-Elena, Mocanu, Bogdan-Costel, Esposito, Christian, Pop, Florin, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

171. About the Robustness and Looseness of Yara Rules

Author

Canfora, Gerardo, Carapella, Mimmo, Del Vecchio, Andrea, Nardi, Laura, Pirozzi, Antonio, Visaggio, Corrado Aaron, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

172. APPregator: A Large-Scale Platform for Mobile Security Analysis

Author

Verderame, Luca, Caputo, Davide, Romdhana, Andrea, Merlo, Alessio, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

173. Vulsploit: A Module for Semi-automatic Exploitation of Vulnerabilities

Author

Castiglione, Arcangelo, Palmieri, Francesco, Petraglia, Mariangela, Pizzolante, Raffaele, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

174. Interrogating Virtual Agents: In Quest of Security Vulnerabilities

Author

Bozic, Josip, Wotawa, Franz, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

175. Enabling Next-Generation Cyber Ranges with Mobile Security Components

Author

Russo, Enrico, Verderame, Luca, Merlo, Alessio, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

176. Learning Abstracted Non-deterministic Finite State Machines

Author

Pferscher, Andrea, Aichernig, Bernhard K., Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

177. Giving a Model-Based Testing Language a Formal Semantics via Partial MAX-SAT

Author

Aichernig, Bernhard K., Burghard, Christian, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

178. Using Model Learning for the Generation of Mock Components

Author

Salva, Sébastien, Blot, Elliott, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casola, Valentina, editor, De Benedictis, Alessandra, editor, and Rak, Massimiliano, editor

Published

2020

179. A Security SLA-driven Methodology to Set-Up Security Capabilities on Top of Cloud Services

Author

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Madalina Erascu, Casola, Valentina, Benedictis, A.D., Erascu, M., Rak, M., Villano, U., Barolli L.,Xhafa F.,Ikeda M., Casola, Valentina, Benedictis, Alessandra De, Erascu, Madalina, Rak, Massimiliano, Villano, Umberto, Casola, V., De Benedictis, A., Erascu, M., Rak, M., and Villano, U.

Subjects

Cloud computing security, Computer science, 05 social sciences, 020207 software engineering, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Security testing, Security service, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, Security through obscurity, Security convergence, 0501 psychology and cognitive sciences, computer, 050107 human factors, Software

Abstract

The extensive use of cloud services by both individual users and organizations induces several security risks. The risk perception is higher when Cloud Service Providers (CSPs) do not clearly state their security policies and/or when such policies do not directly match user-defined requirements. Security-oriented Service Level Agreements (Security SLAs) represent a fundamental means to encourage the adoption of cloud services in contexts where security is mandatory. Nevertheless, despite the number of existing initiatives aimed at formalizing Security SLAs and at representing security guarantees by taking into account both customers' and providers' perspectives, they are far from being commonly adopted in practice by CSPs, due to the difficulty in automatically enforcing and monitoring the security capabilities agreed with customers. In this paper we illustrate, through a case study, a methodology to set-up a catalogue of security capabilities that can be offered as-a-service, on top of which specific guarantees can be specified through a Security SLA. Such a methodology, which explicitly takes into account the constraints behind the definition of formal guarantees related to security, is meant to serve as a guideline for providers willing to offer for their services specific security features that can be monitored and assessed by customers during operation.

Published

2016

180. A Memory Protection Strategy for Resource Constrained Devices in Safety Critical Applications

Author

Mario Barbareschi, Salvatore Barone, Valentina Casola, Pasquale Montone, Alberto Moriconi, Barbareschi, Mario, Barone, Salvatore, Casola, Valentina, Montone, Pasquale, and Moriconi, Alberto

Abstract

In modern safety-related applications, software has achieved an increasingly critical role. Their safety-critical nature, however, requires special attention: industry-specific functional-safety standards guide designers, developers, integrators, and testers during all phases of the software life-cycle and the final artifacts undergo a rigorous certification process.In the field, it is not uncommon to find very resource-constrained devices performing real-time sensing and actuating tasks. Although these devices, typically microcontroller units, offer a rich plethora of on-chip devices for communication, sensing, and interaction with the physical world, they often have quite reduced computational capabilities, and barely provide memory protection functionalities, relying solely upon rudimentary Memory Protection Units (MPUs). In this perspective, guaranteeing fault-confinement through spatial isolation – i.e., the isolation between the memory used by each of the tasks, as mandated by in force regulations – is quite challenging.In this paper, we present an MPU-based memory management and protection strategy that enables achieving spatial isolation in multi-application real-time operating systems (RTOS) tailored for safety-critical domains, while allowing a good degree of flexibility and combinability. Furthermore, we discuss the implementation of the proposed strategy as part of a RTOS from the industry domain, in order to provide a case-study pertaining to its actual implementation.

Published

2022

181. Security and Privacy Service Level Agreement composition for Internet of Things systems on top of standard controls

Author

Erkuden Rios, Mariví Higuero, Xabier Larrucea, Massimiliano Rak, Valentina Casola, Eider Iturbe, Rios, E., Higuero, M., Larrucea, X., Rak, M., Casola, V., Iturbe, E., Rios, Erkuden, Higuero, Mariví, Larrucea, Xabier, Rak, Massimiliano, Casola, Valentina, and Iturbe, Eider

Subjects

General Computer Science, Security SLA, Control and Systems Engineering, Cloud security, IoT security, Service Level Agreement, Electrical and Electronic Engineering, Cloud securityIoT securitySecurity and privacySecurity SLAService Level Agreement, Security and privacy

Abstract

The growing markets of Cloud services and IoT platforms have dramatically raised system flexibility and deployment options. However, increasing complexity and dependency on third-party providers make it difficult to assess the security and privacy levels that distributed systems can offer to their users. In the last years, machine-readable Service Level Agreements (SLAs) have been studied as an optimal method for copying with security and privacy policies. Still, the computation of the SLAs of applications distributed in diverse infrastructures remains a challenging task. This paper presents a methodology to compose security SLAs (SecSLAs) and privacy SLAs (PLAs) of Cloud-based IoT applications on top of standard controls. The composition considers individual components’ SLAs and the control delegation relationships between the components with respect to different types of controls (common, system-specific or hybrid controls). Furthermore, we propose a technique to calculate the Service Level Objectives (SLO) of the controls declared in the composite SLA based on the SLOs granted by individual components. Finally, the paper presents the validation of the methodology carried out to create the SecSLAs and PLAs of a real multiCloud-based IoT application in the eHealth domain.

Published

2022

182. Security-aware Deployment Optimization of Cloud-Edge systems in Industrial IoT

Author

Alessandra De Benedictis, Valentina Casola, Sergio Di Martino, Luigi Libero Lucio Starace, Nicola Mazzocca, Casola, Valentina, De Benedictis, Alessandra, Di Martino, Sergio, Mazzocca, Nicola, and Starace, Luigi Libero Lucio

Subjects

Computer Networks and Communications, Hosting environment, Computer science, business.industry, Distributed computing, Context (language use), Provisioning, Cloud computing, Solver, Security policy, Computer Science Applications, Cloud-Edge Architectures, Cloud-Edge service deployment optimization, Secure IIoT application development, Software Architectures, Hardware and Architecture, Signal Processing, Resource management, business, Edge computing, Information Systems

Abstract

Cloud computing, edge computing, and the Internet of Things are significantly changing from the original architectural models with pure provisioning of virtual resources (and services) to a transparent and adaptive hosting environment, where cloud providers, as well as “on-premise” resources and end nodes, fully realize the “everything-as-a-service” provisioning concept. The optimal design of these architectures, including the selection of optimal services to acquire, is not trivial in the cloud–edge context due to the involvement of a variable number and the type of available resources offerings and to the impact on cost, performance, and other relevant features such as security, almost never considered. This article presents a novel formalization of the cloud–edge allocation problem for the industrial IoT context. The proposed optimization process takes explicitly into account two critical aspects that are often overlooked in similar approaches, namely, the new cloud–edge on-demand service offerings model for the allocation of resources and the impact on the deployed application, in terms of cost, performance, and security policies actually implemented. An efficient yet suboptimal deterministic solver is also presented and compared with a linear programming one. Results are the same in 86% of the cases on the considered data set while our solver is orders of magnitude faster than the linear one.

Published

2021

183. Security-by-design in multi-cloud applications: An optimization approach

Author

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Casola, V., De Benedictis, A., Rak, M., Villano, U., Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, and Villano, Umberto

Subjects

Information Systems and Management, Process (engineering), Computer science, Security Service Level Agreement SLA, Cloud computing, 02 engineering and technology, Security policy, Theoretical Computer Science, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, business.industry, Computer Science Applications1707 Computer Vision and Pattern Recognition, 020207 software engineering, Security-driven cloud deployment optimization, Secure by design, Computer Science Applications, Identification (information), Risk analysis (engineering), Control and Systems Engineering, Software deployment, Analytic Hierarchy Process AHP, Resource allocation, 020201 artificial intelligence & image processing, business, Secure multi-cloud application, Software

Abstract

Currently an increasing number of customers require cloud services with guaranteed security levels. At this aim, the adoption of multi-cloud strategies is spreading in a large number of interesting application domains, since they may potentially improve security and reduce development costs. However, the problem of identifying the optimal distribution of the components of a cloud application on resources belonging to multiple and heterogeneous providers is very challenging, especially in the presence of different security and performance constraints. This paper presents a novel security-driven approach for the design, development and deployment of multi-cloud applications. It is based on a fully-automatable process that supports the developer from the elicitation of the application requirements up to the identification of the optimal deployment configuration, allowing to find the best compromise between overall cost and achieved level of security. The proposed optimization process takes explicitly into account two critical aspects that are often overlooked in similar approaches, namely the cloud on-demand leasing model for the allocation of resources and the impact that the deployment has on the security policies actually implemented by a complex application.

Published

2018

184. A proposal of a cloud-oriented security and performance simulator provided as-a-service

Author

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Casola, V., De Benedictis, A., Rak, M., Villano, U., Barolli L.,Ikeda M.,Takizawa M.,Javaid N., Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, and Villano, Umberto

Subjects

Structure (mathematical logic), Service (systems architecture), business.industry, Computer science, Computer Science (all), 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Limiting, Control and Systems Engineering, Application security, 0202 electrical engineering, electronic engineering, information engineering, Graph (abstract data type), 020201 artificial intelligence & image processing, Confidentiality, business, Simulation

Abstract

The widespread diffusion of cloud computing is still slowed down by security and performance concerns. As a matter of fact, issues such as security and confidentiality of data on one hand, fluctuating performance on the other are still limiting factors for the switch from on-premise to cloud-hosted environments. This paper sketches the structure of a platform offering simulation services able to deal with both problems. Given the structure of a cloud application by means of a graph-based model, the simulator can help to discover and correct potential security and performance problems by using simulation combined with novel techniques for the verification of coverage of the application security requirements.

Published

2019

185. Toward the automation of threat modeling and risk assessment in IoT systems

Author

Massimiliano Rak, Umberto Villano, Alessandra De Benedictis, Valentina Casola, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Villano, Umberto, Casola, V., De Benedictis, A., Rak, M., and Villano, U.

Subjects

IoT secure design, Security analysis, IoT automated risk assessment, Process (engineering), Computer science, 02 engineering and technology, Artificial Intelligence, Management of Technology and Innovation, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), IoT automated threat modeling, Engineering (miscellaneous), business.industry, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Automation, Security controls, Computer Science Applications, Identification (information), Risk analysis (engineering), Hardware and Architecture, Software deployment, Threat model, Risk assessment, business, Software, Information Systems

Abstract

The Internet of Things (IoT) has recently become one of the most relevant emerging technologies in the IT landscape. IoT systems are characterized by the high heterogeneity of involved architectural components (e.g., device platforms, services, networks, architectures) and involve a multiplicity of application domains. In the IoT scenario, the identification of specific security requirements and the security design are very complex and expensive tasks, since they heavily depend on the configuration deployment actually in place and require security experts. In order to overcome these issues, we propose an approach aimed at supporting the security analysis of an IoT system by means of an almost completely automated process for threat modeling and risk assessment, which also helps identify the security controls to implement in order to mitigate existing security risks. We demonstrate the effectiveness of the approach by discussing its application to a home automation system, built on top of commercial IoT products.

Published

2019

186. A security monitoring system for internet of things

Author

Valentina Casola, Wissam Mallouli, Edgardo Montes de Oca, Antonio Riccio, Diego Rivera, Alessandra De Benedictis, Casola, Valentina, De Benedictis, Alessandra, Riccio, Antonio, Rivera, Diego, Mallouli, Wissam, and de Oca, Edgardo Montes

Subjects

Security monitoring, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Network monitoring, Computer security, computer.software_genre, Computer Science Applications, Countermeasure, Artificial Intelligence, Hardware and Architecture, Management of Technology and Innovation, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), 020201 artificial intelligence & image processing, Internet of Things, business, Enforcement, Engineering (miscellaneous), computer, Software, Information Systems

Abstract

The wide adoption of the Internet of Things (IoT) paradigm in several application domains has raised new security issues, which should be carefully taken into account to achieve a real benefit from the indisputable innovation potential of IoT. In fact, the heterogeneity of involved technologies, including the integration of different resource-constrained devices and networks, has led to the introduction of new threats affecting all architectural layers and urging for the design and enforcement of adequate security countermeasures , including effective monitoring capabilities. In this paper, we present a monitoring tool for IoT systems based on the extension of the Montimage network monitoring tools . The proposed solution, validated within the H2020 ANASTACIA project, proved to be well suited to monitor IoT-level networks thanks to the exploitation of protocol-specific plugins.

Published

2019

187. Towards automated penetration testing for cloud applications

Author

Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Valentina Casola, Casola, V., De Benedictis, A., Rak, M., Villano, U., Layth Sliman, Ismael Bouassida Rodriguez, Kaori Yoshida, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, and Villano, Umberto

Subjects

020203 distributed computing, business.industry, Computer science, 020207 software engineering, Cloud computing, 02 engineering and technology, Security testing, Cloud penetration testing, Penetration test, Security service level agreement, Computer Networks and Communication, Modeling and Simulation, Applications architecture, Penetration (warfare), 0202 electrical engineering, electronic engineering, information engineering, Deep knowledge, Business, Management and Accounting (miscellaneous), Safety, Risk, Reliability and Quality, business, Software engineering, Hacker

Abstract

The development of cloud applications raises several security concerns due to the lack of control over involved resources. Security testing is fundamental to identify the existing security issues and is particularly powerful when carried out by means of penetration testing techniques. Unfortunately, penetration testing requires a deep knowledge of the possible attacks and of the available hacking tools and is very energy demanding. In this paper, we present a methodology that allows to easily carry out a coarse-grained security evaluation of a cloud application by automating the set-up and execution of penetration tests. The methodology relies on the knowledge of the application architecture and on the availability of a catalogue including security-related data collected from multiple sources and properly correlated.

Published

2018

188. A security SLA-driven moving target defense framework to secure cloud applications

Author

Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Massimiliano Albanese, Dijiang Huang, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Villano, Umberto, Casola, V., De Benedictis, A., Rak, M., and Villano, U.

Subjects

Service (business), Security SLA, business.industry, Computer science, Computer Networks and Communications, Cloud moving target defense, Cloud computing, Attack surface, Service provider, Security policy, Computer security, computer.software_genre, Security service, Order (exchange), Application security, Secure cloud application, business, computer, Software, Security reconfiguration

Abstract

The large adoption of cloud services in many business domains dramatically increases the need for effective solutions to improve the security of deployed services. The adoption of Security Service Level Agreements (Security SLAs) represents an effective solution to state formally the security guarantees that a cloud service is able to provide. Even if security policies declared by the service provider are properly implemented before the service is deployed and launched, the actual security level tends to degrade over time, due to the knowledge on the exposed attack surface that the attackers are progressively able to gain. In this paper, we present a Security SLA-driven MTD framework that allows MTD strategies to be applied to a cloud application by automatically switching among different admissible application configurations, in order to confuse the attackers and nullify their reconnaissance effort, while preserving the application Security SLA across reconfigurations.

Published

2018

189. Per-service security SLAs for cloud security management: Model and implementation

Author

Alessandra De Benedictis, Massimiliano Rak, Valentina Casola, Umberto Villano, Jolanda Modic, Casola, V., De Benedictis, A., Modic, J., Rak, M., Villano, U., Casola, Valentina, De Benedictis, Alessandra, Modic, Jolanda, Rak, Massimiliano, and Villano, Umberto

Subjects

Computer science, Context (language use), Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Security service level agreement, Management Information Systems, Management Information System, 0202 electrical engineering, electronic engineering, information engineering, Service (business), Cloud computing security, business.industry, Applied Mathematics, Per-service SLA, Provisioning, Computer Science Applications1707 Computer Vision and Pattern Recognition, 020207 software engineering, Computer Science Applications, Web container, Service level, Cloud security, 020201 artificial intelligence & image processing, Software architecture, business, computer

Abstract

In the cloud computing context, Service Level Agreements (SLAs) 'tailored' to specific Cloud Service Customers (CSCs) seem to be still an utopia, and things are even worse as regards the security terms to be guaranteed. In fact, existing cloud SLAs focus only on a few service terms, and Cloud Service Providers (CSPs) mainly provide uniform guarantees for all offered services and for all customers, regardless of any particular service characteristics or of customer-specific needs. This paper presents a framework that enables the adoption of a per-service SLA model, supporting the automatic implementation of cloud security SLAs tailored to the needs of each customer for specific service instances. In particular, the process and the software architecture for per-service SLA implementation are shown. A case study application, related to the provisioning of a secure web container service, is presented and discussed, to demonstrate the feasibility and effectiveness of the proposed solution.

Published

2018

190. Security SLA in Next Generation Data Centers, the SPECS Approach

Author

Silvio La Porta, Massimiliano Rak, Valentina Casola, Andrew Byrne, Rak, Massimiliano, Casola, V. La Porta, S, Byrne, A., Ferguson D.,Helfert M.,Cardoso J.,Mendez Munoz V., Rak, Massimiliano, Casola, Valentina, La Porta, Silvio, and Byrne, Andrew

Subjects

ngDC, Computer science, media_common.quotation_subject, Cloud computing, 02 engineering and technology, computer.software_genre, Computer security, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Mathematics (all), media_common, Cloud computing security, Security SLA, business.industry, Computer Science (all), 020206 networking & telecommunications, Provisioning, Virtualization, Negotiation, Security service, Cloud security, Information technology management, Key (cryptography), business, Cloud, computer

Abstract

Next generation Data Centers (ngDC) provide a significant evolution how storage resources can be provisioned. They are cloud-based architectures offering flexible IT infrastructure and services through the virtualization of resources: managing in an integrated way compute, network and storage resources. Despite the multitude of benefits available when leveraging a Cloud infrastructure, wide scale Cloud adoption for sensitive or critical business applications still faces resistance. One of the key limiting factors holding back larger adoption of Cloud services is trust. To cope with this, datacenter customers need more guarantees about the security levels provided, creating the need for tools to dynamically negotiate and monitor the security requirements. The SPECS project proposes a platform that offers security features with an as-a-service approach, furthermore it uses Security Service Level Agreements (Security SLA) as a means for establishing a clear statement between customers and providers to define a mutual agreement. This paper presents an industrial use case from EMC that integrates the SPECS Platform with their innovative solutions for the ngDC. In particular, the paper illustrates how it is possible to negotiate, enforce and monitor a Security SLA in a cloud infrastructure offering.

Published

2017

191. Automatically Enforcing Security SLAs in the Cloud

Author

Madalina Erascu, Valentina Casola, Alessandra De Benedictis, Massimiliano Rak, Jolanda Modic, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Modic, Jolanda, Erascu, Madalina, and DE BENEDICTIS, Alessandra

Subjects

Information Systems and Management, Cloud security security service level agreement optimal resource allocation, Computer Networks and Communications, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Logical security, Security information and event management, Security engineering, 0202 electrical engineering, electronic engineering, information engineering, 020203 distributed computing, Cloud computing security, optimal resource allocation, security service level agreement, Computer Science Applications1707 Computer Vision and Pattern Recognition, Computer security model, Computer Science Applications, Computer Networks and Communication, Security service, Software security assurance, Hardware and Architecture, Cloud security, Network security policy, 020201 artificial intelligence & image processing, computer

Abstract

Dealing with the provisioning of cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that they are understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLOs)), (ii) automating the provisioning of security mechanisms able to grant desired security features (by means of a security-driven resource allocation process), and (iii) continuously monitoring the services in order to verify the fulfillment of specified Security SLOs (by means of cloud security monitoring solutions). We propose to face the Security SLA life cycle management with a framework able to enrich cloud applications with security features. In this paper we (i) present a novel Security SLA model and (ii) illustrate a security-driven planning process that can be adopted to determine the (optimum) deployment of security-related software components. Such process takes into account both specific implementation constraints of the security components to be deployed and customers security requirements, and enables the automatic provisioning and configuration of all needed resources. In order to demonstrate the applicability of the approach, we present and discuss a practical application of the model on a real case study.

Published

2017

192. A security metric catalogue for cloud applications

Author

Massimiliano Rak, Valentina Casola, Umberto Villano, Alessandra De Benedictis, Casola, Valentina, DE BENEDICTIS, Alessandra, Rak, Massimiliano, Villano, Umberto, Casola, V., De Benedictis, A., Rak, M., Villano, U., and De Benedictis, Alessandra

Subjects

Security monitoring, business.industry, Computer science, Control (management), Computer Science (all), 020206 networking & telecommunications, 020207 software engineering, Cloud computing, 02 engineering and technology, Data science, Control and Systems Engineering, Service level, Security metric, 0202 electrical engineering, electronic engineering, information engineering, business

Abstract

Cloud monitoring and, above all, security monitoring, is of fundamental importance for both providers and consumers. The availability of effective security metrics and related monitoring tools would not only improve the trust of consumers in acquired services and the control of providers over their infrastructures, but it would also enable the adoption of security-oriented Service Level Agreements stating formal guarantees about measurable security parameters. In this paper, we discuss a Security SLA model including the concepts needed to formalize security metrics and security-oriented Service Level Objectives in compliance with existing standards, and present a novel Security Metric Catalogue collecting several metrics that can be used to monitor the level of security provided by a cloud or multi-cloud application.

Published

2017

193. Towards Model-Based Security Assessment of Cloud Applications

Author

Alessandra De Benedictis, Valentina Casola, Roberto Nardone, Casola, Valentina, DE BENEDICTIS, Alessandra, and Nardone, Roberto

Subjects

Cloud computing security, business.industry, Process (engineering), Computer science, Computer Science (all), Model-based security assessment, 020207 software engineering, Cloud computing, 02 engineering and technology, Requirements elicitation, Theoretical Computer Science, Test case, Cloud security, Secure cloud applications, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Secure cloud application, Software engineering, business, Abstraction (linguistics)

Abstract

Security issues are still posing limitations to the full exploitation of the potential of the cloud computing paradigm, and cloud developers are more and more required to take security into account from the very beginning of the development process. Unfortunately, the application of classical security best practices may be not enough due to the involvement of cloud services provided by third-parties and out of the control of the developer. In this paper, to overcome this issue, we introduce and discuss a model-based process for the security assessment of cloud applications. In particular, we suggest a complete process that can be executed within the lifecycle of a cloud application, from the requirement elicitation up to the validation (both static and dynamic through the generation and execution of suitable test cases) of the final deployment against security requirements. In this work, we sketch the process main phases and illustrate the high-level modelling languages that have been defined to describe an application at different levels of abstraction and to formalize both security requirements of applications and security features offered by existing cloud services. A running example involving the assessment of a simple yet realistic cloud application is used throughout the paper to better illustrate the proposal and to demonstrate its feasibility and effectiveness.

Published

2017

194. Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

Author

Massimiliano Rak, Erkuden Rios, Valentina Casola, Alessandra De Benedictis, Keith Jeffery, Lutz Schubert, Vassiliki Andronikou, Efstathios Karanastasis and Geir Horn, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Rios, Erkuden, DE BENEDICTIS, Alessandra, and Rios Velasco, Erkuden

Subjects

Computer science, Vulnerability, Cloud computing, Secure Cloud Application, 02 engineering and technology, Secure Cloud Applications, Asset (computer security), Computer security, computer.software_genre, Security testing, Security information and event management, Secure Multi-cloud Applications, Risk analysis (business), 0202 electrical engineering, electronic engineering, information engineering, General Environmental Science, Cloud computing security, Security SLA, business.industry, Security by design, 020207 software engineering, Information security, Computer security model, Web application security, Security controls, Secure by design, Countermeasure, Security service, Software security assurance, Secure Multi-cloud Application, Security through obscurity, General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, business, Threat analysis, computer

Abstract

This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats. The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

Published

2016

195. Per-service security sla: A new model for security management in clouds

Author

Massimiliano Rak, Umberto Villano, Alessandra De Benedictis, Valentina Casola, Jolanda Modic, Sumitra M. Reddy, West Virginia University, USA Walid Gaaloul, Institut Mines, Télécom SudParis, Paris, France, Casola, Valentina, De Benedictis, Alessandra, Modic, Jolanda, Rak, Massimiliano, Villano, Umberto, and DE BENEDICTIS, Alessandra

Subjects

Service (business), Cloud computing security, Computer science, business.industry, Service level objective, Per-service SLA, 020207 software engineering, Service level requirement, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Security service level agreement, Computer Networks and Communication, Security service, Hardware and Architecture, Cloud testing, Cloud security, Modeling and Simulation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Data as a service, business, computer

Abstract

In the cloud computing context, Service Level Agreements (SLAs) are contracts between Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs), stating the guaranteed quality level of the services offered by CSPs. Existing cloud SLAs focus only on few service terms, completely ignoring all security related aspects. They are often reported in a way that is hardly understandable for customers. Moreover, they offer guarantees uniform for all offered services and all customers, regardless of particular service characteristics or customers specific needs. This paper presents a framework that enables the adoption of a per-service SLA model, by supporting the automatic implementation of cloud Security SLAs tailored to the needs of each customer for specific service instances. In particular, the process and the software architecture for per-service SLA implementation are shown. A case study application demonstrates the feasibility and effectiveness of the proposed solution.

Published

2016

196. SLA-based secure cloud application development

Author

Alessandra De Benedictis, Massimiliano Rak, Umberto Villano, Valentina Casola, Casola, Valentina, De Benedictis, Alessandra, Rak, Massimiliano, Villano, Umberto, and DE BENEDICTIS, Alessandra

Subjects

Service (business), Cloud computing security, General Computer Science, business.industry, Computer science, Computer Science (all), Services computing, 020206 networking & telecommunications, Provisioning, Cloud computing, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, Security service level agreement, Application lifecycle management, Security service, Automatic enforcement of security, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Secure cloud application, business, computer

Abstract

The perception of lack of control over resources deployed in the cloud may represent one of the critical factors for an organization to decide to cloudify or not its own services. The flat security features offered by commercial cloud providers to every customer, from simple practitioners to managers of huge amounts of sensitive data and services, is an additional problem. In recent years, the concept of Security Service Level Agreements (Security SLAs) is assuming a key role for the secure provisioning of cloud resources and services. This paper illustrates how to develop cloud applications that deliver services covered by Security SLAs by means of the services and tools provided by the SPECS framework, developed in the context of the SPECS (Secure Provisioning of Cloud Services based on SLA Management) European Project. The whole (SPECS) application's life cycle is dealt with, in order to give a comprehensive view of the different parties involved and of the processes needed to offer security guarantees on top of cloud services. The discussed development process is exemplified by means of a real-world case study consisting in a cloud application offering a secure web container service.

Published

2016

197. Providing security SLA in next generation Data Centers with SPECS: The EMC case study

Author

Valentina Casola, Massimiliano Rak, Andrew Byrne, Silvio La Porta, Casola, Valentina, Rak, Massimiliano, La Porta, Silvio, Byrne, Andrew, and Munoz V.M.,Helfert M.,Cardoso J.,Ferguson D.,Cardoso J.

Subjects

Cloud computing security, Security SLA, Computer science, business.industry, media_common.quotation_subject, Control (management), Cloud computing, Computer Science Applications1707 Computer Vision and Pattern Recognition, Computer security model, Computer security, computer.software_genre, Security information and event management, Negotiation, Security service, Software security assurance, Cloud security, NgDC, Computer Science (miscellaneous), business, computer, Cloud, Software, media_common

Abstract

Next generation Data Centers (ngDC) are the cloud-based architectures devoted to offering infrastructure services in flexible ways: managing in an integrated way compute, network and storage services. This solution is very attractive from an organisation’s perspective but one of the main challenges to adoption is the perception of loss of security and control over resources that are dynamically acquired in the cloud and that reside on remote providers. For a full adoption, datacenter customers need more guarantees about the security levels provided, creating the need for tools to dynamically negotiate and monitor the security requirements. The SPECS project proposes a platform that offers security features with an as-a-service approach, furthermore it uses Security Service Level Agreements (Security SLA) as a means for establishing a clear statement between customers and providers to define a mutual agreement. This paper presents an industrial experience from EMC that integrates the SPECS Platform and their innovative solutions for ngDC. In particular, the paper will illustrate how it is possible to negotiate, enforce and monitor a Security SLA in a cloud infrastructure offering.

Published

2016

198. Healthcare-Related Data in the Cloud: Challenges and Opportunities

Author

Kim-Kwang Raymond Choo, Aniello Castiglione, Christian Esposito, Valentina Casola, Casola, Valentina, Castiglione, Aniello, Choo, Kk, and Esposito, Cristian

Subjects

Underpinning, Cloud computing security, Computer Networks and Communications, business.industry, Computer science, Medical record, Internet privacy, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Column (database), Computer Science Applications, Health care, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Key (cryptography), 020201 artificial intelligence & image processing, Confidentiality, business, computer, Software

Abstract

A key issue in electronic health systems is the underlying security and privacy risk. For example, confidential patient information or medical records ending up in the hands of a person not privy to the information could have far-reaching consequences. With the trend toward cloud computing use in the healthcare industry continuing to grow (for example, using cloud platforms to digitally manage health-related data including electronic health records), security and privacy concerns must be adequately addressed, and regulations on data protections made to be in compliance. This column examines several key issues and requirements underpinning the use of cloud computing for managing healthcare-related data as well as potential solutions.

Published

2016

199. SLA-Driven Monitoring of Multi-cloud Application Components Using the MUSA Framework

Author

Antonio M. Ortiz, Erkuden Rios, Wissam Mallouli, Massimiliano Rak, Valentina Casola, Rios, Erkuden, Mallouli, W., Rak, M., Casola, V., Ortiz, A.M., Rios, Erkuden, Mallouli, Wissam, Rak, Massimiliano, Casola, Valentina, Ortiz, Antonio M., and Ortiz, Antonio

Subjects

021110 strategic, defence & security studies, business.industry, Process (engineering), Computer science, SLA checking, Computer Networks and Communications, Real-time computing, 0211 other engineering and technologies, 020207 software engineering, Cloud computing, Deep packet inspection, 02 engineering and technology, Electronic mail, multi-cloud application, Service-level agreement, monitoring, Security service, Hardware and Architecture, Application security, Component (UML), 0202 electrical engineering, electronic engineering, information engineering, Security SLA generation, business

Abstract

The applications that rely on the combined use of multiple independent clouds pose a challenge to the control of their security. The difficulty of this task resides on the lack of insight on the cloud providers security measures, plus the need to simultaneously monitor the behaviour of multipleindividual components deployed in different clouds. This paper presents the SLA-driven monitoring of multi-cloud application security compliance. In this approach, the application security levels, controls and metrics are specified at design time in the Service Level Agreement (SLA) creation process and continuously monitored at runtime once the application components are deployed over the multi-cloud. The security monitoring is based on the Montimage Monitoring Tool (MMT), that combines Deep Packet Inspection (DPI) and data mining techniques to collect and analyse measurements at both network and application component levels for a holistic assurance.

Published

2016

200. SLA-Based Secure Cloud Application Development: The SPECS Framework

Author

Alessandra De Benedictis, Valentina Casola, Massimiliano Rak, Umberto Villano, Valentina Casola, Alessandra De Benedictis , Massimiliano Rak, Umberto Villano, Casola, Valentina, Benedictis, Alessandra De, Rak, Massimiliano, Villano, Umberto, and DE BENEDICTIS, Alessandra

Subjects

Web server, Numerical Analysis, Cloud computing security, Control and Optimization, business.industry, Computer science, Supply chain, Cloud computing, Provisioning, Context (language use), Computer Science Applications1707 Computer Vision and Pattern Recognition, SPECS, Computer security, computer.software_genre, Secure Web Server, Computer Networks and Communication, Security service, Secure Cloud Application Development, Computational Mathematic, Key (cryptography), Security Service Level Agreement, business, computer

Abstract

The perception of lack of control over resources deployed in the cloud may represent one of the critical factors for an organization to decide to cloudify or not their own services. Furthermore, in spite of the idea of offering security-as-a-service, the development of secure cloud applications requires security skills that can slow down the adoption of the cloud for nonexpert users. In the recent years, the concept of Security Service Level Agreements (Security SLA) is assuming a key role in the provisioning of cloud resources. This paper presents the SPECS framework, which enables the development of secure cloud applications covered by a Security SLA. The SPECS framework offers APIs to manage the whole Security SLA life cycle and provides all the functionalities needed to automatize the enforcement of proper security mechanisms and to monitor userdefined security features. The development process of SPECS applications offering security-enhanced services is illustrated, presenting as a real-world case study the provisioning of a secure web server.

Published

2016