Reprint of "Towards a security-enhanced PaaS platform for multi-cloud applications"

Abstract Multi-cloud adaptive application provisioning can solve the vendor lock-in problem and allows optimising user requirements by selecting the best from the multitude of services offered by different cloud providers. To this end, such provisioning type is increasingly supported by new or existing research prototypes and platforms. One major concern, actually preventing users from moving to the cloud, comes with respect to security, which becomes more complex in multi-cloud settings. Such a concern spans two main aspects: (a) suitable access control on user personal data, VMs and platform services and (b) planning and adapting application deployments based on security requirements. As such, this paper addresses both security aspects by proposing a novel model-driven approach and architecture which secures multi-cloud platforms, enables users to have their own private space and guarantees that application deployments are not only constructed based on but can also maintain a certain user-required security level. Such a solution exploits state-of-the-art security standards, security software and secure model management technology. Moreover, it covers different access control scenarios involving external, web-based and programmatic user authentication.

[1]  Muhammad Ali Babar,et al.  Towards a pattern language for self-adaptation of cloud-based architectures , 2014, WICSA '14 Companion.

[2]  Alessandro Rossini SINTEF Cloud Application Modelling and Execution Language ( CAMEL ) and the PaaSage Workflow , 2015 .

[3]  Rao Mikkilineni,et al.  Policy-Based Event-Driven Services-Oriented Architecture for Cloud Services Operation & Management , 2009, 2009 IEEE International Conference on Cloud Computing.

[4]  Jianxin Li,et al.  CyberGuarder: A virtualization security assurance architecture for green cloud computing , 2012, Future Gener. Comput. Syst..

[5]  Roy Oberhauser,et al.  Towards Dynamic Business Process Management: Adapting Processes via Cloud-based Adaptation Processes , 2015, BMSD.

[6]  Jörg Domaschka,et al.  D2.1.2 - CloudML Implementation Documentation - First version , 2014 .

[7]  Calton Pu,et al.  vPerfGuard: an automated model-driven framework for application performance diagnosis in consolidated cloud environments , 2013, ICPE '13.

[8]  Laurence Duchien,et al.  Cardinality-based feature models with constraints: a pragmatic approach , 2013, SPLC '13.

[9]  Stefan Fenz,et al.  Formalizing information security knowledge , 2009, ASIACCS '09.

[10]  Nils Gruschka,et al.  Security and Privacy-Enhancing Multicloud Architectures , 2013, IEEE Transactions on Dependable and Secure Computing.

[11]  Feng Tian,et al.  Critical analysis of vendor lock-in and its impact on cloud computing migration: a business perspective , 2016, Journal of Cloud Computing.

[12]  Philippe Massonet,et al.  An Integrated Meta-model for Cloud Application Security Modelling , 2016, Cloud Forward.

[13]  Keith G. Jeffery,et al.  Research information management: the CERIF approach , 2014, Int. J. Metadata Semant. Ontologies.

[14]  Hassan Takabi,et al.  Semantic-based policy management for cloud computing environments , 2012, Int. J. Cloud Comput..

[15]  Jose M. Alcaraz Calero,et al.  Toward a Multi-Tenancy Authorization System for Cloud Services , 2010, IEEE Security & Privacy.

[16]  William J. Caelli,et al.  Mutual Protection in a Cloud Computing Environment , 2010, 2010 IEEE 12th International Conference on High Performance Computing and Communications (HPCC).

[17]  Srinath Perera,et al.  Multi-tenant SOA Middleware for Cloud Computing , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[18]  Kai Zhao,et al.  Towards an Approach of Semantic Access Control for Cloud Computing , 2009, CloudCom.

[19]  Brice Morin,et al.  Towards Model-Driven Provisioning, Deployment, Monitoring, and Adaptation of Multi-cloud Systems , 2013, 2013 IEEE Sixth International Conference on Cloud Computing.

[20]  Jörg Domaschka,et al.  SRL: A Scalability Rule Language for Multi-cloud Environments , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[21]  John Grundy,et al.  Adaptable, model-driven security engineering for SaaS cloud-based applications , 2013, Automated Software Engineering.

[22]  Ning Wang,et al.  A Transparent Approach of Enabling SaaS Multi-tenancy in the Cloud , 2010, 2010 6th World Congress on Services.

[23]  Adel Alkhalil,et al.  Cloud Computing from SMEs Perspective: A Survey-based Investigation , 2013 .

[24]  Dimitris Plexousakis,et al.  Multi-cloud Application Design through Cloud Service Composition , 2015, 2015 IEEE 8th International Conference on Cloud Computing.

[25]  Kathryn Bean,et al.  A Coordinated Reactive and Predictive Approach to Cloud Elasticity , 2013, CLOUD 2013.

[26]  Daniel Moldovan,et al.  SYBL: An Extensible Language for Controlling Elasticity in Cloud Applications , 2013, 2013 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing.

[27]  Kevin M. Stine,et al.  Performance Measurement Guide for Information Security , 2008 .

[28]  Carlos Becker Westphall,et al.  Multi-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth , 2012, ICON 2012.