论文信息 - Towards Security as a Service (SecaaS): On the modeling of Security Services for Cloud Computing

Towards Security as a Service (SecaaS): On the modeling of Security Services for Cloud Computing

The security of software services accessible via the Internet has always been a crosscutting non-functional requirement of uttermost importance. The recent advent of the Cloud Computing paradigm and its wide diffusion has given birth to new challenges towards the securing of existing Cloud services, by properly accounting the issues related to their delivery models and their usage patterns, and has opened the way to the new concept of Security as a Service(SecaaS), i.e. the ability of developing reusable software services which can be composed with standard Cloud services in order to offer them the suitable security features. In this context, there is a strong need for methods and tools for the modeling of security concerns, as well as for evaluation techniques, for supporting both the comparison of different design choices and the analysis of their impact on the behavior of new services before their actual realization. This paper proposes a meta-model for supporting the modeling of Security Services in a Cloud Computing environment as well as an approach for guiding the identification and the integration of security services within the standard Cloud delivery models. The proposal is exemplified through a case study.

[1] Ruth Breu,et al. SeAAS - A Reference Architecture for Security Services in SOA , 2009, J. Univers. Comput. Sci..

[2] Christian Senk. Adoption of security as a service , 2013, Journal of Internet Services and Applications.

[3] P. Mell,et al. The NIST Definition of Cloud Computing , 2011 .

[4] Neeraj Suri,et al. Security as a Service Using an SLA-Based Approach via SPECS , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[5] Randy H. Katz,et al. A view of cloud computing , 2010, CACM.

[6] Ronald S. Ross,et al. Guide for security-focused configuration management of information systems , 2011 .

[7] Dimitrios Zissis,et al. Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[8] Carl Eklund,et al. National Institute for Standards and Technology , 2009, Encyclopedia of Biometrics.

[9] Timothy Grance,et al. Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology , 2012 .

[10] Ross J. Anderson. Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .