Reprint of “Towards a security-enhanced PaaS platform for multi-cloud applications” (original) (raw)
Related papers
Building safe PaaS clouds: A survey on security in multitenant software platforms
Computers & Security, 2012
This paper surveys the risks brought by multitenancy in software platforms, along with the most prominent solutions proposed to address them. A multitenant platform hosts and executes software from several users (tenants). The platform must ensure that no malicious or faulty code from any tenant can interfere with the normal execution of other users' code or with the platform itself. This security requirement is specially relevant in Platform-as-a-Service (PaaS) clouds. PaaS clouds oer an execution environment based on some software platform. Unless PaaS systems are deemed as safe environments users will be reluctant to trust them to run any relevant application. This requires to take into account how multitenancy is handled by the software platform used as the basis of the PaaS oer. This survey focuses on two technologies that are or will be the platform-of-choice in many PaaS clouds: Java and .NET. We describe the security mechanisms they provide, study their limitations as multitenant platforms and analyze the research works that try to solve those limitations. We include in this analysis some standard container technologies (such as Enterprise Java Beans) that can be used to standardize the hosting environment of PaaS clouds. Also we include a brief discussion of Operating Systems (OSs) traditional security capacities and why OSs are unlikely to be chosen as the basis of PaaS oers. Finally, we describe some research initiatives that reinforce security by monitoring the execution of untrusted code, whose results can be of interest in multitenant systems.
Application Level Security in Cloud Computing
2013
ABSTRACT: Cloud Computing represents a new computing model that poses many demanding security issues at all levels, e.g., network, host, application, and data levels. The variety of the delivery models presents different security challenges depending on the model and consumers ' Quality of Service(QoS) requirements. Confidentiality, Integrity, Availability, Authenticity, and Privacy are essential concerns for both Cloud providers and consumers as well. Infrastructure as a Service (IaaS) serves as the foundation layer for the other delivery models, and a lack of security in this layer affects the other delivery models, i.e., PaaS, and SaaS that are built upon IaaS layer. Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity, and availability of IT resources and data. Due to system complexity and sophistication of attacks, it is increasingly difficult to manage IT security risk. So th...
Advances in Intelligent Systems and Computing, 2020
Security is one of the most crucial elements of cloud solutions and at the same time one of the most important obstacles towards cloud adoption. This paper recommends a set of security-related guidelines for adoption by any advanced information system that aspires to offer DevOps capabilities for deploying and reconfiguring cross-cloud applications. These guidelines address several security challenges organised against three categories: user and component authentication, advanced access control and secure communication enablers. This paper also presents how specific security enhancements were designed, implemented and integrated for serving a PaaS platform that supports the lifecycle management of cross-cloud applications.
Developing Secure Cloud Applications
Scalable Computing: Practice and Experience, 2014
Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate the security mechanisms enforced by service provider. Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Customers are interested in tools to verify and monitor the implemented security requirements. On the other hand, developers need tools to deploy Cloud applications offering measurable security grants to end users. In this paper, we propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security. It enables a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform.
Methodology to Obtain the Security Controls in Multi-cloud Applications
Proceedings of the 6th International Conference on Cloud Computing and Services Science, 2016
What controls should be used to ensure adequate security level during operation is a non-trivial subject in complex software systems and applications. The problem becomes even more challenging when the application uses multiple cloud services which security measures are beyond the control of the application provider. In this paper, a methodology that enables the identification of the best security controls for multicloud applications which components are deployed in heterogeneous cloud providers is presented. The methodology is based on application decomposition and modelling of threats over the components, followed by the analysis of the risks together with the capture of cloud business and security requirements. The methodology has been applied in the MUSA EU H2020 project use cases as the first step for building up the multi-cloud applications' security-aware Service Level Agreements (SLA). The identified security controls will be included in the applications' SLAs for their monitoring and fulfilment assurance at operation.
Management And Security Of Multi-Cloud Applications
2019
Single cloud computing platforms, like Amazon’s EC2, Google Cloud and Microsoft Azure, are common and popular today. Obtaining resources from a multiple cloud system gives clients competitive pricing, flexibility of resource provisioning, better points of presence and reduced risk of a total blackout. When these clients happen to be carriers, like Internet service providers, seeking to deploy their network services over multiple clouds, there still are many research challenges that inhibit large-scale deployments. This talk revolves around some of the key issues that were designated as "challenges" at the beginning of the network virtualization journey, and still need considerable research to see any kind of resolution in the near future. Specifically, I will present my work on the techniques that improve availability of virtual network services and secure inter-domain flow of data in the context of Internet of Things and multi-cloud based health networks.
Securing Cloud-Native Applications in a Multi-Cloud Environment
URF publishers, 2023
This paper explores strategies for securing cloud-native applications in multi-cloud environments. We examine the unique security challenges posed by multi-cloud architectures and provide best practices for ensuring robust security across diverse cloud platforms.
MULTICLOUD FRAMEWORK AND SECURITY ISSUES PAPER
Cloud Computing, a rapidly developing information technology has the concern of the whole world. Cloud Computing is Internet-based computing, whereby shared resources, software and information are provided to computers and devices on-demand, like the electricity grid. Cloud Computing is the product of the fusion of traditional computing technology and network technology like grid computing, distributed computing parallel computing and so on. It aims to construct a perfect system with powerful computing capability through a large number of relatively low-cost computing entity, and using the advanced business models like SaaS (Software as a Service), PaaS (Platform as a Service), IaaS (Infrastructure as a Service) to distribute the powerful computing capability to end the users' hands. Users, developers, and administrators have to make a decision about which environment is best suited for them. Unfortunately, the comparison of such frameworks is difficult because either users do not have access to all of them or they are comparing the performance of such systems on different resources, which make it difficult to obtain objective comparisons. Virtualization of resources such as processors, network, memory, and storage ensures scalability and high availability of computing capabilities. Clouds can dynamically provision these virtual resources to hosted applications or to clients that use them to develop their own applications or to store data. Rapid provisioning and dynamic reconfiguration of resources help cope with variable demand and ensure optimum resource utilization. A proposed proxy-based multicloud computing framework allows dynamic, on the fly collaborations and resource sharing among cloud-based services, addressing trust, policy, and privacy issues without preestablished collaboration agreements or standardized interfaces.
ANALYSIS OF MULTI-CLOUD ENVIRONMENT WITH SECURED FRAMEWORK
Cloud computing associate rising technology with high cost data storages devices as well as the rapid rate for different cloud services such as Infrastructure as a service, software as a service, Platform as a Services. The cloud storage moves the user's facts to large data centers which is remotely located. This paper proposes the Multi-cloud computing Architecture allow dynamic, efficient resource sharing among the cloud Service. Mechanisms for collaboration across multiple cloud service must undergo a rigorous, in-depth security analysis to find new threats and concerns resulting from collaboration. They must have the support of creative, systematic, and usable mechanisms that give effective security for data and applications. Without these provider-centric changes, current proposals don't give facilities for client-centric, on-the-fly, and expedient combos of heterogeneous cloud-based services.
Proceedings of the 5th International Conference on Cloud Computing and Services Science, 2015
The most challenging applications in heterogeneous cloud ecosystems are those that are able to maximise the benefits of the combination of the cloud resources in use: multi-cloud applications. They have to deal with the security of the individual components as well as with the overall application security including the communications and the data flow between the components. In this paper we present a novel approach currently in progress, the MUSA framework. The MUSA framework aims to support the security-intelligent lifecycle management of distributed applications over heterogeneous cloud resources. The framework includes security-by-design mechanisms to allow application self-protection at runtime, as well as methods and tools for the integrated security assurance in both the engineering and operation of multi-cloud applications. The MUSA framework leverages security-by-design, agile and DevOps approaches to enable the security-aware development and operation of multi-cloud applications.