Towards Security as a Service (SecaaS): On the modeling of Security Services for Cloud Computing

TitleTowards Security as a Service (SecaaS): On the modeling of Security Services for Cloud Computing
Publication TypeConference Paper
Year of Publication2014
AuthorsFurfaro, A, Garro, A, Tundis, A
Conference NameSecurity Technology (ICCST), 2014 International Carnahan Conference on
Date PublishedOct
PublisherIEEE Computer Society
Conference LocationRome, Italy
ISBN Number978-1-4799-3530-7
Accession Number14820448
KeywordsAuthentication, cloud computing, cloud computing environment, cloud computing paradigm, Computational modeling, Context, Cyber-Security, Internet, Model-Based Systems Engineering, Modeling and Simulation, nonfunctional requirement, reusable software services, SecaaS, security as a service, Security Engineering, security of data, security of software services, standard cloud delivery models, standard cloud services

The security of software services accessible via the Internet has always been a crosscutting non-functional requirement of uttermost importance. The recent advent of the Cloud Computing paradigm and its wide diffusion has given birth to new challenges towards the securing of existing Cloud services, by properly accounting the issues related to their delivery models and their usage patterns, and has opened the way to the new concept of Security as a Service(SecaaS), i.e. the ability of developing reusable software services which can be composed with standard Cloud services in order to offer them the suitable security features. In this context, there is a strong need for methods and tools for the modeling of security concerns, as well as for evaluation techniques, for supporting both the comparison of different design choices and the analysis of their impact on the behavior of new services before their actual realization. This paper proposes a meta-model for supporting the modeling of Security Services in a Cloud Computing environment as well as an approach for guiding the identification and the integration of security services within the standard Cloud delivery models. The proposal is exemplified through a case study.