MUSA

Introduction

The main objective of MUSA is to support the security-intelligent lifecycle management of distributed applications over heterogeneous cloud resources, through a security framework that includes: security-by-design mechanisms to allow application self-protection at runtime, and methods and tools for the integrated security assurance in both the engineering and operation of multi-cloud applications.

The MUSA framework leverages security-by-design, agile and DevOps approaches in multi-cloud applications, and enables the security-aware development and operation of multi-cloud applications. The framework will be composed of:

• an IDE for creating the multi-cloud application taking into account its security requirements together with functional and business requirements,
• a set of security mechanisms embedded in the multi-cloud application components for self-protection,
• an automated deployment environment that, based on an intelligent decision support system, will allow for the dynamic distribution of the components according to security needs, and
• a security assurance platform in form of a SaaS that will support multi-cloud application runtime security control and transparency to increase user trust.

Who is the project designed for?

The main targeted users are DevOps teams covering four main roles:

• Application developers (including architects) that need tools to easily design multi-cloud applications, not only according to functional features, but also taking security features such as data confidentiality, data integrity, data access and data location into account. They also require security mechanisms implemented in the applications, to enforce security at runtime.
• System operators that need to exploit cloud service combinations as much as possible and require tools to automatically select the best combinations, based on the functional and security needs of the application and to automatically deploy the appropriate components.
• Service administrators that need to monitor the correct operation of the application (fulfilment of SLA), including the security features, in order to react to security incidents as soon as possible and to keep the users properly informed.
• Business managers that have overall responsibility for the business aspects of offering cloud services to cloud service customers.

The four roles need tools that together can better integrate a seamless assurance of security in the applications.

How will your project benefit the end-user?

The data security incidents in multi-cloud applications will be reduced through the assurance of a secure behaviour of individual cloud-based components and the overall application, even if the data is processed and/or stored by untrustworthy or opaque cloud providers.

The cloud consumers’ trust in clouds will be enhanced by the provision of tools for expressing their security needs and keeping them informed on the security and performance faults of the multiple cloud services in use.

Application developers will be able to model the multi-cloud application, based on the functional and security features on offer in the SLA, as well as to embed application component mechanisms to enforce security at runtime.

System operators will be able to automatically discover and select the best cloud service combinations by balancing performance and security.

Service administrators can assure the secure behaviour of multi-cloud applications and minimize the security risks while keeping the users informed.

Business managers will be able to make better-informed decisions when selecting cloud services.