01 November 2013
30 April 2016
The Cloud offers attractive options to migrate corporate applications without the corporate security manager needing to manage or secure any physical resources. While this "ease" is appealing, several security issue arise:* Can the validity of corporate legal compliance regulations still be ensured over remote data storage?* With security sensitive data residing remotely with the Cloud Service Provider (CSP), can access of unauthorized CSP personnel to your data be restricted?* How does one assess a CSP's ability to meet the corporate security requirements and the security trades-offs offered by different CSPs?* Can one monitor and enforce the agreed Cloud security levels with the CSP?No comprehensive and easily usable solutions exist for these issues.SPECS solves this problem, offering:* Mechanisms to specify Cloud security requirements and assess the standalone and comparative security features offered by CSPs.* Ability to integrate desired corporate security services (eg. credential and access management) into Cloud services.* Systematic approaches to negotiate, monitor and enforce the security parameters specified in Service Level Agreements (SLA).* Approaches to develop and deploy security services that are "Cloud SLA-aware", implemented as an open-source Platform-as-a-Service (PaaS).
Providing such comprehensible and enforceable security assurance by CSP's is a critical factor to deploy trustworthy Cloud ecosystems. Targeting ICT-2013.1.5 "Trustworthy ICT", SPECS will develop and implement an open source framework to offer Security-as-a-Service, by relying on the notion of security parameters specified in Service Level Agreements (SLA) and providing the techniques to systematically manage their life-cycle.
The SPECS framework addresses both CSP's and users to provide techniques and tools for:a) Enabling user-centric negotiation of security parameters in Cloud SLA, along with a trade-off evaluation process among users and CSPs, in order to compose Cloud services fulfilling a minimum required security level.b) Monitoring in real-time the fulfillment of SLAs agreed with CSPs, notifying both users and CSPs, when a SLAs not being fulfilled.c) Enforcing agreed SLA in order to keep a sustained Quality of Security (QoSec) that fulfills the specified security parameters. SPECS' enforcement framework will also "react and adapt" in real-time to fluctuations in the QoSec by advising/applying the requisite countermeasures.The proposed framework will be based on an open-source core, and offer simple interfaces to motivate its adoption. It will offer a set of reusable PaaS components for service developers to enable them to integrate SPECS' SLA-oriented security mechanisms into existing Cloud services.Using real case studies SPECS will demonstrate that the contributed framework and architecture can be integrated "as-a-Service" into real life Cloud environments, with a particular emphasis on small/medium/federated CSP and end users.