Developing Secure Cloud Applications: A Case Study

Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud Provider prospective in order to securely integrate frameworks and Infrastructures as a Services (IaaS) in a Cloud datacenter. There is no way to monitor and evaluate the provided security. In fact, Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Users are interested in tools to verify and monitor the implemented security requirements. On the other side, developers need tools to deploy Cloud application offering measurable security grants to end users. In this paper we will propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security and enable a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform.