Elio Goettelmann

Partitioning and Cloud Deployment of Composite Web Services under Security Constraints

In this paper, we propose an approach for deploying business processes on the cloud supporting security constraints, thereby ensuring sensitive data exchange. This approach uses partitionning techniques for fulfilling security requirements and optimizing communication costs. The partitions are deployed independently on different cloud platforms. Subsequently, these partitions depend on message exchange synchronization, which defines our choreography on the cloud. Moreover, we consider additional requirements related to data-dependencies and Quality of Service (QoS) disparities to optimize the execution of the outsourced process. Our approach is motivated by an insurance case study and implemented within an open source cloud platform.

Towards the ENTRI Framework: Security Risk Management Enhanced by the Use of Enterprise Architectures

Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the increasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and propose a research agenda towards a complete framework integrating both domains.

A general approach for a trusted deployment of a business process in clouds

It is recognized that the most important obstacle to the development of the cloud is the variety of new security threats which requests new methods and mechanisms. This is even truer for those who want to deploy business processes, because of the critical knowledge they encapsulate in terms of know-how and data. This paper proposes an approach combining modeling techniques and cloud selection for a trusted deployment of a security risk-aware business process in security constrained clouds.

A Security Risk Assessment Model for Business Process Deployment in the Cloud

Managing security risks on information systems is essential to guarantee their security while handling costs. However, the complexity of risk assessments is greatly increased when data is spread on multiple environments. In this paper we present a security risk assessment model for distributing business processes in a multi-cloud environment. We aim at offering the full power of cloud computing to composite applications while shielding companies from the complexity related to security risk assessments in the Cloud. We also want to give them the capability to automatically generate secure and cost-effective applications across multiple clouds. Our approach is based on existing risk assessment methodologies, while using the industry recognized IT standards.

An integrated conceptual model for information system security risk management supported by enterprise architecture management

Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.

Obfuscating a Business Process by Splitting Its Logic with Fake Fragments for Securing a Multi-cloud Deployment

Companies are ready to outsource their business process to the cloud to enjoy its benefits. However they must be sure that their business know-how is preserved. Although some solutions already exist and consist in splitting the model into a collaboration of BP fragments for a deployment in a muti-cloud context, none of them takes into account the possibility of collusion between the clouds executing the different fragments. To address this issue, we propose in this paper a solution consisting in adding fake BP fragments at specific locations in the process, so as to complicate its structure and hide the direct interaction between clouds executing sensitive fragments. Therefore, the discovery of the process by malicious cloud providers is delayed. The approach is validated against an introduced metric. It demonstrates that our approach is better in the worst case than previous approaches in best cases.

Business Process Design by Reusing Business Process Fragments from the Cloud

The constant development of technologies forces companies to be more innovative in order to stay competitive. In fact, designing a process from scratch is time consuming, error prone and costly. In this context, companies are heading to reuse process fragments when designing a new process to ensure a high degree of efficiency, with respect to delivery deadlines. However, reusing these fragments may disclose sensitive business activities, especially if these latter are deployed in an untrusted environment. In addition, companies are concerned about their users privacy. To address these issues, we investigate how to build a new business process by reusing the safest existing fragments coming from various cloud servers, i.e. The ones that comply at best with companys preferences and policies, and offer an appropriate level of safety.

A Formal Broker Framework for Secure and Cost-Effective Business Process Deployment on Multiple Clouds

Security risk management on information systems provides security guarantees while controlling costs. But security risk assessments can be very complex, especially in a cloud context where data is distributed over multiple environments. To prevent costs from becoming the only cloud selection factor, while disregarding security, we propose a method for performing multiple cloud security risk assessments. In this paper we present a broker framework for balancing costs against security risks. Our framework selects cloud offers and generates deployment-ready business processes in a multi-cloud environment.