Per Håkon Meland

Security SLAs for Federated Cloud Services

The federated Cloud paradigm aims to provide flexible and reliable services composed of a mixture of internal and external mini-clouds, but this heterogeneous nature is also fuelling the security concerns of the customers. To allay the fears and deal with the threats associated with outsourcing data and applications to the Cloud, new methods for security assurance are urgently needed. This paper presents current work on Cloud Security Service Level Agreements and our approach on how to manage this in the context of hybrid clouds. The purpose is to facilitate rapid service composition and agreements based on the necessary security requirements and establish trust between the customer and provider. We also show how this can be applied on a realistic case study related to a hybrid Unified Communication service.

Attribute Decoration of Attack-Defense Trees

Attack-defense trees can be used as part of threat and risk analysis for system development and maintenance. They are an extension of attack trees with defense measures. Moreover, tree nodes can be decorated with attributes, such as probability, impact, and penalty, to increase the expressiveness of the model. Attribute values are typically assigned based on cognitive estimations and historically recorded events. This paper presents a practical case study with attack-defense trees. First, the authors create an attack-defense tree for an RFID-based goods management system for a warehouse. Then, they explore how to use a rich set of attributes for attack and defense nodes and assign and aggregate values to obtain condensed information, such as performance indicators or other key security figures. The authors discuss different modeling choices and tradeoffs. The case study led them to define concrete guidelines that can be used by software developers, security analysts, and system owners when performing similar assessments.

An Architectural Foundation for Security Model Sharing and Reuse

Within the field of software security we have yet to find efficient ways on how to learn from past mistakes and integrate security as a natural part of software development.This situation can be improved by using an online repository, the SHIELDS SVRS, that facilitates fast and easy interchange of security artefacts between security experts, software developers and their assisting tools. Such security artefacts are embedded in or represented as security models containing the needed information to detect, remove and prevent vulnerabilities in software, independent of the applied development process. The purpose of this paper is to explain the main reference architecture description of the repository and the more general tool stereotypes that can communicate with it.

Reusable Security Requirements for Healthcare Applications

Healthcare information systems are currently being migrated from paper based journals to fully digitalised information platforms. Protecting patient privacy is thus becoming an increasingly complex task, where several national and international legal requirements must be met. These legal requirements present only high-level goals for privacy protection, leaving the details of security requirements engineering to the developers of electronic healthcare systems. Our objective has been to map legal requirements for sensitive personal information to a set of reusable technical information security requirements. This paper presents examples of such requirements extracted from legislation applicable to the healthcare domain.

How can the developer benefit from security modeling

Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g., threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development

Thunder in the Clouds: Security challenges and solutions for federated Clouds

Cloud federation brings together different service providers and their offered services, so that many Cloud variants can be tailored to match different sets of customer requirements. To mitigate security risks and convince hesitant customers, security must be an integrated part of the federated Cloud concept. This paper surveys the state of the art in Cloud computing security, identifies unsolved issues related to federated Clouds, discusses possible approaches to deal with the threats and points out directions for further work.

The challenges of secure and trustworthy service composition in the Future Internet

The development of the Future Internet will see a move towards widespread use of services as a way of networked interaction. However, while the technologies for deploying services are well established, methods for ensuring trust and security are less well developed. In particular, current service security standards and technologies tend to be focussed on specific areas, such as security at the communication level. In order for users to be confident that their security requirements are being satisfied, a more holistic approach is required. For example, the security claims of a service should be known in advance, and a user should be able to make judgements about the trustworthiness of a service and its likelihood of fulfilling these claims. This should apply to services running in isolation, as well as those comprised of other services from different providers. We present a high level design of the Aniketos platform that aims to address some of these challenges, providing capabilities for managing trust, security and threats in relation to services in the Future Internet. While still at an early stage, this high level design provides an insight into how the platform is expected to develop in the future.

Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology

There is a need for improved security testing methodologies specialized for Web applications and their agile development environment. The number of web application vulnerabilities is drastically increasing, while security testing tends to be given a low priority. In this paper, we analyze and compare Agile Security Testing with two other common methodologies for Web application security testing, and then present an extension of this methodology. We present a case study showing how our Extended Agile Security Testing (EAST) performs compared to a more ad hoc approach used within an organization. Our working hypothesis is that the detection of vulnerabilities in Web applications will be significantly more efficient when using a structured security testing methodology specialized for Web applications, compared to existing ad hoc ways of performing security tests. Our results show a clear indication that our hypothesis is on the right track.

Expressing cloud security requirements for SLAs in deontic contract languages for cloud brokers

The uptake of cloud computing is hindered by the fact that current cloud SLAs are not written in machine-readable language, and also fail to cover security requirements. This article considers a cloud brokering model that helps negotiate and establish SLAs between customers and providers. This broker handles security requirements on two different levels: between the customer and the broker, where the requirements are stated in natural language; and between the broker and different cloud providers, where requirements are stated in deontic contract languages. There are several such languages available today with different properties and abstraction levels, from generic container languages to more domain-specific languages for specifying the various details in a contract. In this article, we investigate the suitability of ten deontic contract languages for expressing security requirements in SLAs, and exemplify their use in the cloud brokering model through a practical use case for a video streaming service.

Access Control and Integration of Health Care Systems: An Experience Report and Future Challenges

Health information about a patient is usually scattered among several clinical systems, which limits the availability of the information. Integration of the most central systems is a possible solution to this problem. In this paper we present one such integration effort, with a focus on how access control is handled in the integrated system. Although this effort has not yet solved all the issues of access control integration, it demonstrates a practical approach for creating something that works today and serves as input to the discussion on future challenges for access control when integrating multiple systems