Measuring Security for Applications Hosted in Cloud

Despite the numerous benefits of cloud computing, concerns around security, trust and privacy are holding back the cloud adoption. Lack of visibility and tangible measurement of the security posture of any cloud hosted application is a disadvantage to cloud service customers. Decision to migrate workloads on the Cloud requires thoughtful analysis about security implications and ability to measure the security controls after hosting. In this paper, we propose a framework to quantitatively measure different aspects of information security for Cloud applications. This framework has a system through which we can define applications specific controls, gather information on control implementation, calculate the security levels for applications and present them to stakeholders through dashboards. Framework also includes detailed method to quantify the security of a Cloud application considering different aspects of security, control criticalities, stakeholder responsibilities and cloud service models. System and method provide visibility to Cloud customer on the security posture of their cloud hosted applications.

Download Full-text

Model-Based Cloud Service Deployment Optimisation Method For Minimisation of Application Service Operational Cost

10.21203/rs.3.rs-1112213/v1 ◽

2021 ◽

Author(s):

Ivana Stupar ◽

Darko Huljenić

Keyword(s):

Quality Of Service ◽

Cloud Service ◽

Operational Cost ◽

Cloud Infrastructure ◽

Application Service ◽

Cloud Application ◽

Wide Range ◽

Service Deployment ◽

Cloud Applications

Abstract Many of the currently existing solutions for cloud cost optimisation are aimed at cloud infrastructure providers, and they often deal only with specific types of application services, leaving the providers of cloud applications without the suitable cost optimization solution, especially concerning the wide range of different application types. In this paper, we present an approach that aims to provide an optimisation solution for the providers of applications hosted in the cloud environments, applicable at the early phase of a cloud application lifecycle and for a wide range of application services. The focus of this research is development of the method for identifying optimised service deployment option in available cloud environments based on the model of the service and its context, with the aim of minimising the operational cost of the cloud service, while fulfilling the requirements defined by the service level agreement. A cloud application context metamodel is proposed that includes parameters related to both the application service and the cloud infrastructure relevant for the cost and quality of service. By using the proposed optimisation method, the knowledge is gained about the effects that the cloud application context parameters have on the service cost and quality of service, which is then used to determine the optimised service deployment option. The service models are validated using cloud application services deployed in laboratory conditions, and the optimisation method is validated using the simulations based on proposed cloud application context metamodel. The experimental results based on two cloud application services demonstrate the ability of the proposed approach to provide relevant information about the impact of cloud application context parameters on service cost and quality of service, and use this information in the optimisation aimed at reducing service operational cost while preserving the acceptable service quality level. The results indicate the applicability and relevance of the proposed approach for cloud applications in the early service lifecycle phase since application providers can gain useful insights regarding service deployment decision without acquiring extensive datasets for the analysis.

Download Full-text

Intelligente Arbeitsvorbereitung in der Cloud/Smarter operations planning and scheduling in the cloud - Cloud application reduces setup and non-productive times by the use of virtual machine tools

wt Werkstattstechnik online ◽

10.37544/1436-4980-2016-01-02-79 ◽

2016 ◽

Vol 106 (01-02) ◽

pp. 77-82

Author(s):

G. Rehage ◽

F. Isenberg ◽

R. Reisch ◽

J. Weber ◽

B. Jurke ◽

...

Keyword(s):

Virtual Machine ◽

Machine Tools ◽

Distributed Simulation ◽

Cloud Service ◽

Planning And Scheduling ◽

Operations Planning ◽

Manufacturing Operations ◽

Cloud Application ◽

Cognitive Information ◽

Selection Of

Auf dem Weg zu Industrie 4.0 wird die Arbeitsvorbereitung zunehmend von kognitiver Informationstechnik unterstützt. Der Beitrag präsentiert die bisherigen Ergebnisse des Forschungsprojekts „Intelligente Arbeitsvorbereitung auf Basis virtueller Werkzeugmaschinen“. Projektziel ist eine Cloud-Dienstleistungsplattform zur Reduzierung der Rüst- und Nebenzeiten durch eine intelligente Planung. Hierzu zählen unter anderem die Auswahl und Validierung alternativer Maschinen sowie die automatische Optimierung der Einrichtungsparameter durch verteilte Simulationen.   On the way to industry 4.0, the operations planning and scheduling will be aided by cognitive information systems. This contribution presents the previous findings of a research project called “Smart operations planning and scheduling on the basis of virtual machine tools” (translated from German). The aim of the project is the development of a cloud service for the smart planning of manufacturing operations; that will reduce the setup and non-productive times of machine tools. This is achieved by the automatic selection of alternative CNC machines, as well as the optimization of setup parameters via distributed simulation.

Download Full-text

Service Delivery Models and Deployment Options

Pervasive Cloud Computing Technologies - Advances in Systems Analysis, Software Engineering, and High Performance Computing ◽

10.4018/978-1-4666-4683-4.ch003 ◽

2014 ◽

pp. 49-74

Keyword(s):

Cloud Computing ◽

Service Delivery ◽

Cloud Service ◽

Platform As A Service ◽

Service Delivery Models ◽

Cloud Application ◽

The Right ◽

Delivery Models ◽

Organizational Needs ◽

Community Cloud

In this chapter, the authors consider cloud computing as a core topic and various models emerging around it such as its services and delivery models, its economic aspects, applications, usages, challenges, and so on. Cloud computing covers a range of delivery and service models. In this chapter, cloud service delivery models (i.e., Software-as-a-Service, Platform-as-a-Service and Infrastructure-as-a-Service) and cloud deployment models (private cloud, community cloud, public cloud, and hybrid cloud) are described. The right service delivery and deployment option have to be chosen for an organization’s cloud application, according to organizational needs.

Download Full-text

Virtual Infrastructure Orchestration For Cloud Service Deployment

The Computer Journal ◽

10.1093/comjnl/bxz125 ◽

2019 ◽

Vol 63 (2) ◽

pp. 295-307 ◽

Cited By ~ 1

Author(s):

Arslan Qadeer ◽

Asad Waqar Malik ◽

Anis Ur Rahman ◽

Hamayun Mian Muhammad ◽

Arsalan Ahmad

Keyword(s):

Cloud Service ◽

Bare Metal ◽

Cloud Adoption ◽

Virtual Infrastructure ◽

Complex Process ◽

Service Deployment ◽

Flexible Framework ◽

Deployment Time ◽

Basic Infrastructure ◽

Almost All

Abstract Cloud adoption has significantly increased using the infrastructure-as-a-service (IaaS) paradigm, in order to meet the growing demands of computing, storage and networking, in small as well as large enterprises. Different vendors provide their customized solutions for OpenStack deployment on bare metal or virtual infrastructure. Among these many available IaaS solutions, OpenStack stands out as being an agile and open-source platform. However, its deployment procedure is a time-taking and complex process with a learning curve. This paper addresses the lack of basic infrastructure automation in almost all of the OpenStack deployment projects. We propose a flexible framework to automate the process of infrastructure bring up for deployment of several OpenStack distributions, as well as resolving dependencies for a successful deployment. Our experimental results demonstrate the effectiveness of the proposed framework in terms of automation status and deployment time, that is, reducing the time spent in preparing a basic virtual infrastructure by four times, on average.

Download Full-text

Architecting Software as a Service for Data Centric Cloud Applications

International Journal of Grid and High Performance Computing ◽

10.4018/ijghpc.2014010105 ◽

2014 ◽

Vol 6 (1) ◽

pp. 77-92 ◽

Cited By ~ 4

Author(s):

Amit Kr Mandal ◽

Suvamoy Changder ◽

Anirban Sarkar ◽

Narayan C. Debnath

Keyword(s):

Service Providers ◽

Cloud Service ◽

Cloud Services ◽

Software As A Service ◽

Information Technology Services ◽

Technology Services ◽

Flexible Architecture ◽

Architectural Framework ◽

Research Challenge ◽

Cloud Applications

Software as a service (SaaS) is a new software development and deployment paradigm over the cloud. It offers Information Technology services dynamically as “on-demand” basis. The related application data are stored in the data centers managed by the Cloud Service Providers. Many enterprises are facing a major research challenge due to the unavailability of generic cloud architecture for designing, developing and deploying of cloud services. In this paper a flexible architecture for SaaS has been proposed, specifically for data centric cloud applications which may have access to heterogeneous types of databases. The architecture is composed of several layers, which are interacting with each other through the dynamically selected access points of the corresponding layers interfaces. The paper also enlisted the crucial features for SaaS architectural model. Moreover, a detailed comparative study has been done among the proposed SaaS architectural framework and other existing similar proposals based on the listed features.

Download Full-text

XForms User Interfaces for Small Arcane Nontrivial Datasets

Proceedings of Balisage: The Markup Conference 2014 ◽

10.4242/balisagevol13.lubell01 ◽

2014 ◽

Cited By ~ 6

Author(s):

Joshua Lubell

Keyword(s):

User Interfaces ◽

Data Model ◽

Security Controls ◽

Custom Software ◽

Security Control ◽

Extensible Markup ◽

Model View Controller ◽

Behavioral Requirements ◽

Cyber Risk ◽

Model View

Small Arcane Nontrivial Datasets (SANDs) are frequently complex enough to warrant custom software for access and editing, yet too small or specialized to justify a full-blown server-based database application. Such data is typically presented in tabular form within documents or as editable spreadsheets. To test the alternative of using XForms as a user interface for SANDs, an application was built for browsing a conformance test suite for Product and Manufacturing Information, a formal specification of a product's functional and behavioral requirements as they apply to production. XForms proved a much better match than tabulations for the underlying data model. To further test the concept, XForms was evaluated for use with the National Institute of Standards and Technology (NIST) Special Publication 800-53 security control catalog, which is a comprehensive catalog of security controls for managing cyber-risk, many parts of which are already available in extensible markup language (XML) form. The model-view-controller (MVC) software pattern of XForms seems well-suited for creating specialized applications for tailoring and navigating this catalog.

Download Full-text

Implementation of COSO ERM as Security Control Framework in Cloud Service Provider

Journal of Advanced Management Science ◽

10.18178/joams.5.4.322-326 ◽

2017 ◽

Vol 5 (4) ◽

pp. 322-326

Author(s):

Jarot S. Suroso

Keyword(s):

Service Provider ◽

Cloud Service ◽

Cloud Service Provider ◽

Control Framework ◽

Security Control

Download Full-text

A Survey of Cloud Computing Data Virtualization Service

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.441.1016 ◽

2013 ◽

Vol 441 ◽

pp. 1016-1019 ◽

Cited By ~ 2

Author(s):

Lei Xiao ◽

Wei Jiang ◽

Fang Xin Chen ◽

Le Jiang Guo ◽

Ya Hui Hu

Keyword(s):

Cloud Computing ◽

Data Center ◽

Network Virtualization ◽

Cloud Service ◽

Cloud Services ◽

Support Network ◽

Research Progress ◽

Key Technologies ◽

Cloud Applications ◽

Recent Research Progress

Cloud computing is becoming a mainstream aspect of information technology. How to efficiently manage the cloud resources across multiple cloud domains is critical for providing continuous cloud services. This paper introduces the principle and review recent research progress on cloud service to support network virtualization. It presents a framework of network-Cloud convergence based on data center network and gives a survey on key technologies for realizing cloud center and service; the reliability of cloud applications can be greatly improved.

Download Full-text

Virtual Cloud Service System for Building Effective Inter-Cloud Applications

2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) ◽

10.1109/cloudcom.2017.48 ◽

2017 ◽

Cited By ~ 2

Author(s):

Atsuko Takefusa ◽

Shigetoshi Yokoyama ◽

Yoshinobu Masatani ◽

Tomoya Tanjo ◽

Kazushige Saga ◽

...

Keyword(s):

Service System ◽

Cloud Service ◽

Cloud Applications

Download Full-text

Severity: a QoS-aware approach to cloud application elasticity

Journal of Cloud Computing Advances Systems and Applications ◽

10.1186/s13677-021-00255-5 ◽

2021 ◽

Vol 10 (1) ◽

Author(s):

Andreas Tsagkaropoulos ◽

Yiannis Verginadis ◽

Nikos Papageorgiou ◽

Fotis Paraskevopoulos ◽

Dimitris Apostolou ◽

...

Keyword(s):

Source Code ◽

Dynamic Adaptation ◽

Application Performance ◽

Algorithmic Approach ◽

Cloud Application ◽

Application Hosting ◽

Application Adaptation ◽

Adaptation Action ◽

Flexible Application ◽

Cloud Applications

AbstractWhile a multitude of cloud vendors exist today offering flexible application hosting services, the application adaptation capabilities provided in terms of autoscaling are rather limited. In most cases, a static adaptation action is used having a fixed scaling response. In the cases that a dynamic adaptation action is provided, this is based on a single scaling variable. We propose Severity, a novel algorithmic approach aiding the adaptation of cloud applications. Based on the input of the DevOps, our approach detects situations, calculates their Severity and proposes adaptations which can lead to better application performance. Severity can be calculated for any number of application QoS attributes and any type of such attributes, whether bounded or unbounded. Evaluation with four distinct workload types and a variety of monitoring attributes shows that QoS for particular application categories is improved. The feasibility of our approach is demonstrated with a prototype implementation of an application adaptation manager, for which the source code is provided.

Download Full-text