Towards a Security-Enhanced PaaS Platform for Multi-Cloud Applications
AUTHORS: Kyriakos Kritikos, Tom Kirkham, Bartosz Kryza, Philippe Massonet
Multi-cloud adaptive application provisioning can solve the vendor lock-in problem and allows optimising user requirements by selecting the best from the multitude of services offered by different cloud providers. To this end, such provisioning type is increasingly supported by new or existing research prototypes and platforms. One major concern, actually preventing users from moving to the cloud, comes with respect to security, which becomes more complex in multi-cloud settings. Such a concern spans two main aspects: (a) suitable access control on user personal data, VMs and platform services and (b) planning and adapting application deployments based on security requirements. As such, this paper addresses both security aspects by proposing a novel model-driven approach and architecture which secures multi-cloud platforms, enables users to have their own private space and guarantees that application deployments are not only constructed based on but can also maintain a certain user-required security level. Such a solution exploits state-of-the-art security standards, security software and secure model management technology. Moreover, it covers different access control scenarios involving external, web-based and programmatic user authentication.