Abstract
AbstractThis paper introduces the concept of moving security and compliance policy automation for Cloud applications and mashups into the Cloud. This way, Cloud applications and mashups can be protected more seamlessly within the Cloud computing paradigm, and the secure software development lifecycle for Cloud applications is improved and simplified. The policy automation aspects covered in this paper include policy configuration, technical policy generation using model-driven security, application authorization management, and incident reporting. Policy configuration is provided as a subscription-based Cloud service to application development tools, and technical policy generation, enforcement and monitoring is embedded into Cloud application development and runtime platforms. OpenPMF Security & Compliance as a Service (“ScaaS”), a reference implementation using ObjectSecurity OpenPMF, is also presented. The paper argues that security and compliance policy management for agile distributed application landscapes such as Cloud mashups needs to be model-driven and automated in order to be agile, manageable, reliable, and scalable.KeywordsCloud ComputingCloud ServiceCloud Service ProviderCloud ApplicationCloud Computing ParadigmThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
