The cloud computing paradigm is changing the design, development, deployment, and provisioning of services and corresponding IT infrastructures. Nowadays, users and companies incrementally rely on on-demand cloud resources to access and deliver services, while IT infrastructures are continuously evolving to address cloud needs and support cloud service delivery. This scenario points to a multi-tenant environment where services are built with strong security and scalability requirements, and cost, performance, security and privacy are key factors enabling cloud adoption. New business opportunities for providers and customers come at the price of growing concerns about how data and processes are managed and operated once deployed in the cloud. This context, where companies externalise the IT services to third parties, makes the trustworthiness of IT partners and services a prerequisite for its success. Trustworthiness can be expressed and guaranteed through contracts that enforce Service Level Agreements (SLAs), and in a more general way by assurance techniques. By the term security assurance, we mean all the techniques able to assess and evaluate a given target to demonstrate that a security property is satisfied and the target behaves as expected. However, traditional assurance solutions rely on static verification techniques and assume continuous availability of a trusted evaluator. Such conditions are not valid anymore in the cloud that instead requires new approaches that match its dynamic, distributed and heterogeneous nature. In this thesis, we describe an assurance technique based on certification, towards the definition of a transparent and trusted cloud, from the bare metal to the application layer. The presented assurance approach follows the traditional certification process and extends it by providing continuous, incremental, adaptive and multi-layer verification. We propose a test-based certification scheme assessing non-functional properties of cloud-based services. The scheme is driven by non-functional requirements defined by the certification authority and by a model of the service under certification. We then define an automatic approach to verification of consistency between requirements and models, which is at the basis of the chain of trust supported by the certification scheme. We also present a continuous certificate life cycle management process including both certificate issuing and its adaptation to address contextual changes, versioning and migration. The proposed certification scheme is however partial if certification of cloud composite services is not supported. Cloud computing paradigm in fact, supports service composition and re-use at high rates. This clearly aects cloud service evaluation that cannot be simply seen as an assessment on a single target, but it should follow an holistic view that permits to compose certificates. Moreover, while traditional approaches to service composition are driven by the desired functionality and requirements on deployment costs, more recent approaches also focus on SLAs and non-functional requirements. In fact service composition in the cloud introduces new requirements on composition approaches including the need to i) select component services on the basis of their non-functional properties, ii) continuously adapt to both functional and non-functional changes of the component services, iii) depart from the assumption that the cost of the composition is only the sum of the deployment costs of the component services, and also consider the costs of SLA and non-functional requirement verification. In this thesis, we first extended out certification process to evaluate non-functional properties of composite services. We then focus on the definition of an approach to the composition of cloud services driven by certified non-functional properties. We define a cost-evaluation methodology aimed to build a service composition with a set of certified properties that minimizes the total costs experienced by the cloud providers, taking into account both deployment and certification/verification costs. From the analysis and the definition of certification models and processes, we propose and develop a test-based security certification framework for the cloud, which supports providers and users in the design and development of ready-to-be-certified services/applications. The framework implements a distributed approach to reach all targets at all cloud layers and a paradigm to develop test cases to assess the requested non-functional properties. The outcome of this thesis is finally validated through an experimental evaluation carried out on real scenarios that i)evaluate the assurance of a Web Hosting System provided by the Universitá degli Studi di Milano against the ICT security guidelines for Italian public administration provided by the "Agenzia per l’Italia Digitale" (AgID) and ii propose and test a security benchmark for the cloud infrastructure manager OpenStack. In summary, the contribution of the thesis is manifold: i) we design and implement a certification scheme for the cloud, ii we extend and adapt the certification of single cloud services to meet cloud composite certification; iii) we integrate our certification scheme with the cloud service composition process, developing an algorithm to deploy cloud composite services based on non-functional requirements while minimizing the cost from the cloud service provider point of view; iv we design and develop an assurance framework for cloud services certification and validate it in real scenarios.
A FRAMEWORK FOR CLOUD ASSURANCE AND TRANSPARENCY BASED ON CONTINUOUS EVIDENCE COLLECTION / F. Gaudenzi ; supervisore: C. A. Ardagna ; advisors: E. Damiani, M. Anisetti. DIPARTIMENTO DI INFORMATICA Giovanni Degli Antoni, 2019 Feb 01. 31. ciclo, Anno Accademico 2018. [10.13130/gaudenzi-filippo_phd2019-02-01].
A FRAMEWORK FOR CLOUD ASSURANCE AND TRANSPARENCY BASED ON CONTINUOUS EVIDENCE COLLECTION
F. Gaudenzi
2019
Abstract
The cloud computing paradigm is changing the design, development, deployment, and provisioning of services and corresponding IT infrastructures. Nowadays, users and companies incrementally rely on on-demand cloud resources to access and deliver services, while IT infrastructures are continuously evolving to address cloud needs and support cloud service delivery. This scenario points to a multi-tenant environment where services are built with strong security and scalability requirements, and cost, performance, security and privacy are key factors enabling cloud adoption. New business opportunities for providers and customers come at the price of growing concerns about how data and processes are managed and operated once deployed in the cloud. This context, where companies externalise the IT services to third parties, makes the trustworthiness of IT partners and services a prerequisite for its success. Trustworthiness can be expressed and guaranteed through contracts that enforce Service Level Agreements (SLAs), and in a more general way by assurance techniques. By the term security assurance, we mean all the techniques able to assess and evaluate a given target to demonstrate that a security property is satisfied and the target behaves as expected. However, traditional assurance solutions rely on static verification techniques and assume continuous availability of a trusted evaluator. Such conditions are not valid anymore in the cloud that instead requires new approaches that match its dynamic, distributed and heterogeneous nature. In this thesis, we describe an assurance technique based on certification, towards the definition of a transparent and trusted cloud, from the bare metal to the application layer. The presented assurance approach follows the traditional certification process and extends it by providing continuous, incremental, adaptive and multi-layer verification. We propose a test-based certification scheme assessing non-functional properties of cloud-based services. The scheme is driven by non-functional requirements defined by the certification authority and by a model of the service under certification. We then define an automatic approach to verification of consistency between requirements and models, which is at the basis of the chain of trust supported by the certification scheme. We also present a continuous certificate life cycle management process including both certificate issuing and its adaptation to address contextual changes, versioning and migration. The proposed certification scheme is however partial if certification of cloud composite services is not supported. Cloud computing paradigm in fact, supports service composition and re-use at high rates. This clearly aects cloud service evaluation that cannot be simply seen as an assessment on a single target, but it should follow an holistic view that permits to compose certificates. Moreover, while traditional approaches to service composition are driven by the desired functionality and requirements on deployment costs, more recent approaches also focus on SLAs and non-functional requirements. In fact service composition in the cloud introduces new requirements on composition approaches including the need to i) select component services on the basis of their non-functional properties, ii) continuously adapt to both functional and non-functional changes of the component services, iii) depart from the assumption that the cost of the composition is only the sum of the deployment costs of the component services, and also consider the costs of SLA and non-functional requirement verification. In this thesis, we first extended out certification process to evaluate non-functional properties of composite services. We then focus on the definition of an approach to the composition of cloud services driven by certified non-functional properties. We define a cost-evaluation methodology aimed to build a service composition with a set of certified properties that minimizes the total costs experienced by the cloud providers, taking into account both deployment and certification/verification costs. From the analysis and the definition of certification models and processes, we propose and develop a test-based security certification framework for the cloud, which supports providers and users in the design and development of ready-to-be-certified services/applications. The framework implements a distributed approach to reach all targets at all cloud layers and a paradigm to develop test cases to assess the requested non-functional properties. The outcome of this thesis is finally validated through an experimental evaluation carried out on real scenarios that i)evaluate the assurance of a Web Hosting System provided by the Universitá degli Studi di Milano against the ICT security guidelines for Italian public administration provided by the "Agenzia per l’Italia Digitale" (AgID) and ii propose and test a security benchmark for the cloud infrastructure manager OpenStack. In summary, the contribution of the thesis is manifold: i) we design and implement a certification scheme for the cloud, ii we extend and adapt the certification of single cloud services to meet cloud composite certification; iii) we integrate our certification scheme with the cloud service composition process, developing an algorithm to deploy cloud composite services based on non-functional requirements while minimizing the cost from the cloud service provider point of view; iv we design and develop an assurance framework for cloud services certification and validate it in real scenarios.
| File | Dimensione | Formato | |
|---|---|---|---|
|
phd_unimi_R11308.pdf
Open Access dal 28/07/2020
Tipologia:
Tesi di dottorato completa
Dimensione
3.3 MB
Formato
Adobe PDF
|
3.3 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
