Multi-cloud applications, i.e. those that are deployed overudmultiple independent Cloud providers, pose a number of challenges to theudsecurity-aware development and operation. Security assurance in suchudapplications is hard due to the lack of insights of security controls ap-udplied by Cloud providers and the need of controlling the security levels ofudall the components and layers at a time. This paper presents the MUSAudapproach to Service Level Agreement (SLA)-based continuous securityudassurance in multi-cloud applications. The paper details the proposedudmodel for capturing the security controls in the o ered application Se-udcurity SLA and the approach to continuously monitor and asses theudcontrols at operation phase. This new approach enables to easily alignuddevelopment security requirements with controls monitored at operationudas well as early react at operation to any possible security incident orudSLA violation.
展开▼