Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats.The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.