Enabling Custom Security Controls as Plugins in Service Oriented Environments

• Published in: Transactions on Computational Collective Intelligence XXXIII Vol. 11610; pp. 32 - 51
• Main Author: Kyriazis, Dimosthenis
• Format: Book Chapter
• Language: English
• Published: Germany Springer Berlin / Heidelberg 2019; Springer Berlin Heidelberg
• Series: Lecture Notes in Computer Science
• Subjects: Cloud computing; Dependability; Privacy; Security; Service oriented infrastructures
• ISBN: 9783662595398; 3662595397
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-662-59540-4_2

Service oriented environments such as cloud computing infrastructures aim at facilitating the requirements of users and enterprises by providing services following an on-demand orientation. While the advantages of such environments are clear and lead to wide adoption, the key concern of the non-adopters refers to privacy and security. Even though providers put in place several measures to minimize security and privacy vulnerabilities, the users are still in many cases reluctant to move their data and applications to clouds. In this paper an approach is presented that proposes the use of security controls as plugins that can be ingested in service-oriented environments. The latter allows users to tailor the corresponding security and privacy levels by utilizing security measures that have been selected and implemented by themselves, thus alleviating their security and privacy concerns. The challenges and an architecture with the corresponding key building blocks that address these challenges are presented. Furthermore, results in the context of trustworthy requirements, i.e. dependability, are presented to evaluate the proposed approach.