Secure Web Container

A web developer, representing the EU of this user story, aims at acquiring a web container, to run his/her own application, which fulfils some security requirements. The web container is represented by one or more Virtual Machines (VMs) provided by one or more IaaS CSPs. It is reasonable to suppose that the EU is not an expert in security field: she/he is aware of the technologies that may be involved (SSL, authentication and authorization protocols and so on), but she/he is not aware of the best practices and of how to protect her/his application from malicious attacks. For this reason, the acquisition of VMs and the enforcement of security features are accomplished through SPECS.

Before SPECS After SPECS
  • The web developer has to acquire a VM from a public CSP, but he is responsible for any security configuration associated to it.
  • Existing appliances offers predefined services (as an example an already configured web server), but there is no standard way to check security features.
  • Limitations in non-SPECS solutions:
    Web developer has to:

    • Check manually each CSP against their offering
    • Evaluate one by one the offers and compare with its own security requirements
    • Apply desired configuration, if they are not natively supported
    • Does not have any way to verify at runtime the respect fo the security features
  • The SPECS solution:
    • Offers a single interface to select among different offerings on different providers;
    • Enables web developer to specify explicitly the needed security capabilities on the target web container, selecting the security controls
    • Automatically configure the VM(s) in order to enforce the security controls requested
    • Offers a set of security metrics in order to concretely monitor the respect of the security requests
    • Automatically remediate to (some of) alerts and violation that may occur to the SLA associated to the web container
    • Enables continuous monitoring of the security metrics negotiated

Leveraged SPECS components:
  • SLA Manager, Service Manager
  • SLO Manager, Supply Chain Manager
  • Planning, Implementation, Diagnosis and Remediation
  • Monitoring Core
  • SVA, WebPool, IDS, TLS

Contact & Feedback:

Massimiliano Rak
Massimiliano.rak@unina2.it
+390815010336