A web developer, representing the EU of this user story, aims at acquiring a web container, to run his/her own application, which fulfils some security requirements. The web container is represented by one or more Virtual Machines (VMs) provided by one or more IaaS CSPs. It is reasonable to suppose that the EU is not an expert in security field: she/he is aware of the technologies that may be involved (SSL, authentication and authorization protocols and so on), but she/he is not aware of the best practices and of how to protect her/his application from malicious attacks. For this reason, the acquisition of VMs and the enforcement of security features are accomplished through SPECS.
The web developer has to acquire a VM from a public CSP, but he is responsible for any security configuration associated to it.
Existing appliances offers predefined services (as an example an already configured web server), but there is no standard way to check security features.
Limitations in non-SPECS solutions:
Web developer has to:
Check manually each CSP against their offering
Evaluate one by one the offers and compare with its own security requirements
Apply desired configuration, if they are not natively supported
Does not have any way to verify at runtime the respect fo the security features
The SPECS solution:
Offers a single interface to select among different offerings on different providers;
Enables web developer to specify explicitly the needed security capabilities on the target web container, selecting the security controls
Automatically configure the VM(s) in order to enforce the security controls requested
Offers a set of security metrics in order to concretely monitor the respect of the security requests
Automatically remediate to (some of) alerts and violation that may occur to the SLA associated to the web container
Enables continuous monitoring of the security metrics negotiated
Leveraged SPECS components:
SLA Manager, Service Manager
SLO Manager, Supply Chain Manager
Planning, Implementation, Diagnosis and Remediation