Analysis of recommended cloud security controls to validate OpenPMF "policy as a service"
Information Security Tech. Report
Toward a model-driven access-control enforcement mechanism for pervasive systems
Proceedings of the Workshop on Model-Driven Security
Toward authorization as a service: a study of the XACML standard
Proceedings of the 16th Communications & Networking Symposium
| Hi-index | 0.00 |
This paper introduces the concept of moving security and compliance policy automation for Cloud applications and mashups into the Cloud. The policy automation aspects covered in this paper include policy configuration, technical policy generation using model-driven security, application authorization management, and incident reporting. Policy configuration is provided as a subscription-based Cloud service to application development tools, and technical policy generation, enforcement and monitoring is embedded into Cloud application development and runtime platforms. OpenPMF Security & Compliance as a Service (““ScaaS”), a reference implementation using Object Security OpenPMF, is also presented.