Towards Security as a Service (SecaaS): On the modeling of Security Services for Cloud Computing

The security of software services accessible via the Internet has always been a crosscutting non-functional requirement of uttermost importance. The recent advent of the Cloud Computing paradigm and its wide diffusion has given birth to new challenges towards the securing of existing Cloud services, by properly accounting the issues related to their delivery models and their usage patterns, and has opened the way to the new concept of Security as a Service(SecaaS), i.e. the ability of developing reusable software services which can be composed with standard Cloud services in order to offer them the suitable security features. In this context, there is a strong need for methods and tools for the modeling of security concerns, as well as for evaluation techniques, for supporting both the comparison of different design choices and the analysis of their impact on the behavior of new services before their actual realization. This paper proposes a meta-model for supporting the modeling of Security Services in a Cloud Computing environment as well as an approach for guiding the identification and the integration of security services within the standard Cloud delivery models. The proposal is exemplified through a case study.