Virtualization, scalability and flexibility features have enabled the widespread adoption of the cloud computing paradigm by both enterprises and individual users. However, trust and security concerns, related for instance to the protection of sensitive data stored by cloud infrastructures, or to the reliability of cloud applications and providers, are still posing limitations to the full exploitation of the loud potential.
As a matter of fact, cloud computing is currently inﬂuencing many daily activities, and cloud customers are recently asking for ``trusted’’ cloud services and applications: a customer that ``trusts’’ a cloud service or provider i) expects a specific behavior from the trustee (such as providing valid information or ensure a certain level of data privacy); ii) believes that the expected behavior occurs, and iii) is willing to take a certain amount of risk for that belief, which is proportional to the level of trustworthiness towards that provider.
In order to meet these requirements, cloud application designers and developers should address the potential trust and security issues that are relevant for the customers during the whole applications’ life-cycle management, and should adapt to the flexibility offered by the cloud paradigm, while also considering the relevant constraints posed by the stakeholders. This need is tackled by security-by-design and trust-aware approaches, which aim to build cloud applications and services whose security and trust aspects are addressed from the very early stages of the design process.
This special issue focuses on novel solutions and techniques for the development of trust-aware and secure cloud-based applications. We are particularly interested in contributions that focus on the security-by-design development paradigm, able to cope with the different phases of an application life-cycle. The special issue will therefore emphasize (but will not be limited to) the presentation of innovative aspects related to the elicitation and representation of requirements for trusted cloud applications and services, the definition and application of novel risk analysis techniques, the development of automated solutions for security enforcement, and the identification and implementation of strategies for the evaluation of all the aspects that may influence the trustworthiness of a cloud application.
Scope of Special Issue
Security-driven cloud service negotiation and selection. Tools and techniques for the automatic enforcement of security in clouds. Security-by-design approaches and DevOps tools for the management of a cloud application’s life-cycle. Security evaluation and security review in the cloud. Security monitoring. Security modeling and model-based approaches for the security assessment of cloud applications. SLA-based trust management. Trust-based service selection in Cloud Federations. Policies and mechanisms for trusted cloud applications. Tools for modeling and simulation of trust mechanisms in cloud applications. Auditing for trust certification in cloud applications.