Abstract
Federation of clouds is the future of cloudcomputing, mobile cloud computing,Internet of things, and big data applicationsprovides a catalog of security and privacycontrols for federal information systems andorganizations a process for selectingcontrols to protect organizational operations(including mission,image, functions, andreputation), organizational assets,individuals, other organizations, the Nationfrom a diverse set of threats includinghostile environment cyber-attacks, image,naturaldisasters, structural failures, and humanerrors. These controls are implemented aspart of an organization-wide process thatmanages information security and privacyrisk. The control address a diverse is set ofsecurity and privacy requirements across thefederal government and criticalinfrastructure, derived from legislation,Executive Orders, policies, directives,regulations, standards, and/ormission/business needs. This paper alsodescribes how to develop specialized sets ofcontrols, or overlays, tailored for specifictypes of missions/business functions,technologies, or environments of operation.Finally, the catalog of security controlsaddresses security from both a functionalityperspective (the strength of securityfunctions and mechanisms provided) and anassurance perspective (the measures ofconfidence in the implemented securitycapability). We motivated the need toformalize SSpecs of distributed applicationsand align domain RSpecs for an efficient joint performance and security drivenworkflow management across federatedmulti-cloud resources. We showed how aprocess of breaking down the securityrequirements across workflow lifecyclestages and applying NIST basedcategorization can facilitate formalization ofapplicationSSpecs.These Securityfunctionality and security assurances ensuresthat information technology products andthe information systems built from thoseproducts using sound systems and securityengineering principles are sufficientlytrustworthy.