Security Monitoring in the Cloud: An SLA-Based Approach

In this paper we present a monitoring architecture that is automatically configured and activated based on a signed Security SLA. Such monitoring architecture integrates different security-related monitoring tools (either developed ad-hoc or already available as open-source or commercial products) to collect measurements related to specific metrics associated with the set of security Service Level Objectives (SLOs) that have been specified in the Security SLA. To demonstrate our approach, we discuss a case study related to detection and management of vulnerabilities and illustrate the integration of the popular open source monitoring system Open VAS into our monitoring architecture. We show how the system is configured and activated by means of available Cloud automation technologies and provide a concrete example of related SLOs and metrics.

[1]  Konstantinos A. Tarabanis,et al.  A user-centric multi-PaaS application management solution for hybrid multi-Cloud scenarios , 2013, Scalable Comput. Pract. Exp..

[2]  Kazi Wali Ullah,et al.  Demo Paper: Automatic Provisioning, Deploy and Monitoring of Virtual Machines Based on Security Service Level Agreement in the Cloud , 2014, 2014 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[3]  Massimiliano Rak,et al.  Ontology-based Negotiation of security requirements in cloud , 2012, 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN).

[4]  Marianne M. Swanson,et al.  Recommended Security Controls for Federal Information Systems , 2005 .

[5]  Rose F. Gamble,et al.  Building a Compliance Vocabulary to Embed Security Controls in Cloud SLAs , 2013, 2013 IEEE Ninth World Congress on Services.

[6]  Valentina Casola,et al.  Preliminary Design of a Platform-as-a-Service to Provide Security in Cloud , 2014, CLOSER.

[7]  Guillaume Pierre,et al.  ConPaaS: A Platform for Hosting Elastic Cloud Applications , 2012, IEEE Internet Computing.

[8]  Theo Lynn,et al.  A survey of Cloud monitoring tools: Taxonomy, capabilities and objectives , 2014, J. Parallel Distributed Comput..

[9]  Dana Petcu A Taxonomy for SLA-Based Monitoring of Cloud Security , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.

[10]  Raymond A. Paul,et al.  Ontology of Secure Service Level Agreement , 2015, 2015 IEEE 16th International Symposium on High Assurance Systems Engineering.

[11]  Neeraj Suri,et al.  Security as a Service Using an SLA-Based Approach via SPECS , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[12]  Nicola Mazzocca,et al.  An AHP-Based Framework for Quality and Security Evaluation , 2009, 2009 International Conference on Computational Science and Engineering.

[13]  Antonino Mazzeo,et al.  A SLA evaluation methodology in Service Oriented Architectures , 2006, Quality of Protection.

[14]  Antonio Pescapè,et al.  Cloud monitoring: A survey , 2013, Comput. Networks.

[15]  Salvatore Venticinque,et al.  Experiences in building a mOSAIC of clouds , 2013, Journal of Cloud Computing: Advances, Systems and Applications.