Ontology of Secure Service Level Agreement

Maintaining security and privacy in the Cloud is a complex task. The task is made even more challenging as the number of vulnerabilities associated with the cloud infrastructure and applications are increasing very rapidly. Understanding the security service level agreements (SSLAs) and privacy policies offered by service and infrastructure providers is critical for consumers to assess the risks of the Cloud before they consider migrating their IT operations to the Cloud. To address these concerns relative to the assessment of security and privacy risks of the Cloud, we have developed ontologies for representing security SLAs (SSLA) in this paper. Our ontologies for SSLAs can be used to understand the security agreements of a provider, to negotiate desired security levels, and to audit the compliance of a provider with respect to federal regulations (such as HIPAA).

[1]  Anoop Singhal,et al.  VULCAN: Vulnerability Assessment Framework for Cloud Computing , 2013, 2013 IEEE 7th International Conference on Software Security and Reliability.

[2]  Rose F. Gamble,et al.  Building a Compliance Vocabulary to Embed Security Controls in Cloud SLAs , 2013, 2013 IEEE Ninth World Congress on Services.

[3]  Gazdaság Payment Card Industry Data Security Standard , 2011 .

[4]  Asit Dan,et al.  Web services agreement specification (ws-agreement) , 2004 .

[5]  Ju An Wang,et al.  OVM: an ontology for vulnerability management , 2009, CSIIRW '09.

[6]  Giuseppe Di Modica,et al.  A Business Ontology to Enable Semantic Matchmaking in Open Cloud Markets , 2012, 2012 Eighth International Conference on Semantics, Knowledge and Grids.

[7]  Ronda R. Henning,et al.  Security service level agreements: quantifiable security for the enterprise? , 1999, NSPW '99.

[8]  Heiko Ludwig,et al.  The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services , 2003, Journal of Network and Systems Management.

[9]  Anthony T. Orr Introduction to the ITIL Service Lifecycle , 2011 .

[10]  Jaideep Srivastava,et al.  An Ontology-Based Integrated Assessment Framework for High-Assurance Systems , 2008, 2008 IEEE International Conference on Semantic Computing.

[11]  B. Monahan,et al.  Meaningful Security SLAs , 2005 .

[12]  Takeshi Takahashi,et al.  Tailored Security: Building Nonrepudiable Security Service-Level Agreements , 2013, IEEE Vehicular Technology Magazine.

[13]  Martin Gilje Jaatun,et al.  Beyond lightning: A survey on security challenges in cloud computing , 2013, Comput. Electr. Eng..