Cloud Computing and Services Science

As the popularity of Cloud computing has grown during the last years, the choice of Cloud Service Provider (CSP) has become an important issue from user’s perspective. Although the Cloud users are more and more concerned about their security in the Cloud and might have some specific security requirements, currently this choice is based on requirements related to the offered Service Level Agreements (SLA) and costs. Most of the CSPs do not provide userunderstandable information regarding the security levels associated with their services, and in this way impede the users to negotiate their security requirements. In other words, the users do not have the technical means in terms of tools and semantics to choose the CSP that best suits their security demands. Industrial efforts on specification of Cloud security parameters in SLAs, also known as “Security Level Agreements” or SecLAs represent the initial steps towards solving this problem. The aim of this paper is to propose a practical approach that enables user-centric negotiation and brokering of Cloud resources. The proposed methodology relies on both the notion of SecLAs for establishing a common semantic between the CSPs and the users, and on a quantitative approach to evaluate the security levels associated with the specific SecLAs. This work is a result of the joint effort spent on the security metrologyrelated techniques being developed by the EU FP7 projects ABC4Trust/ SPECS and, the framework for SLA-based negotiation and Cloud resource brokering proposed by the EU FP7 mOSAIC project. The feasibility of the proposed negotiation approach and its applicability for Cloud Federations is demonstrated in the paper with a real-world case study considering a scenario presented in the FP7 project SPECS. The presented scenario shows the negotiation of a user’s security requirements with respect to a set of CSPs SecLAs, using both the information c © Springer International Publishing Switzerland 2014 M. Helfert et al. (Eds.): CLOSER 2013, CCIS 453, pp. 1–18, 2014. DOI: 10.1007/978-3-319-11561-0 1

[1]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[2]  Marios D. Dikaiakos,et al.  Cloud Computing: Distributed Internet Computing for IT and Scientific Research , 2009, IEEE Internet Computing.

[3]  Ralf Steinmetz,et al.  Will Mobile Cloud Gaming Work? Findings on Latency, Energy, and Cost , 2013 .

[4]  Sujit Dey,et al.  Modeling and Characterizing User Experience in a Cloud Server Based Mobile Gaming Approach , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[5]  Chun-Ying Huang,et al.  Measuring the latency of cloud gaming systems , 2011, ACM Multimedia.

[6]  Andrew S. Tanenbaum,et al.  Computer networks, 4th Edition , 2002 .

[7]  Jan Jürjens,et al.  Model-Based Security Engineering with UML , 2004, FOSAD.

[8]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[9]  Tobias Hoßfeld,et al.  An Evaluation of QoE in Cloud Gaming Based on Subjective Tests , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[10]  Wei Cai,et al.  Multiplayer cloud gaming system with cooperative video sharing , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[11]  Gwendal Simon,et al.  The brewing storm in cloud gaming: A measurement study on cloud to end-user latency , 2012, 2012 11th Annual Workshop on Network and Systems Support for Games (NetGames).

[12]  Philip Ross,et al.  Cloud Computing's Killer App: Gaming , 2009, IEEE Spectrum.

[13]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[14]  Cheng-Hsin Hsu,et al.  GamingAnywhere: an open cloud gaming system , 2013, MMSys.

[15]  Ariel Orda,et al.  Inter-carrier interconnection services: QoS, economics and business issues , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[16]  Kajal T. Claypool,et al.  Latency can kill: precision and deadline in online games , 2010, MMSys '10.

[17]  Raj Jain,et al.  The art of computer systems performance analysis - techniques for experimental design, measurement, simulation, and modeling , 1991, Wiley professional computing.

[18]  David E. Culler,et al.  PlanetLab: an overlay testbed for broad-coverage services , 2003, CCRV.

[19]  XiPeng Xiao,et al.  Technical, Commercial and Regulatory Challenges of QoS: An Internet Service Model Perspective , 2008 .

[20]  Klemens Böhm,et al.  A Security Language for BPMN Process Models , 2011 .

[21]  Albert G. Greenberg,et al.  The cost of a cloud: research problems in data center networks , 2008, CCRV.

[22]  Lars C. Wolf,et al.  Analysis of factors affecting players' performance and perception in multiplayer games , 2005, NetGames '05.

[23]  Andreas Schaad,et al.  Model-driven business process security requirement specification , 2009, J. Syst. Archit..

[24]  Gregor Schiele,et al.  Peer-to-peer support for low-latency Massively Multiplayer Online Games in the cloud , 2009, 2009 8th Annual Workshop on Network and Systems Support for Games (NetGames).

[25]  Juan Li,et al.  Business as a Service Governance in a Cloud Organisation , 2012, I-ESA.

[26]  B. Loganayagi,et al.  Enhanced Cloud Security by Combining Virtualization and Policy Monitoring Techniques , 2012 .