Inclusion of security requirements in SLA lifecycle management for cloud computing

Service Level Agreement (SLA) is an essential tool for managing cloud computing services. The support of the security requirements through SLA is fundamental to achieve the full potential of the cloud computing paradigm. In this paper we present how security requirements are addressed in a cloud computing SLA. Furthermore, a unified SLA lifecycle for cloud computing services is proposed. The relationship between security requirements and the lifecycle proposed is analyzed. Through the analysis, the current cloud computing security requirements scenario for the SLA context is identified in addition to its research opportunities.

[1]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[2]  Neeraj Suri,et al.  Quantitative Assessment of Cloud Security Level Agreements - A Case Study , 2012, SECRYPT.

[3]  Martin Gilje Jaatun,et al.  Security SLAs - An Idea Whose Time Has Come? , 2012, CD-ARES.

[4]  Will Venters,et al.  A critical review of cloud computing: researching desires and realities , 2012, J. Inf. Technol..

[5]  Alexander Shraer,et al.  Verifying cloud services: present and future , 2013, OPSR.

[6]  Marcos A. Simplício,et al.  A Quantitative Analysis of Current Security Concerns and Solutions for Cloud Computing , 2011, CloudCom.

[7]  Ronda R. Henning,et al.  Security service level agreements: quantifiable security for the enterprise? , 1999, NSPW '99.

[8]  Neeraj Suri,et al.  Benchmarking cloud security level agreements using quantitative policy trees , 2012, CCSW '12.

[9]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[10]  Cynthia E. Irvine,et al.  Quality of security service , 2001, NSPW '00.

[11]  Neeraj Suri,et al.  A security metrics framework for the Cloud , 2011, Proceedings of the International Conference on Security and Cryptography.

[12]  Beniamino Di Martino,et al.  An intrusion detection framework for supporting SLA assessment in Cloud Computing , 2012, 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN).

[13]  Michaela Iorga Challenging Security Requirements for US Government Cloud Computing Adoption | NIST , 2012 .

[14]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[15]  Martin Gilje Jaatun,et al.  Expressing Cloud Security Requirements in Deontic Contract Languages , 2012, CLOSER.

[16]  Gordhan B. Jethava,et al.  A Review On SLA And Various Approaches For Efficient Cloud Service Provider Selection , 2012 .

[17]  Christoph Meinel,et al.  Contract-based cloud architecture , 2010, CloudDB '10.

[18]  B. Monahan,et al.  Meaningful Security SLAs , 2005 .

[19]  Christopher C. White,et al.  Focus on Durability, PATH Research at the National Institute of Standards and Technology | NIST , 2001 .

[20]  A. S. Ferreira Uma arquitetura para monitoramento de segurança baseada em acordos de níveis de serviço para nuvens de infraestrutura , 2013 .