An approach to security-SLA in cloud computing environment

The lack of novel security controls for the cloud might arise from the fact that Cloud Computing is the convergence of many different technological areas, including Utility Computer, Computational Grid, Autonomous Computing, Virtualization and Service Oriented Architectures. These underlying areas have been independently addressed by existing general-purpose security controls, but we noticed that each current cloud security control was mapped to multiple controls from the existing, general-purpose control frameworks. We also noticed a great demand for not only patterns but also specification, monitoring and security management mechanisms for cloud environments. We reason that this scenario might require a different approach, one where the specification of security controls, geared to meet the needs of services users, may be achieved through the use of Security Service Level Agreement - Security-SLA. Security may then be improved by automating the Security-SLA.

[1]  Ronald L. Krutz,et al.  Cloud Security: A Comprehensive Guide to Secure Cloud Computing , 2010 .

[2]  G. Lewis,et al.  Service Level Agreements in Service-Oriented Architecture Environments , 2008 .

[3]  G. Karagiannis,et al.  Taxonomy of cloud computing services , 2010, 2010 IEEE Globecom Workshops.

[4]  H. D. Rombach,et al.  The Goal Question Metric Approach , 1994 .

[5]  Martin Gilje Jaatun,et al.  Security SLAs - An Idea Whose Time Has Come? , 2012, CD-ARES.

[6]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[7]  Schahram Dustdar,et al.  Low level Metrics to High level SLAs - LoM2HiS framework: Bridging the gap between monitored metrics and SLA parameters in cloud environments , 2010, 2010 International Conference on High Performance Computing & Simulation.

[8]  Boyan Bontchev,et al.  Design of service level agreements for software services , 2009, CompSysTech '09.

[9]  Paulo Lício de Geus,et al.  A methodology for management of cloud computing using security criteria , 2012, 2012 IEEE Latin America Conference on Cloud Computing and Communications (LatinCloud).

[10]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[11]  Ronda R. Henning,et al.  Security service level agreements: quantifiable security for the enterprise? , 1999, NSPW '99.

[12]  Fabio Martinelli,et al.  Formal approach to security metrics.: what does "more secure" mean for you? , 2010, ECSA '10.