On the Adoption of Security SLAs in the Cloud

Can security be provided as-a-Service? Is it possible to cover a security service by a proper Service Level Agreement? This paper tries to reply to these questions by presenting some ongoing research activities from standardization bodies and academia, trying to cope with the open issues in the management of Security Service Level Agreement in its whole life cycle, made of negotiation, enforcement and monitoring phases.

[1]  César A. F. De Rose,et al.  CASViD: Application Level Monitoring for SLA Violation Detection in Clouds , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference.

[2]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[3]  Danny Reinberg,et al.  Overview and Concepts , 2000, Forced Displacement and Human Security in the Former Soviet Union.

[4]  Asit Dan,et al.  Web services agreement specification (ws-agreement) , 2004 .

[5]  Salvatore Venticinque,et al.  Cloud Application Monitoring: The mOSAIC Approach , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[6]  Nicola Mazzocca,et al.  Static evaluation of Certificate Policies for GRID PKIs interoperability , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[7]  Antonino Mazzeo,et al.  A SLA evaluation methodology in Service Oriented Architectures , 2006, Quality of Protection.

[8]  Christine Morin,et al.  Contrail Virtual Execution Platform Challenges in Being Part of a Cloud Federation - (Invited Paper) , 2011, ServiceWave.

[9]  Schahram Dustdar,et al.  Low level Metrics to High level SLAs - LoM2HiS framework: Bridging the gap between monitored metrics and SLA parameters in cloud environments , 2010, 2010 International Conference on High Performance Computing & Simulation.

[10]  Mohamed Almorsy,et al.  Adaptive Security Management in SaaS Applications , 2014 .

[11]  Antonino Mazzeo,et al.  An Innovative Policy-Based Cross Certification Methodology for Public Key Infrastructures , 2005, EuroPKI.

[12]  Valentina Casola,et al.  Preliminary Design of a Platform-as-a-Service to Provide Security in Cloud , 2014, CLOSER.

[13]  Nicola Mazzocca,et al.  An AHP-Based Framework for Quality and Security Evaluation , 2009, 2009 International Conference on Computational Science and Engineering.

[14]  Nicola Mazzocca,et al.  A policy-based evaluation framework for Quality and Security in Service Oriented Architectures , 2007, IEEE International Conference on Web Services (ICWS 2007).

[15]  Jin Tong,et al.  NIST Cloud Computing Reference Architecture , 2011, 2011 IEEE World Congress on Services.

[16]  Valeria Vittorini,et al.  A policy-based methodology for security evaluation: A Security Metric for Public Key Infrastructures , 2007, J. Comput. Secur..