Security as a Service Using an SLA-Based Approach via SPECS

The cloud offers attractive options to migrate corporate applications, without any implication for the corporate security manager to manage or to secure physical resources. While this ease of migration is appealing, several security issues arise: can the validity of corporate legal compliance regulations still be ensured for remote data storage? How is it possible to assess the Cloud Service Provider (CSP) ability to meet corporate security requirements? Can one monitor and enforce the agreed cloud security levels? Unfortunately, no comprehensive solutions exist for these issues. In this context, we introduce a new approach, named SPECS. It aims to offer mechanisms to specify cloud security requirements and to assess the security features offered by CSPs, and to integrate the desired security services (e.g., credential and access management) into cloud services with a Security-as-a-Service approach. Furthermore, SPECS intends to provide systematic approaches to negotiate, to monitor and to enforce the security parameters specified in Service Level Agreements (SLA), to develop and to deploy security services that are cloud SLA-aware and are implemented as an open-source Platform-as-a-Service (PaaS). This paper introduces the main concepts of SPECS.

[1]  Salvatore Venticinque,et al.  User Centric Service Level Management in mOSAIC Applications , 2011, Euro-Par Workshops.

[2]  Nur Izura Udzir,et al.  A Cloud-based Intrusion Detection Service framework , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[3]  Min-Woo Park,et al.  Multi-level Intrusion Detection System and log management in Cloud Computing , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[4]  Salvatore Venticinque,et al.  Experiences in building a mOSAIC of clouds , 2013, Journal of Cloud Computing: Advances, Systems and Applications.

[5]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[6]  Neeraj Suri,et al.  A security metrics framework for the Cloud , 2011, Proceedings of the International Conference on Security and Cryptography.

[7]  Martin Gilje Jaatun,et al.  Expressing Cloud Security Requirements in Deontic Contract Languages , 2012, CLOSER.

[8]  Wolfgang Barth,et al.  Nagios: System and Network Monitoring , 2006 .

[9]  Carla Merkle Westphall,et al.  Intrusion Detection for Grid and Cloud Computing , 2010, IT Professional.

[10]  Roland Kübert,et al.  A RESTful implementation of the WS-agreement specification , 2011, WS-REST '11.

[11]  Siani Pearson,et al.  From Creative Commons to Smart Notices - Designing user Centric Consent Management Systems for the Cloud , 2012, CLOSER.

[12]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[13]  Neeraj Suri,et al.  Quantitative Assessment of Cloud Security Level Agreements - A Case Study , 2012, SECRYPT.

[14]  Ilkka Uusitalo,et al.  Towards wider cloud service applicability by security, privacy and trust measurements , 2010, 2010 4th International Conference on Application of Information and Communication Technologies.

[15]  Rose F. Gamble,et al.  SecAgreement: Advancing Security Risk Calculations in Cloud Services , 2012, 2012 IEEE Eighth World Congress on Services.

[16]  Martin Gilje Jaatun,et al.  Security SLAs for Federated Cloud Services , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[17]  Ronda R. Henning,et al.  Security service level agreements: quantifiable security for the enterprise? , 1999, NSPW '99.

[18]  Jian Lin,et al.  A coordinated architecture for the agent-based service level agreement negotiation of Web service composition , 2006, Australian Software Engineering Conference (ASWEC'06).

[19]  Schahram Dustdar,et al.  Low level Metrics to High level SLAs - LoM2HiS framework: Bridging the gap between monitored metrics and SLA parameters in cloud environments , 2010, 2010 International Conference on High Performance Computing & Simulation.

[20]  Hans Braunschweiler Security as a Service , 1978 .

[21]  Salvatore Venticinque,et al.  Cloud Application Monitoring: The mOSAIC Approach , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[22]  Salvatore Venticinque,et al.  mOSAIC-Based Intrusion Detection Framework for Cloud Computing , 2012, OTM Conferences.

[23]  Antonino Mazzeo,et al.  A SLA evaluation methodology in Service Oriented Architectures , 2006, Quality of Protection.

[24]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[25]  Asit Dan,et al.  Web services agreement specification (ws-agreement) , 2004 .

[26]  Neeraj Suri,et al.  Benchmarking cloud security level agreements using quantitative policy trees , 2012, CCSW '12.

[27]  Rocco Aversa,et al.  A SLA-based interface for security management in cloud and GRID integrations , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[28]  Massimiliano Rak,et al.  Intrusion Tolerance as a Service - A SLA-based Solution , 2012, CLOSER.

[29]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[30]  Zongpeng Li,et al.  sFlow: towards resource-efficient and agile service federation in service overlay networks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..