Skip to main content
Top

2018 | OriginalPaper | Chapter

Managing the Lifecycle of Security SLA Requirements in Cloud Computing

Authors : Marco Antonio Torrez Rojas, Fernando Frota Redígolo, Nelson Mimura Gonzalez, Fernando Vilgino Sbampato, Tereza Cristina Melo de Brito Carvalho, Kazi Walli Ullah, Mats Näslund, Abu Shohel Ahmed

Published in: Developments and Advances in Intelligent Systems and Applications

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

One of the major barriers for full adoption of cloud computing is the security issue. As the cloud computing paradigm presents a shared management vision, it is important that security requirements are addressed inside the Service Level Agreements (SLAs) established between cloud providers and consumers, along with the tools and mechanisms necessary to deal with these requirements. This work aims at proposing a framework to orchestrate the management of cloud services and security mechanisms based on the security requirements defined by a SLA, in an automated manner, throughout their lifecycles. In addition, the integration of the framework with a cloud computing solution is presented, in order to demonstrate and validate the framework support throughout SLAs lifecycle phases.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
3.
go back to reference Bishop, M.A.: Computer Security: Art and Science. Addison-Wesley Professional (2002) Bishop, M.A.: Computer Security: Art and Science. Addison-Wesley Professional (2002)
4.
go back to reference Bouchenak, S., Chockler, G., Chockler, H., Gheorghe, G., Santos, N., Shraer, A.: Verifying cloud services: present and future. SIGOPS Oper. Syst. Rev. 47(2), 6–19 (2013). doi:10.1145/2506164.2506167 Bouchenak, S., Chockler, G., Chockler, H., Gheorghe, G., Santos, N., Shraer, A.: Verifying cloud services: present and future. SIGOPS Oper. Syst. Rev. 47(2), 6–19 (2013). doi:10.​1145/​2506164.​2506167
5.
go back to reference Bowen, P., Hash, J., Wilson, A.: Information security handbook: a guide for managers. Technical Report 800-100, National Institute of Standards and Technology (NIST) (2006) Bowen, P., Hash, J., Wilson, A.: Information security handbook: a guide for managers. Technical Report 800-100, National Institute of Standards and Technology (NIST) (2006)
9.
go back to reference Dekker, M., Hogben, G.: Survey and analysis of security parameters in cloud slas across the european public sector. Technical report, ENISA—European Network and Information Security Agency (2011). http://www.enisa.europa.eu Dekker, M., Hogben, G.: Survey and analysis of security parameters in cloud slas across the european public sector. Technical report, ENISA—European Network and Information Security Agency (2011). http://​www.​enisa.​europa.​eu
10.
go back to reference Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13(2), 113–170 (2014). doi:10.1007/s10207-013-0208-7 Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13(2), 113–170 (2014). doi:10.​1007/​s10207-013-0208-7
11.
go back to reference Ferreira, A.S.: Uma arquitetura para monitoramento de segurança baseada em acordos de níveis de serviço para nuvens de infraestrutura. Instituto de Computação, Universidade Estadual de Campinas, UNICAMP, Dissertação de mestrado (2013) Ferreira, A.S.: Uma arquitetura para monitoramento de segurança baseada em acordos de níveis de serviço para nuvens de infraestrutura. Instituto de Computação, Universidade Estadual de Campinas, UNICAMP, Dissertação de mestrado (2013)
13.
go back to reference Gonzalez, N.M., Miers, C., Redigolo, F.F., Carvalho, T.C.M.B., Jr., M.A.S., Nslund, M., Pourzandi, M.: A quantitative analysis of current security concerns and solutions for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 11(1), 1–18 (2012) Gonzalez, N.M., Miers, C., Redigolo, F.F., Carvalho, T.C.M.B., Jr., M.A.S., Nslund, M., Pourzandi, M.: A quantitative analysis of current security concerns and solutions for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 11(1), 1–18 (2012)
14.
go back to reference Henning, R.R.: Security service level agreements: quantifiable security for the enterprise? In: Kienzle, D.M., Zurbo, M.E., Greenwald, S.J., Serbau, C. (eds.) NSPW, pp. 54–60. ACM (1999) Henning, R.R.: Security service level agreements: quantifiable security for the enterprise? In: Kienzle, D.M., Zurbo, M.E., Greenwald, S.J., Serbau, C. (eds.) NSPW, pp. 54–60. ACM (1999)
15.
go back to reference Hogben, G., Dekker, M.: Procure secure: a guide to monitoring of security service levels in cloud contracts. Technical report, ENISA—European Network and Information Security Agency (2012). http://www.enisa.europa.eu Hogben, G., Dekker, M.: Procure secure: a guide to monitoring of security service levels in cloud contracts. Technical report, ENISA—European Network and Information Security Agency (2012). http://​www.​enisa.​europa.​eu
16.
go back to reference Huang, W., Ganjali, A., Kim, B.H., Oh, S., Lie, D.: The state of public infrastructure-as-a-service cloud security. ACM Comput. Surv. 47(4), 68:1–68:31 (2015). doi:10.1145/2767181 Huang, W., Ganjali, A., Kim, B.H., Oh, S., Lie, D.: The state of public infrastructure-as-a-service cloud security. ACM Comput. Surv. 47(4), 68:1–68:31 (2015). doi:10.​1145/​2767181
18.
go back to reference Jaatun, M., Bernsmed, K., Undheim, A.: Security slas an idea whose time has come? In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) Multidisciplinary Research and Practice for Information Systems. Lecture Notes in Computer Science, vol. 7465, pp. 123–130. Springer, Berlin Heidelberg (2012)CrossRef Jaatun, M., Bernsmed, K., Undheim, A.: Security slas an idea whose time has come? In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) Multidisciplinary Research and Practice for Information Systems. Lecture Notes in Computer Science, vol. 7465, pp. 123–130. Springer, Berlin Heidelberg (2012)CrossRef
19.
go back to reference Jegou, Y., Harsh, P., Cascella, R., Dudouet, F., Morin, C.: Managing ovf applications under sla constraints on contrail virtual execution platform. Network and service management (CNSM). 2012 8th International Conference and 2012 Workshop on Systems Virtualiztion Management (svm), pp. 399–405. Las Vegas, NV (2012) Jegou, Y., Harsh, P., Cascella, R., Dudouet, F., Morin, C.: Managing ovf applications under sla constraints on contrail virtual execution platform. Network and service management (CNSM). 2012 8th International Conference and 2012 Workshop on Systems Virtualiztion Management (svm), pp. 399–405. Las Vegas, NV (2012)
21.
go back to reference Kandukuri, B.R., Paturi, V., Rakshit, A.: Cloud security issues. In: IEEE International Conference on Services Computing, 2009. SCC ’09, pp. 517–520 (2009) Kandukuri, B.R., Paturi, V., Rakshit, A.: Cloud security issues. In: IEEE International Conference on Services Computing, 2009. SCC ’09, pp. 517–520 (2009)
24.
go back to reference Luna, J., Langenberg, R., Suri, N.: Benchmarking cloud security level agreements using quantitative policy trees. In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, CCSW ’12, pp. 103–112. ACM, New York, NY, USA (2012). doi:10.1145/2381913.2381932 Luna, J., Langenberg, R., Suri, N.: Benchmarking cloud security level agreements using quantitative policy trees. In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, CCSW ’12, pp. 103–112. ACM, New York, NY, USA (2012). doi:10.​1145/​2381913.​2381932
29.
go back to reference Patel, S.G., Jethava, G.B.: A review on sla and various approaches for efficient cloud service provider selection. Int. J. Eng. Res. Technol. 1(1) (2012) Patel, S.G., Jethava, G.B.: A review on sla and various approaches for efficient cloud service provider selection. Int. J. Eng. Res. Technol. 1(1) (2012)
30.
go back to reference Rak, M., Liccardo, L., Aversa, R.: A sla-based interface for security management in cloud and grid integrations. In: 2011 7th International Conference on Information Assurance and Security (IAS), pp. 378–383 (2011) Rak, M., Liccardo, L., Aversa, R.: A sla-based interface for security management in cloud and grid integrations. In: 2011 7th International Conference on Information Assurance and Security (IAS), pp. 378–383 (2011)
31.
go back to reference Rojas, M.A.T., Gonzalez, N.M., Sbampato, F., Redigolo, F., de Brito Carvalho, T.C.M., Nguyen, K.K., Cheriet, M.: Inclusion of security requirements in sla lifecycle management for cloud computing. In: 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), pp. 7–12 (2015). doi:10.1109/ESPRE.2015.7330161 Rojas, M.A.T., Gonzalez, N.M., Sbampato, F., Redigolo, F., de Brito Carvalho, T.C.M., Nguyen, K.K., Cheriet, M.: Inclusion of security requirements in sla lifecycle management for cloud computing. In: 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), pp. 7–12 (2015). doi:10.​1109/​ESPRE.​2015.​7330161
32.
go back to reference Rojas, M.A.T., Gonzalez, N.M., Sbampato, F.V., Redgolo, F.F., Carvalho, T., Ullah, K.W., Nslund, M., Ahmed, A.S.: A framework to orchestrate security sla lifecycle in cloud computing. In: 2016 11th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–7 (2016). doi:10.1109/CISTI.2016.7521372 Rojas, M.A.T., Gonzalez, N.M., Sbampato, F.V., Redgolo, F.F., Carvalho, T., Ullah, K.W., Nslund, M., Ahmed, A.S.: A framework to orchestrate security sla lifecycle in cloud computing. In: 2016 11th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–7 (2016). doi:10.​1109/​CISTI.​2016.​7521372
33.
go back to reference Schnjakin, M., Alnemr, R., Meinel, C.: Contract-based cloud architecture. In: Proceedings of the Second International Workshop on Cloud Data Management, CloudDB ’10, pp. 33–40. ACM, New York, NY, USA (2010). doi:10.1145/1871929.1871936 Schnjakin, M., Alnemr, R., Meinel, C.: Contract-based cloud architecture. In: Proceedings of the Second International Workshop on Cloud Data Management, CloudDB ’10, pp. 33–40. ACM, New York, NY, USA (2010). doi:10.​1145/​1871929.​1871936
34.
go back to reference Silva, C.A.D., Ferreira, A.S., Geus, P.L.D.: A methodology for management of cloud computing using security criteria. In: 1st Latin American Conference on Cloud Computing and Communications (LatinCloud), pp. 49–54. IEEE, Porto Alegre, Brasil (2012) Silva, C.A.D., Ferreira, A.S., Geus, P.L.D.: A methodology for management of cloud computing using security criteria. In: 1st Latin American Conference on Cloud Computing and Communications (LatinCloud), pp. 49–54. IEEE, Porto Alegre, Brasil (2012)
35.
go back to reference Stoneburner, G.: Underlying technical models for information technology security. Technical Report 800-33, National Institute of Standards and Technology (NIST) (2001) Stoneburner, G.: Underlying technical models for information technology security. Technical Report 800-33, National Institute of Standards and Technology (NIST) (2001)
36.
go back to reference Ulla, K.W.: Automated Security Compliance Tool for the Cloud. Department of Telematics, Norwegian University of Science and Technology, NTNU, Master (2012) Ulla, K.W.: Automated Security Compliance Tool for the Cloud. Department of Telematics, Norwegian University of Science and Technology, NTNU, Master (2012)
37.
go back to reference Venters, W., Whitley, E.A.: A critical review of cloud computing: researching desires and realities. JIT 27(3), 179–197 (2012) Venters, W., Whitley, E.A.: A critical review of cloud computing: researching desires and realities. JIT 27(3), 179–197 (2012)
Metadata
Title
Managing the Lifecycle of Security SLA Requirements in Cloud Computing
Authors
Marco Antonio Torrez Rojas
Fernando Frota Redígolo
Nelson Mimura Gonzalez
Fernando Vilgino Sbampato
Tereza Cristina Melo de Brito Carvalho
Kazi Walli Ullah
Mats Näslund
Abu Shohel Ahmed
Copyright Year
2018
DOI
https://doi.org/10.1007/978-3-319-58965-7_9

Premium Partner