Skip to main content

2018 | OriginalPaper | Buchkapitel

Managing the Lifecycle of Security SLA Requirements in Cloud Computing

verfasst von : Marco Antonio Torrez Rojas, Fernando Frota Redígolo, Nelson Mimura Gonzalez, Fernando Vilgino Sbampato, Tereza Cristina Melo de Brito Carvalho, Kazi Walli Ullah, Mats Näslund, Abu Shohel Ahmed

Erschienen in: Developments and Advances in Intelligent Systems and Applications

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

One of the major barriers for full adoption of cloud computing is the security issue. As the cloud computing paradigm presents a shared management vision, it is important that security requirements are addressed inside the Service Level Agreements (SLAs) established between cloud providers and consumers, along with the tools and mechanisms necessary to deal with these requirements. This work aims at proposing a framework to orchestrate the management of cloud services and security mechanisms based on the security requirements defined by a SLA, in an automated manner, throughout their lifecycles. In addition, the integration of the framework with a cloud computing solution is presented, in order to demonstrate and validate the framework support throughout SLAs lifecycle phases.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
3.
Zurück zum Zitat Bishop, M.A.: Computer Security: Art and Science. Addison-Wesley Professional (2002) Bishop, M.A.: Computer Security: Art and Science. Addison-Wesley Professional (2002)
4.
Zurück zum Zitat Bouchenak, S., Chockler, G., Chockler, H., Gheorghe, G., Santos, N., Shraer, A.: Verifying cloud services: present and future. SIGOPS Oper. Syst. Rev. 47(2), 6–19 (2013). doi:10.1145/2506164.2506167 Bouchenak, S., Chockler, G., Chockler, H., Gheorghe, G., Santos, N., Shraer, A.: Verifying cloud services: present and future. SIGOPS Oper. Syst. Rev. 47(2), 6–19 (2013). doi:10.​1145/​2506164.​2506167
5.
Zurück zum Zitat Bowen, P., Hash, J., Wilson, A.: Information security handbook: a guide for managers. Technical Report 800-100, National Institute of Standards and Technology (NIST) (2006) Bowen, P., Hash, J., Wilson, A.: Information security handbook: a guide for managers. Technical Report 800-100, National Institute of Standards and Technology (NIST) (2006)
9.
Zurück zum Zitat Dekker, M., Hogben, G.: Survey and analysis of security parameters in cloud slas across the european public sector. Technical report, ENISA—European Network and Information Security Agency (2011). http://www.enisa.europa.eu Dekker, M., Hogben, G.: Survey and analysis of security parameters in cloud slas across the european public sector. Technical report, ENISA—European Network and Information Security Agency (2011). http://​www.​enisa.​europa.​eu
10.
Zurück zum Zitat Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13(2), 113–170 (2014). doi:10.1007/s10207-013-0208-7 Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13(2), 113–170 (2014). doi:10.​1007/​s10207-013-0208-7
11.
Zurück zum Zitat Ferreira, A.S.: Uma arquitetura para monitoramento de segurança baseada em acordos de níveis de serviço para nuvens de infraestrutura. Instituto de Computação, Universidade Estadual de Campinas, UNICAMP, Dissertação de mestrado (2013) Ferreira, A.S.: Uma arquitetura para monitoramento de segurança baseada em acordos de níveis de serviço para nuvens de infraestrutura. Instituto de Computação, Universidade Estadual de Campinas, UNICAMP, Dissertação de mestrado (2013)
13.
Zurück zum Zitat Gonzalez, N.M., Miers, C., Redigolo, F.F., Carvalho, T.C.M.B., Jr., M.A.S., Nslund, M., Pourzandi, M.: A quantitative analysis of current security concerns and solutions for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 11(1), 1–18 (2012) Gonzalez, N.M., Miers, C., Redigolo, F.F., Carvalho, T.C.M.B., Jr., M.A.S., Nslund, M., Pourzandi, M.: A quantitative analysis of current security concerns and solutions for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 11(1), 1–18 (2012)
14.
Zurück zum Zitat Henning, R.R.: Security service level agreements: quantifiable security for the enterprise? In: Kienzle, D.M., Zurbo, M.E., Greenwald, S.J., Serbau, C. (eds.) NSPW, pp. 54–60. ACM (1999) Henning, R.R.: Security service level agreements: quantifiable security for the enterprise? In: Kienzle, D.M., Zurbo, M.E., Greenwald, S.J., Serbau, C. (eds.) NSPW, pp. 54–60. ACM (1999)
15.
Zurück zum Zitat Hogben, G., Dekker, M.: Procure secure: a guide to monitoring of security service levels in cloud contracts. Technical report, ENISA—European Network and Information Security Agency (2012). http://www.enisa.europa.eu Hogben, G., Dekker, M.: Procure secure: a guide to monitoring of security service levels in cloud contracts. Technical report, ENISA—European Network and Information Security Agency (2012). http://​www.​enisa.​europa.​eu
16.
Zurück zum Zitat Huang, W., Ganjali, A., Kim, B.H., Oh, S., Lie, D.: The state of public infrastructure-as-a-service cloud security. ACM Comput. Surv. 47(4), 68:1–68:31 (2015). doi:10.1145/2767181 Huang, W., Ganjali, A., Kim, B.H., Oh, S., Lie, D.: The state of public infrastructure-as-a-service cloud security. ACM Comput. Surv. 47(4), 68:1–68:31 (2015). doi:10.​1145/​2767181
18.
Zurück zum Zitat Jaatun, M., Bernsmed, K., Undheim, A.: Security slas an idea whose time has come? In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) Multidisciplinary Research and Practice for Information Systems. Lecture Notes in Computer Science, vol. 7465, pp. 123–130. Springer, Berlin Heidelberg (2012)CrossRef Jaatun, M., Bernsmed, K., Undheim, A.: Security slas an idea whose time has come? In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) Multidisciplinary Research and Practice for Information Systems. Lecture Notes in Computer Science, vol. 7465, pp. 123–130. Springer, Berlin Heidelberg (2012)CrossRef
19.
Zurück zum Zitat Jegou, Y., Harsh, P., Cascella, R., Dudouet, F., Morin, C.: Managing ovf applications under sla constraints on contrail virtual execution platform. Network and service management (CNSM). 2012 8th International Conference and 2012 Workshop on Systems Virtualiztion Management (svm), pp. 399–405. Las Vegas, NV (2012) Jegou, Y., Harsh, P., Cascella, R., Dudouet, F., Morin, C.: Managing ovf applications under sla constraints on contrail virtual execution platform. Network and service management (CNSM). 2012 8th International Conference and 2012 Workshop on Systems Virtualiztion Management (svm), pp. 399–405. Las Vegas, NV (2012)
21.
Zurück zum Zitat Kandukuri, B.R., Paturi, V., Rakshit, A.: Cloud security issues. In: IEEE International Conference on Services Computing, 2009. SCC ’09, pp. 517–520 (2009) Kandukuri, B.R., Paturi, V., Rakshit, A.: Cloud security issues. In: IEEE International Conference on Services Computing, 2009. SCC ’09, pp. 517–520 (2009)
24.
Zurück zum Zitat Luna, J., Langenberg, R., Suri, N.: Benchmarking cloud security level agreements using quantitative policy trees. In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, CCSW ’12, pp. 103–112. ACM, New York, NY, USA (2012). doi:10.1145/2381913.2381932 Luna, J., Langenberg, R., Suri, N.: Benchmarking cloud security level agreements using quantitative policy trees. In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, CCSW ’12, pp. 103–112. ACM, New York, NY, USA (2012). doi:10.​1145/​2381913.​2381932
29.
Zurück zum Zitat Patel, S.G., Jethava, G.B.: A review on sla and various approaches for efficient cloud service provider selection. Int. J. Eng. Res. Technol. 1(1) (2012) Patel, S.G., Jethava, G.B.: A review on sla and various approaches for efficient cloud service provider selection. Int. J. Eng. Res. Technol. 1(1) (2012)
30.
Zurück zum Zitat Rak, M., Liccardo, L., Aversa, R.: A sla-based interface for security management in cloud and grid integrations. In: 2011 7th International Conference on Information Assurance and Security (IAS), pp. 378–383 (2011) Rak, M., Liccardo, L., Aversa, R.: A sla-based interface for security management in cloud and grid integrations. In: 2011 7th International Conference on Information Assurance and Security (IAS), pp. 378–383 (2011)
31.
Zurück zum Zitat Rojas, M.A.T., Gonzalez, N.M., Sbampato, F., Redigolo, F., de Brito Carvalho, T.C.M., Nguyen, K.K., Cheriet, M.: Inclusion of security requirements in sla lifecycle management for cloud computing. In: 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), pp. 7–12 (2015). doi:10.1109/ESPRE.2015.7330161 Rojas, M.A.T., Gonzalez, N.M., Sbampato, F., Redigolo, F., de Brito Carvalho, T.C.M., Nguyen, K.K., Cheriet, M.: Inclusion of security requirements in sla lifecycle management for cloud computing. In: 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), pp. 7–12 (2015). doi:10.​1109/​ESPRE.​2015.​7330161
32.
Zurück zum Zitat Rojas, M.A.T., Gonzalez, N.M., Sbampato, F.V., Redgolo, F.F., Carvalho, T., Ullah, K.W., Nslund, M., Ahmed, A.S.: A framework to orchestrate security sla lifecycle in cloud computing. In: 2016 11th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–7 (2016). doi:10.1109/CISTI.2016.7521372 Rojas, M.A.T., Gonzalez, N.M., Sbampato, F.V., Redgolo, F.F., Carvalho, T., Ullah, K.W., Nslund, M., Ahmed, A.S.: A framework to orchestrate security sla lifecycle in cloud computing. In: 2016 11th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–7 (2016). doi:10.​1109/​CISTI.​2016.​7521372
33.
Zurück zum Zitat Schnjakin, M., Alnemr, R., Meinel, C.: Contract-based cloud architecture. In: Proceedings of the Second International Workshop on Cloud Data Management, CloudDB ’10, pp. 33–40. ACM, New York, NY, USA (2010). doi:10.1145/1871929.1871936 Schnjakin, M., Alnemr, R., Meinel, C.: Contract-based cloud architecture. In: Proceedings of the Second International Workshop on Cloud Data Management, CloudDB ’10, pp. 33–40. ACM, New York, NY, USA (2010). doi:10.​1145/​1871929.​1871936
34.
Zurück zum Zitat Silva, C.A.D., Ferreira, A.S., Geus, P.L.D.: A methodology for management of cloud computing using security criteria. In: 1st Latin American Conference on Cloud Computing and Communications (LatinCloud), pp. 49–54. IEEE, Porto Alegre, Brasil (2012) Silva, C.A.D., Ferreira, A.S., Geus, P.L.D.: A methodology for management of cloud computing using security criteria. In: 1st Latin American Conference on Cloud Computing and Communications (LatinCloud), pp. 49–54. IEEE, Porto Alegre, Brasil (2012)
35.
Zurück zum Zitat Stoneburner, G.: Underlying technical models for information technology security. Technical Report 800-33, National Institute of Standards and Technology (NIST) (2001) Stoneburner, G.: Underlying technical models for information technology security. Technical Report 800-33, National Institute of Standards and Technology (NIST) (2001)
36.
Zurück zum Zitat Ulla, K.W.: Automated Security Compliance Tool for the Cloud. Department of Telematics, Norwegian University of Science and Technology, NTNU, Master (2012) Ulla, K.W.: Automated Security Compliance Tool for the Cloud. Department of Telematics, Norwegian University of Science and Technology, NTNU, Master (2012)
37.
Zurück zum Zitat Venters, W., Whitley, E.A.: A critical review of cloud computing: researching desires and realities. JIT 27(3), 179–197 (2012) Venters, W., Whitley, E.A.: A critical review of cloud computing: researching desires and realities. JIT 27(3), 179–197 (2012)
Metadaten
Titel
Managing the Lifecycle of Security SLA Requirements in Cloud Computing
verfasst von
Marco Antonio Torrez Rojas
Fernando Frota Redígolo
Nelson Mimura Gonzalez
Fernando Vilgino Sbampato
Tereza Cristina Melo de Brito Carvalho
Kazi Walli Ullah
Mats Näslund
Abu Shohel Ahmed
Copyright-Jahr
2018
DOI
https://doi.org/10.1007/978-3-319-58965-7_9