Negotiating and brokering Cloud resources based on Security Level Agreements

Luna, J. and Vateva-Gurova, T. and Suri, Neeraj and Rak, M. and Liccardo, L. (2013) Negotiating and brokering Cloud resources based on Security Level Agreements. In: Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1. SciTePress, pp. 533-541. ISBN 9789898565525

Full text not available from this repository.

Abstract

Cloud users often motivate their choice of Cloud Service Provider (CSP) based on requirements related with the offered Service Level Agreements (SLA) and costs. Unfortunately, while security has started to play an important role in the decision of using the Cloud, it is quite uncommon for CSPs to specify the security levels associated with their services. This often results in users without the means (i.e., tools and semantics) to negotiate their security requirements with CSPs, in order to choose the one that best suits their needs. However, the recent industrial efforts on specification of Cloud security parameters in SLAs, also known as "Security Level Agreements" or SecLAs is a positive development. In this paper we propose a practical approach to enable the user-centric negotiation and brokering of Cloud resources, based on both the common semantic established by the use of SecLAs and, its quantitative evaluation. The contributed techniques and architecture are the result of jointly applying the security metrology-related techniques being developed by the EU FP7 project ABC4Trust and, the framework for SLA-based negotiation and Cloud resource brokering proposed by the EU FP7 mOSAIC project. The proposed negotiation approach is both feasible and well-suited for Cloud Federations, as demonstrated in this paper with a real-world case study. The presented scenario shows the negotiation of a user's security requirements with respect to a set of CSPs SecLAs, using both the information available in the Cloud Security Alliance's "Security, Trust & Assurance Registry" (CSA STAR) and the WS-Agreement standard.

Item Type:
Contribution in Book/Report/Proceedings
Subjects:
?? CLOUD SECURITYRESOURCE BROKERINGSECURITY LEVEL AGREEMENTSSECURITY METRICSSECURITY NEGOTIATIONCLOUD SECURITIESSECURITY LEVEL AGREEMENTSCLOUD COMPUTINGSEMANTICS ??
ID Code:
137513
Deposited By:
Deposited On:
14 Oct 2019 13:46
Refereed?:
Yes
Published?:
Published
Last Modified:
17 Sep 2023 04:06