SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING

Karin Bernsmed, Martin Gilje Jaatun, Astrid Undheim

Abstract

The Cloud computing paradigm promises reliable services, accessible from anywhere in the world, in an on-demand manner. Insufficient security has been identified as a major obstacle to adopting Cloud services. To deal with the risks associated with outsourcing data and applications to the Cloud, new methods for security assurance are urgently needed. This paper presents a framework for security in Service Level Agreements for Cloud computing. The purpose is twofold; to help potential Cloud customers to identify necessary protection mechanisms and, in the next step, to facilitate automatic service composition based on a set of predefined security requirements. We demonstrate the practical applicability of the first objective with a small case study.

References

  1. Casola, V., Mazzeo, A., Mazzocca, N., and Rak, M. (2006). A SLA evaluation methodology in Service Oriented Architectures. In Gollmann, D., Massacci, F., and Yautsiukhin, A., editors, Quality of Protection, volume 23 of Advances in Information Security, pages 119-130. Springer US.
  2. Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., and Zamboni, D. (2009). Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security, CCSW 7809, pages 97-102, New York, NY, USA. ACM.
  3. De Chaves, S. A., Westphall, C. B., and Lamin, F. R. (2010). SLA Perspective in Security Management for Cloud Computing. In Proceeding of the 2010 Sixth International Conference on Networking and Services, pages 212-217. IEEE.
  4. European Network and Information Security Agency (ENISA) (2009). Cloud Computing: Benefits, risks and recommendations for information security.
  5. Frankova, G. and Yautsiukhin, A. (2007). Service and protection level agreements for business processes. In Young Researchers Workshop on Service.
  6. Heiser, J. and Nicolett, M. (2008). Assessing the Security Risks of Cloud Computing.
  7. Henning, R. R. (2000). Security service level agreements: quantifiable security for the enterprise? In Proceedings of the 1999 workshop on New security paradigms, NSPW 7899, pages 54-60, New York, NY, USA. ACM.
Download


Paper Citation


in Harvard Style

Bernsmed K., Gilje Jaatun M. and Undheim A. (2011). SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING . In Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8425-52-2, pages 636-642. DOI: 10.5220/0003391606360642


in Bibtex Style

@conference{closer11,
author={Karin Bernsmed and Martin Gilje Jaatun and Astrid Undheim},
title={SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING},
booktitle={Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2011},
pages={636-642},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003391606360642},
isbn={978-989-8425-52-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING
SN - 978-989-8425-52-2
AU - Bernsmed K.
AU - Gilje Jaatun M.
AU - Undheim A.
PY - 2011
SP - 636
EP - 642
DO - 10.5220/0003391606360642