A Cloud Application for Security Service Level Agreement Evaluation

Valentina Casola, Massimiliano Rak, Giuseppe Alfieri

Abstract

Cloud security is today considered one of the main limits to the adoption of Cloud Computing. Academic works and the Cloud community (e.g., work-groups at the European Network and Information Security Agency, ENISA) have stated that specifying security parameters in Service Level Agreements actually enables the establishment of a common semantic in order to model security among users and Cloud Service providers (CSPs). However, despite the state of the art efforts aiming at building and representing Cloud SecLAs there is still a gap on the techniques to reason about them. Moreover a lot of activities are being carrying out to clearly state which are the parameters to be shared, their meanings and how they affect service provisioning. In this paper we propose to build up a cloud application that is able to offer Security level Evaluation based on SLA expressed in many different ways. Such application can be offered as a service by Third Parties in order to help customers to evaluate the offerings from providers. Furthermore it can be used to help customers to negotiate security parameters in a Multi-Cloud system and perform Cloud brokering on the basis of a quantitative evaluation of security parameters.

References

  1. Amato, A., Liccardo, L., Rak, M., and Venticinque, S. (2012). Sla negotiation and brokering for sky computing. In CLOSER, pages 611-620.
  2. Bajaj, S., Box, D., Chappell, D., Curbera, F., Daniels, G., Hallam-Baker, P., Hondo, M., Kaler, C., Langworthy, D., Nadalin, A., et al. (2006). Web services policy 1.2-framework (ws-policy). W3C Member Submission, 25:12.
  3. Casola, V., Mazzeo, A., Mazzocca, N., and Vittorini, V. (2007a). A policy-based methodology for security evaluation: A security metric for public key infrastructures. Journal of Computer Security, 15(2):197- 229.
  4. Casola, V., Mazzocca, N., Luna, J., Manso, O., and Medina, M. (2007b). Static evaluation of certificate policies for grid pkis interoperability. In Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on, pages 391-399. IEEE.
  5. Della-Libera, G., Gudgin, M., Hallam-Baker, P., Hondo, M., Granqvist, H., Kaler, C., Maruyama, H., McIntosh, M., Nadalin, A., Nagaratnam, N., et al. (2002). Web services security policy language (wssecuritypolicy). Public Draft Specification (Juli 2005).
  6. Liccardo, L., Rak, M., Di Modica, G., and Tomarchio, O. (2012). Ontology-based negotiation of security requirements in cloud. In Computational Aspects of Social Networks (CASoN), 2012 Fourth International Conference on, pages 192-197.
  7. Petcu, D., Craciun, C., Neagul, M., Lazcanotegui, I., and Rak, M. (2011a). Building an interoperability api for sky computing. In High Performance Computing and Simulation (HPCS), 2011 International Conference on, pages 405-411. IEEE.
  8. Petcu, D., Cra?ciun, C., Neagul, M., Panica, S., Di Martino, B., Venticinque, S., Rak, M., and Aversa, R. (2011b). Architecturing a sky computing platform. In Towards a Service-Based Internet. ServiceWave 2010 Workshops, pages 1-13. Springer.
  9. Petcu, D., Craciun, C., and Rak, M. (2011c). Towards a cross platform cloud api. components for cloud federation. In Procs. 1st International Conference on Cloud Computing and Services Science, SciTePressScience and Technology Publications, Portugal, pages 166-169.
Download


Paper Citation


in Harvard Style

Casola V., Rak M. and Alfieri G. (2014). A Cloud Application for Security Service Level Agreement Evaluation . In Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-019-2, pages 299-307. DOI: 10.5220/0004858702990307


in Bibtex Style

@conference{closer14,
author={Valentina Casola and Massimiliano Rak and Giuseppe Alfieri},
title={A Cloud Application for Security Service Level Agreement Evaluation},
booktitle={Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2014},
pages={299-307},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004858702990307},
isbn={978-989-758-019-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - A Cloud Application for Security Service Level Agreement Evaluation
SN - 978-989-758-019-2
AU - Casola V.
AU - Rak M.
AU - Alfieri G.
PY - 2014
SP - 299
EP - 307
DO - 10.5220/0004858702990307