Cloud Security: From Per-Provider to Per-Service Security SLAs

2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS) Pub Date : 2016-09-01 DOI:10.1109/INCoS.2016.61

Alessandra De Benedictis, V. Casola, M. Rak, Umberto Villano

{"title":"Cloud Security: From Per-Provider to Per-Service Security SLAs","authors":"Alessandra De Benedictis, V. Casola, M. Rak, Umberto Villano","doi":"10.1109/INCoS.2016.61","DOIUrl":null,"url":null,"abstract":"Cloud Security is still considered one of the main factors inhibiting the diffusion of the Cloud Computing paradigm. Potential Cloud Service Customers (CSCs) do not trust delegating every kind of resources and data to external Cloud Service Providers (CSPs). The problem grows in complexity due to the increasing adoption of complex supply chains: CSPs that offer Sofware-as-a-Service (SaaS) cloud services often do not have their own data centers, but just acquire resources and services from other CSPs. This makes ithard, if not impossible, to ascribe the responsibility of a securityincident. A possible solution is the adoption of Security ServiceLevel Agreements (SLAs): CSPs should deliver services withan SLA that details each guarantee offered in terms of security, and CSCs should be able to compare offerings from differentCSPs and verify that SLAs are respected during service lifecycle. This paper shows how it is possible to build up a per-serviceSecurity SLA in a chain of cloud services, proposing asolution based on a security evaluation technique to comparedifferent cloud service supply chains based on their SecuritySLAs.","PeriodicalId":102056,"journal":{"name":"2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INCoS.2016.61","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Cloud Security is still considered one of the main factors inhibiting the diffusion of the Cloud Computing paradigm. Potential Cloud Service Customers (CSCs) do not trust delegating every kind of resources and data to external Cloud Service Providers (CSPs). The problem grows in complexity due to the increasing adoption of complex supply chains: CSPs that offer Sofware-as-a-Service (SaaS) cloud services often do not have their own data centers, but just acquire resources and services from other CSPs. This makes ithard, if not impossible, to ascribe the responsibility of a securityincident. A possible solution is the adoption of Security ServiceLevel Agreements (SLAs): CSPs should deliver services withan SLA that details each guarantee offered in terms of security, and CSCs should be able to compare offerings from differentCSPs and verify that SLAs are respected during service lifecycle. This paper shows how it is possible to build up a per-serviceSecurity SLA in a chain of cloud services, proposing asolution based on a security evaluation technique to comparedifferent cloud service supply chains based on their SecuritySLAs.

查看原文本刊更多论文

云安全:从每个提供商到每个服务的安全sla

云安全仍然被认为是阻碍云计算范式传播的主要因素之一。潜在的云服务客户(CSCs)不相信将所有类型的资源和数据委托给外部云服务提供商(csp)。由于越来越多地采用复杂的供应链，问题变得越来越复杂:提供软件即服务(SaaS)云服务的云计算服务提供商通常没有自己的数据中心，而只是从其他云计算服务提供商那里获取资源和服务。这使得很难(如果不是不可能的话)确定安全事件的责任。一种可能的解决方案是采用安全服务水平协议(SLA): csp应该在SLA中提供服务，该SLA详细说明了提供的每个安全保证，CSCs应该能够比较来自不同csp的产品，并验证SLA在服务生命周期中得到遵守。本文展示了如何在云服务链中构建每个服务的安全SLA，并提出了一种基于安全评估技术的解决方案，以比较基于其安全性SLA的不同云服务供应链。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS)

自引率

0.00%

发文量