Expressing cloud security requirements in deontic contract languages

CLOSER 2012 - Proceedings of the 2nd International Conference on Cloud Computing and Services Science

Volumn , Issue , 2012, Pages 638-646

  Meland, Per Håkon ^a   Bernsmed, Karin ^a   Jaatun, Martin Gilje ^a   Undheim, Astrid ^b   Castejon, Humberto ^b  

^a SINTEF ICT   (Norway)

^b TELENOR RESEARCH   (Norway)

Author keywords

Brokering; Cloud computing; Contracts; Requirements; Security; SLAs

Indexed keywords

CLOUD SECURITY;

BROKERING; CLOUD SECURITIES; CLOUD-COMPUTING; CONTRACT LANGUAGES; DEONTIC; NATURAL LANGUAGES; REQUIREMENT; SECURITY; SECURITY REQUIREMENTS; SLA;

CRYPTOGRAPHY;

EID: 84864886883     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (28)

1. Aktug, I. and Naliuka, K. (2008). Conspec - a formal language for policy specification. Electron. Notes Theor. Comput. Sci., 197:45-58.
2. Andrieux, A., Czajkowski, K., Dan, A., Keahey, K., Ludwig, H., Nakata, T., Pruyne, J., Rofrano, J., Tuecke, S., and Xu, M. (2003). Web Services Agreement Specification (WS-Agreement). https://forge.gridforum.org/projects/ graap-wg/.
3. Aniketos Consortium (2012). Aniketos - ensuring trustworthinesss and security in service composition. http://www.aniketos.eu/.
4. Cranor, L. F. (2003). P3P: making privacy policies more useful. Security & Privacy, IEEE, 1(6):50-55.
5. Cranor, L. F., Langheinrich, M., and Marchiori, M. (2002). A P3P Preference Exchange Language 1.0 (AP-PEL1.0). World Wide Web Consortium.
6. Dwivedi, V. and Padmanabhuni, S. (2008). Providing Web Services Security SLA Guarantees: Issues and Approaches. In Khan, K. M., editor, Managing Web service quality: measuring outcomes and effectiveness, chapter 13, pages 286-305. IGI Global.
7. Egelman, S., Cranor, L. F., and Chowdhury, A. (2006). An analysis of P3P-enabled web sites among top-20 search results. In Proceedings of the 8th int. conf. on Electronic commerce, ICEC '06, pages 197-207.
8. ENISA (2009). Cloud Computing: Benefits, risks and recommendations for information security. European Network and Information Security Agency.
9. Erlingsson, U. (2004). The inlined reference monitor approach to security policy enforcement. PhD thesis, Cornell University.
10. Farrell, A. D. H., Sergot, M. J., Trastour, D., and Christodoulou, A. (2004). Performance monitoring of service-level agreements for utility computing using the event calculus. In Proc. First IEEE Int. WS on Electronic Contracting, pages 17-24.
11. Finnegan, J., Malone, P., Maranon, A., and Guillen, P. (2007). Contract modelling for digital business ecosystems. In Digital EcoSystems and Technologies Conference, 2007. DEST '07., pages 71-76.
12. Gartner (2011). Public Cloud Services, Worldwide and Regions, Industry Sectors, 2010-2015, 2011 Update. http://softwarestrategiesblog.com/2011/07/02/ sizingthe-public-cloud-services-market/.
13. Governatori, G. and Milosevic, Z. (2006). A formal analysis of a business contract language. Int. J. Cooperative Inf. Syst., 15(4):659-685.
14. Greci, P., Martinelli, F., and Matteucci, I. (2009). A framework for contract-policy matching based on symbolic simulations for securing mobile device application. In Leveraging Applications of Formal Methods, Verification and Validation, volume 17 of Communications in Computer and Information Science, pages 221-236. Springer. 10.1007/978-3-540-88479-8 16.
15. IBM (2009). General considerations for setting up security for presence server. http://publib.boulder.ibm.com/infocenter/wtelecom/v7r0m0/index.jsp? topic=/com.ibm.presence.plan.doc/generalsecurity c.html.
16. Leff, L. and Meyer, P. (2007). eContracts Version 1.0. Technical report, OASIS. http://docs.oasis-open.org/legalxml-econtracts.
17. Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., and Leaf, D. (2011). NIST Cloud Computing Reference Architecture. NIST Special Publication 500-292.
18. Nepal, S., Zic, J., and Chen, S. (2009). A contract language for service-oriented dynamic collaborations. In Collaborative Computing: Networking, Applications and Worksharing, volume 10 of LNICST, pages 545-562. Springer. 10.1007/978-3-642-03354-4 41.
19. OASIS (2005). eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Open. http://docs.oasis-open.org/xacml/2.0/accesscontrolxacml-2.0- core-spec-os.pdf.
20. Paschke, A. (2005). RBSLA - A declarative Rule-based Service Level Agreement Language based on RuleML. In Int. Conf. Comp. Intelligence for Modelling, Control and Automation, and Intelligent Agents, Web Tech. and Internet Commerce, volume 2, pages 308-314.
21. Pearson, S. and Charlesworth, A. (2009). Accountability as a way forward for privacy protection in the cloud. In Proc. 1st International Conference on Cloud Computing, CloudCom '09, pages 131-144. Springer.
22. PrimeLife Consortium (2012). Primelife - privacy and identity management in europe for life. http://www.primelife.eu/.
23. Ragget, D. et al (2009). H5.3.2 - Draft 2nd Design for Policy Languages and Protocols. Technical report, The PrimeLife project.
24. RuleML (2012). The Rule Markup Initiative. http://www.ruleml.org.
25. Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J., Polk, J., and Rosenberg, J. (2007). Common Policy: A Document Format for Expressing Privacy Preferences. Request For Comments 4745 http://tools.ietf.org/html/rfc4745.
26. Wang, X. (2010). Specifying the business collaboration framework in the Contract Expression Language. International Journal of Business Process Integration and Management, 4(3):200-208.
27. WSLA (2003). Web Service Level Agreements (WSLA) Project. http://www.research.ibm.com/wsla/.
28. Yagüe, M. I. (2006). Survey on XML-Based Policy Languages for Open Environments. Journal of Information Assurance and Security, 1(1):11-20.