Quantitative assessment of Cloud Security Level Agreements: A case study

SECRYPT 2012 - Proceedings of the International Conference on Security and Cryptography

Volumn , Issue , 2012, Pages 64-73

  Luna, Jesus ^a   Ghani, Hamza ^a   Vateva, Tsvetoslava ^a   Suri, Neeraj ^a  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

Author keywords

Cloud security; Security assessment; Security benchmarks; Security level agreements; Security metrics

Indexed keywords

CLOUD SERVICES; INFORMED DECISION; QUANTITATIVE ASSESSMENTS; SECURITY ASSESSMENT; SECURITY ASSURANCE; SECURITY BENCHMARKS; SECURITY LEVEL; SECURITY METRICS; SERVICE LEVEL AGREEMENTS;

REGULATORY COMPLIANCE;

CRYPTOGRAPHY;

EID: 84867660680     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (31)

1. Almorsy, M., et.al. (2011). Collaboration-Based Cloud Computing Security Management Framework. In Proc. of the IEEE International Conference on Cloud Computing, pages 364-371.
2. Andrieux, K., et.al. Web Services Agreement Specification (WS-Agreement). Technical Report TRWSAgreement-2007, Open Grid Forum.
3. Bernsmed, K., et.al. (2011). Security SLAs for Federated Cloud Services. In Proc. of the IEEE Sixth International Conference on Availability, Reliability and Security, pages 202-209.
4. Boyle K., et.al. (2010). The CIS security metrics. Technical Report TR-28, Center for Internet Security.
5. Casola V., et.al. (2005). A Reference Model for Security Level Evaluation: Policy and Fuzzy Techniques. Journal of Universal Computer Science, pages 150-174.
6. Casola V., et.al. (2006). A SLA evaluation methodology in Service Oriented Architectures. In Quality of Protection, volume 23 of Springer Advances in Information Security, pages 119-130.
7. Casola, V., et.al. (2007). Interoperable Grid PKIs Among Untrusted Domains: An Architectural Proposal. In Advances in Grid and Pervasive Computing, volume 4459 of Springer Lecture Notes in Computer Science, pages 39-51.
8. Casola, V. et.al. (2007). Static evaluation of Certificate Policies for Grid PKIs interoperability. In Proc. of the IEEE Second International Conference on Availability, Reliability and Security, pages 391-399.
9. Center for Internet Security (2009). User Guide for CISCAT. Online: http://benchmarks.cisecurity.org/enus/docs/user-guides/CIS-CAT-Users-Guide.pdf.
10. Cloud Security Alliance (2011a). Security metrics workgroup. Online: http://www.cloudsecurityalliance.org/Research.html.
11. Cloud Security Alliance (2011b). The Consensus Assessments Initiative Questionnaire. Online: https://cloudsecurityalliance.org/research/cai/.
12. Cloud Security Alliance (2011c). The Security, Trust & Assurance Registry (STAR). Online: https://cloudsecurityalliance.org/star/.
13. De Chaves, S. A., et.al. (2010). SLA perspective in security management for Cloud computing. In Proc. of the IEEE Sixth International Conference on Networking and Services, pages 212-217.
14. Dekker, M. and Hogben, G. (2011). Survey and analysis of security parameters in cloud SLAs across the European public sector. Technical Report TR-2011-12-19, European Network and Information Security Agency.
15. Feglar, T. (2004). ITIL based Service Level Management if SLAs cover Security. Journal on Systemics, Cybernetics and Informatic, pages 61-71.
16. Frankova, G. and Yautsiukhin, A. (2007). Service and protection level agreements for business processes. In Proc. of the IEEE Second European Young Researchers Workshop on Service Oriented Computing, page 38.
17. Ghani, H., et.al. (2010). Assessing the Security of Internet Connected Critical Infrastructures (The CoMiFin Project Approach). In Proc. of the Workshop on Security of the Internet of Things.
18. Henning, R. (1999). Security service level agreements: quantifiable security for the enterprise? In Proc. of the ACMWorkshop on New security paradigms, pages 54-60.
19. Irvine, C. and Levin, T. (2001). Quality of security service. In Proc. of the ACM Workshop on New security paradigms, pages 91-99.
20. Jansen, W. (2010). Directions in security metrics research. Technical Report TR-7564, National Institute for Standards and Technology.
21. Krautsevich, L., et.al. (2011). A general method for assessment of security in complex services. In Towards a Service-Based Internet, volume 6994 of Springer Lecture Notes in Computer Science, pages 153-164.
22. Ludwig, H., et.al. Web Service Level Agreement (WSLA) Language Specification. Technical Report TRWSLA-2003-01-28, IBM.
23. Luna, J. et.al. (2008). Providing security to the Desktop Data Grid. In Proc. of the IEEE International Symposium on Parallel and Distributed Processing, pages 1-8.
24. Luna, J., et.al. (2011). A Security Metrics Framework for the Cloud. In Proc. of the INSTICC Internation Conference on Security and Cryptography, pages 245-250.
25. Monahan, B. and Yearworth, M. (2008). Meaningful security SLAs. Technical Report TR-HPL-2005-218, HP Labs.
26. Neto, A., et.al. (2011). To benchmark or not to benchmark security: That is the question. In Proc. of the IEEE Dependable Systems and Networks Workshops, pages 182-187.
27. Samani, R., et.al. (2011). Common Assurance Maturity Model: Scoring Model. Online: http://commonassurance.com/.
28. Trimintzios, P. (2011). Measurement Frameworks and Metrics for Resilient Networks and Services. Discussion Draft. European Network and Information Security Agency.
29. Verendel, V. (2009). Quantified security is a weak hypothesis: a critical survey of results and assumptions. In Proc. of the ACM Workshop on new security paradigms, pages 37-50.
30. Weisstein, W. (2011a). Frobenius Norm. Online: http://mathworld.wolfram. com/FrobeniusNorm.html.
31. Weisstein, W. (2011b). L1-Norm. Online: http://mathworld.wolfram.com/L1- Norm.html.