Building a compliance vocabulary to embed security controls in cloud SLAs

Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013

Volumn , Issue , 2013, Pages 118-125

  Hale, Matthew L ^a   Gamble, Rose ^a  

^a The University of Tulsa   (United States)

Author keywords

certification; cloud; compliance; security; service level agreement; web services; xml

Indexed keywords

CERTIFICATION; COMPLIANCE; COMPLIANCE VOCABULARIES; COMPUTATIONAL OVERHEADS; ORGANIZATIONAL INFORMATION SYSTEMS; SECURITY; SERVICE LEVEL AGREEMENT (SLAS); SERVICE LEVEL AGREEMENTS;

CLOUDS; DISTRIBUTED DATABASE SYSTEMS; INFORMATION SYSTEMS; NETWORK ARCHITECTURE; QUALITY OF SERVICE; WEB SERVICES; XML;

COMPLIANCE CONTROL;

EID: 84888049317     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SERVICES.2013.27     Document Type: Conference Paper

References (27)

1. A. Minkiewicz, "Cloud Nine, are we there yet?," Journal of Software Technology, vol. 14, pp. 4-8, 2011.
2. NIST, "Special Publication 800-53 Recommended Security Controls for Federal Information Systems," 2009.
3. "Common criteria (Part 2) for IT Security Evaluation V3.1," 2009.
4. DoD, "Directive 8500.1: Information Assurance," 2002.
5. DISA, "Application Security and Development STIG V3 R4," 2011.
6. CSA, "Cloud Controls Matrix " 2012.
7. C. Redl, I. Breskovic, I. Brandic, and S. Dustdar, "Automatic SLA Matching and Provider Selection in Grid and Cloud Computing Markets," in International Conference on Grid Computing, 2012.
8. G. Modica, G. Petralia, and O. Tomarchio, "A Business Ontology to Enable Semantic Matchmaking in Open Cloud Markets," in Eighth International Conference on Semantics, Knowledge and Grids, 2012.
9. M. Hale, and R. Gamble, "SecAgreement: Advancing Security Risk Calculations in Cloud Services," World Congress on Services, 2012.
10. M. Hale, and R. Gamble, "Risk Propagation of Security SLAs in the Cloud," in Proceeding of the workshop on Management and Security technologies for Cloud Computing 2012, IEEE GLOBECOM, 2012.
11. K. Bernsmed, M. Jaatun, P. Meland, and A. Undheim, "Security SLAs for Federated Cloud Services," in Sixth International Conference on Availability, Reliabilty and Security, 2011.
12. S. Lindskog, "Modeling and Tuning Security from a Quality of Service Perspective," Ph.D, Dept. of Comp. Sci. and Engineering, Chalmers University Of Technology Goteborg, Sweden, 2005.
13. A. Keller, and H. Ludwig, "The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services.," Journal of Network and Systems Management, vol. 11, 1, pp. 57-81, 2003.
14. M. Anisetti, C. Ardagna, E. Damiani, and J. Maggesi, "Security Certification-Aware Service Discovery and Selection," in Proceedings of Fifth IEEE International Conference on Service-Oriented Computing and Applications, 2012.
15. N. Bhensook, and T. Senivongse, "An Assessment of Security Requirements Compliance of Cloud Providers," in 4th International Conference on Cloud Computing Technology and Science, 2012.
16. K. Belhajjame, S. Embury, and N. Paton, "Verification of Semantic Web Service Annotations Using Ontology-Based Partitioning," in IEEE Transactions on Services Computing (preprint), 2013.
17. W. Zhu, "Semantic Mediation Bus (TM): An Ontology-Based Runtime Infrastructure for Service Interoperability," in Proceedings of 16th IEEE International Enterprise Distributed Object Computing Conference Workshops, 2012.
18. G. Dobson, and A. Sanchez-Macian, "Towards Unified QoS/SLA Ontologies," in Proceedings of the IEEE Services Computing Workshops 2006.
19. A. Andrieux, K. Czajkowski, A. Dan, K. Keahey, H. Ludwig, T. Nakata, J. Pruyne, J. Rofrano, S. Tuecke, and M. Xu. (2007). Web Services Agreement Specification (WS-Agreement).
20. H. Ludwig, A. Keller, A. Dan, and R. King, "A Service Level Agreement Language for Dynamic Electronic Services," in Proceedings of the 4th IEEE Int'l Workshop on Advanced Issues of ECommerce and Web-Based Information Systems, 2002.
21. M. Klusch, P. Kapahnke, and I. Zinnikus, "Hybrid Adaptive Web Service Selection with SAWSDL-MX and WSDL-Analyzer " in Proceedings of the 6th European Semantic Web Conference on The Semantic Web: Research and Applications, 2009.
22. T. C. Chieu, M. Singh, C. Tang, M. Viswanathan, and A. Gupta, "Automation System for Validation of Configuration and Security Compliance in Managed Cloud Services," in Proceedings of Ninth IEEE International Conference on e-Business Engineering, 2012.
23. M. Hale, and R.Gamble, "Hierarchically Modeling Security Control Compliance" Report No. SEAT-UTULSA-012013," 2013(under review).
24. NIST, "Special Publication 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approach," 2010.
25. R. R. Henning, "Security Service Level Agreements: Quantifiable Security for the Enterprise?," in Proceedings of the New Security Paradigms Workshop, 1999.
26. C. Irvine, and T. Levin, "Quality of Security Service," in Proceedings of the New Security Paradigms Workshop, 2000.
27. W3C, "Extensibile Markup Language (XML) 1.0 Fifth Edition.," 2008. Available: http://www.w3.org/TR/REC-xml/.