Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Benchmarking cloud security level agreements using quantitative policy trees
AU - Luna, J.
AU - Langenberg, R.
AU - Suri, Neeraj
PY - 2012/10/19
Y1 - 2012/10/19
N2 - While the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications onto it has been limited, in part, due to the lack of security assurance on the Cloud Service Provider CSP). However, the recent efforts on specification of security statements in Service Level Agreements, also known as "Security Level Agreements" or SecLAs is a positive development. While a consistent notion of Cloud SecLAs is still developing, already some major CSPs are creating and storing their advocated SecLAs in publicly available repositories e.g., the Cloud Security Alliance's "Security, Trust & Assurance Registry" CSA STAR). While several academic and industrial efforts are developing the methods to build and specify Cloud SecLAs, very few works deal with the techniques to quantitatively reason about SecLAs in order to provide security assurance. This paper proposes a method to benchmark-both quantitatively and qualitatively-the Cloud SecLAs of one or more CSPs with respect to a user-defined requirement, also in the form of a SecLA. The contributed security benchmark methodology rests on the notion of Quantitative Policy Trees QPT a data structure that we propose to represent and systematically reason about SecLAs. In this paper we perform the initial validation of the contributed methodology with respect to another state of the art proposal, which in turn was empirically validated using the SecLAs stored on the CSA STAR repository. Finally, our research also contributes with QUANTS-as-a- Service QUANTSaaS a system that implements the proposed.
AB - While the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications onto it has been limited, in part, due to the lack of security assurance on the Cloud Service Provider CSP). However, the recent efforts on specification of security statements in Service Level Agreements, also known as "Security Level Agreements" or SecLAs is a positive development. While a consistent notion of Cloud SecLAs is still developing, already some major CSPs are creating and storing their advocated SecLAs in publicly available repositories e.g., the Cloud Security Alliance's "Security, Trust & Assurance Registry" CSA STAR). While several academic and industrial efforts are developing the methods to build and specify Cloud SecLAs, very few works deal with the techniques to quantitatively reason about SecLAs in order to provide security assurance. This paper proposes a method to benchmark-both quantitatively and qualitatively-the Cloud SecLAs of one or more CSPs with respect to a user-defined requirement, also in the form of a SecLA. The contributed security benchmark methodology rests on the notion of Quantitative Policy Trees QPT a data structure that we propose to represent and systematically reason about SecLAs. In this paper we perform the initial validation of the contributed methodology with respect to another state of the art proposal, which in turn was empirically validated using the SecLAs stored on the CSA STAR repository. Finally, our research also contributes with QUANTS-as-a- Service QUANTSaaS a system that implements the proposed.
KW - Cloud security
KW - Security Benchmarks
KW - Security Level Agreements
KW - Security Metrics
KW - Security Quantification
KW - Cloud services
KW - Security assurance
KW - Security benchmarks
KW - Security level
KW - Security metrics
KW - Service Level Agreements
KW - State of the art
KW - Cloud computing
KW - Data structures
KW - Stars
KW - Forestry
KW - Computation
KW - Data
KW - Structures
U2 - 10.1145/2381913.2381932
DO - 10.1145/2381913.2381932
M3 - Conference contribution/Paper
SN - 9781450316651
SP - 103
EP - 112
BT - Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
PB - ACM
ER -