Home > Research > Publications & Outputs > Benchmarking cloud security level agreements us...

Links

Text available via DOI:

View graph of relations

Benchmarking cloud security level agreements using quantitative policy trees

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Benchmarking cloud security level agreements using quantitative policy trees. / Luna, J.; Langenberg, R.; Suri, Neeraj.
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop. ACM, 2012. p. 103-112.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Luna, J, Langenberg, R & Suri, N 2012, Benchmarking cloud security level agreements using quantitative policy trees. in Proceedings of the 2012 ACM Workshop on Cloud computing security workshop. ACM, pp. 103-112. https://doi.org/10.1145/2381913.2381932

APA

Luna, J., Langenberg, R., & Suri, N. (2012). Benchmarking cloud security level agreements using quantitative policy trees. In Proceedings of the 2012 ACM Workshop on Cloud computing security workshop (pp. 103-112). ACM. https://doi.org/10.1145/2381913.2381932

Vancouver

Luna J, Langenberg R, Suri N. Benchmarking cloud security level agreements using quantitative policy trees. In Proceedings of the 2012 ACM Workshop on Cloud computing security workshop. ACM. 2012. p. 103-112 doi: 10.1145/2381913.2381932

Author

Luna, J. ; Langenberg, R. ; Suri, Neeraj. / Benchmarking cloud security level agreements using quantitative policy trees. Proceedings of the 2012 ACM Workshop on Cloud computing security workshop. ACM, 2012. pp. 103-112

Bibtex

@inproceedings{cbbbcf74ee5c4bb8aa853f3510aa95f9,
title = "Benchmarking cloud security level agreements using quantitative policy trees",
abstract = "While the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications onto it has been limited, in part, due to the lack of security assurance on the Cloud Service Provider CSP). However, the recent efforts on specification of security statements in Service Level Agreements, also known as {"}Security Level Agreements{"} or SecLAs is a positive development. While a consistent notion of Cloud SecLAs is still developing, already some major CSPs are creating and storing their advocated SecLAs in publicly available repositories e.g., the Cloud Security Alliance's {"}Security, Trust & Assurance Registry{"} CSA STAR). While several academic and industrial efforts are developing the methods to build and specify Cloud SecLAs, very few works deal with the techniques to quantitatively reason about SecLAs in order to provide security assurance. This paper proposes a method to benchmark-both quantitatively and qualitatively-the Cloud SecLAs of one or more CSPs with respect to a user-defined requirement, also in the form of a SecLA. The contributed security benchmark methodology rests on the notion of Quantitative Policy Trees QPT a data structure that we propose to represent and systematically reason about SecLAs. In this paper we perform the initial validation of the contributed methodology with respect to another state of the art proposal, which in turn was empirically validated using the SecLAs stored on the CSA STAR repository. Finally, our research also contributes with QUANTS-as-a- Service QUANTSaaS a system that implements the proposed.",
keywords = "Cloud security, Security Benchmarks, Security Level Agreements, Security Metrics, Security Quantification, Cloud services, Security assurance, Security benchmarks, Security level, Security metrics, Service Level Agreements, State of the art, Cloud computing, Data structures, Stars, Forestry, Computation, Data, Structures",
author = "J. Luna and R. Langenberg and Neeraj Suri",
year = "2012",
month = oct,
day = "19",
doi = "10.1145/2381913.2381932",
language = "English",
isbn = "9781450316651",
pages = "103--112",
booktitle = "Proceedings of the 2012 ACM Workshop on Cloud computing security workshop",
publisher = "ACM",

}

RIS

TY - GEN

T1 - Benchmarking cloud security level agreements using quantitative policy trees

AU - Luna, J.

AU - Langenberg, R.

AU - Suri, Neeraj

PY - 2012/10/19

Y1 - 2012/10/19

N2 - While the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications onto it has been limited, in part, due to the lack of security assurance on the Cloud Service Provider CSP). However, the recent efforts on specification of security statements in Service Level Agreements, also known as "Security Level Agreements" or SecLAs is a positive development. While a consistent notion of Cloud SecLAs is still developing, already some major CSPs are creating and storing their advocated SecLAs in publicly available repositories e.g., the Cloud Security Alliance's "Security, Trust & Assurance Registry" CSA STAR). While several academic and industrial efforts are developing the methods to build and specify Cloud SecLAs, very few works deal with the techniques to quantitatively reason about SecLAs in order to provide security assurance. This paper proposes a method to benchmark-both quantitatively and qualitatively-the Cloud SecLAs of one or more CSPs with respect to a user-defined requirement, also in the form of a SecLA. The contributed security benchmark methodology rests on the notion of Quantitative Policy Trees QPT a data structure that we propose to represent and systematically reason about SecLAs. In this paper we perform the initial validation of the contributed methodology with respect to another state of the art proposal, which in turn was empirically validated using the SecLAs stored on the CSA STAR repository. Finally, our research also contributes with QUANTS-as-a- Service QUANTSaaS a system that implements the proposed.

AB - While the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications onto it has been limited, in part, due to the lack of security assurance on the Cloud Service Provider CSP). However, the recent efforts on specification of security statements in Service Level Agreements, also known as "Security Level Agreements" or SecLAs is a positive development. While a consistent notion of Cloud SecLAs is still developing, already some major CSPs are creating and storing their advocated SecLAs in publicly available repositories e.g., the Cloud Security Alliance's "Security, Trust & Assurance Registry" CSA STAR). While several academic and industrial efforts are developing the methods to build and specify Cloud SecLAs, very few works deal with the techniques to quantitatively reason about SecLAs in order to provide security assurance. This paper proposes a method to benchmark-both quantitatively and qualitatively-the Cloud SecLAs of one or more CSPs with respect to a user-defined requirement, also in the form of a SecLA. The contributed security benchmark methodology rests on the notion of Quantitative Policy Trees QPT a data structure that we propose to represent and systematically reason about SecLAs. In this paper we perform the initial validation of the contributed methodology with respect to another state of the art proposal, which in turn was empirically validated using the SecLAs stored on the CSA STAR repository. Finally, our research also contributes with QUANTS-as-a- Service QUANTSaaS a system that implements the proposed.

KW - Cloud security

KW - Security Benchmarks

KW - Security Level Agreements

KW - Security Metrics

KW - Security Quantification

KW - Cloud services

KW - Security assurance

KW - Security benchmarks

KW - Security level

KW - Security metrics

KW - Service Level Agreements

KW - State of the art

KW - Cloud computing

KW - Data structures

KW - Stars

KW - Forestry

KW - Computation

KW - Data

KW - Structures

U2 - 10.1145/2381913.2381932

DO - 10.1145/2381913.2381932

M3 - Conference contribution/Paper

SN - 9781450316651

SP - 103

EP - 112

BT - Proceedings of the 2012 ACM Workshop on Cloud computing security workshop

PB - ACM

ER -