Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - A novel approach to manage cloud security SLA incidents
AU - Trapero, R.
AU - Modic, J.
AU - Stopar, M.
AU - Taha, A.
AU - Suri, Neeraj
PY - 2017/7/1
Y1 - 2017/7/1
N2 - Cloud computing is increasingly playing an important role in the service provisioning domain given the economic and technological benefits it offers. The popularity of cloud services is increasing but so are their customers’ concerns about security assurance and transparency of the Cloud Service Providers (CSPs). This is especially relevant in the case of critical services that are progressively moving to the cloud. Examples include the integrated European air traffic control system or public administrations through the governmental clouds. Recent efforts aim to specify security in cloud by using security service level agreements (secSLAs). However, the paucity of approaches to actually control the fulfillment of secSLAs and to react in case of security breaches, often results in distrust in cloud services. In this paper, we present a solution to monitor and enforce the fulfillment of secSLAs. Our framework is able to (a) detect occurrences that lead to unfulfillment of commitments, and (b) also provide mitigation to the harmful events that may or do compromise the validity of secSLAs. © 2016 Elsevier B.V.
AB - Cloud computing is increasingly playing an important role in the service provisioning domain given the economic and technological benefits it offers. The popularity of cloud services is increasing but so are their customers’ concerns about security assurance and transparency of the Cloud Service Providers (CSPs). This is especially relevant in the case of critical services that are progressively moving to the cloud. Examples include the integrated European air traffic control system or public administrations through the governmental clouds. Recent efforts aim to specify security in cloud by using security service level agreements (secSLAs). However, the paucity of approaches to actually control the fulfillment of secSLAs and to react in case of security breaches, often results in distrust in cloud services. In this paper, we present a solution to monitor and enforce the fulfillment of secSLAs. Our framework is able to (a) detect occurrences that lead to unfulfillment of commitments, and (b) also provide mitigation to the harmful events that may or do compromise the validity of secSLAs. © 2016 Elsevier B.V.
KW - Cloud computing
KW - Cloud security
KW - Security SLAs
KW - SLA monitoring
KW - SLA remediation
KW - Distributed database systems
KW - Public administration
KW - Quality of service
KW - Traffic control
KW - Web services
KW - Cloud securities
KW - Cloud service providers
KW - Critical service
KW - Security assurance
KW - Security breaches
KW - Security services
KW - Service provisioning
KW - Air traffic control
U2 - 10.1016/j.future.2016.06.004
DO - 10.1016/j.future.2016.06.004
M3 - Journal article
VL - 72
SP - 193
EP - 205
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
SN - 0167-739X
ER -