Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Quantitative assessment of Cloud Security Level Agreements
T2 - A case study
AU - Luna, J.
AU - Ghani, H.
AU - Vateva, T.
AU - Suri, Neeraj
PY - 2012
Y1 - 2012
N2 - The users of Cloud Service Providers (CSP) often motivate their choice of providers based on criteria such as the offered service level agreements (SLA) and costs, and also recently based on security aspects (i.e., due to regulatory compliance). Unfortunately, it is quite uncommon for a CSP to specify the security levels associated with their services, hence impeding users from making security relevant informed decisions. Consequently, while the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications has been limited, in part, due to the lack of security assurance on the CSP. In order to achieve this assurance and create trustworthy Cloud ecosystems, it is desirable to develop metrics and techniques to compare, aggregate, negotiate and predict the trade-offs (features, problems and the economics) of security. This paper contributes with a quantitative security assessment case study using the CSP information found on the Cloud Security Alliance's Security, Trust & Assurance Registry (CSA STAR). Our security assessment rests on the notion of Cloud Security Level Agreements - SecLA - and, a novel set of security metrics used to quantitatively compare SecLAs.
AB - The users of Cloud Service Providers (CSP) often motivate their choice of providers based on criteria such as the offered service level agreements (SLA) and costs, and also recently based on security aspects (i.e., due to regulatory compliance). Unfortunately, it is quite uncommon for a CSP to specify the security levels associated with their services, hence impeding users from making security relevant informed decisions. Consequently, while the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications has been limited, in part, due to the lack of security assurance on the CSP. In order to achieve this assurance and create trustworthy Cloud ecosystems, it is desirable to develop metrics and techniques to compare, aggregate, negotiate and predict the trade-offs (features, problems and the economics) of security. This paper contributes with a quantitative security assessment case study using the CSP information found on the Cloud Security Alliance's Security, Trust & Assurance Registry (CSA STAR). Our security assessment rests on the notion of Cloud Security Level Agreements - SecLA - and, a novel set of security metrics used to quantitatively compare SecLAs.
KW - Cloud security
KW - Security assessment
KW - Security benchmarks
KW - Security level agreements
KW - Security metrics
KW - Cloud services
KW - Informed decision
KW - Quantitative assessments
KW - Security assurance
KW - Security level
KW - Service Level Agreements
KW - Regulatory compliance
KW - Cryptography
U2 - 10.5220/0004019900640073
DO - 10.5220/0004019900640073
M3 - Conference contribution/Paper
SN - 9789898565242
SP - 64
EP - 73
BT - Proceedings of the International Conference on Security and Cryptography - Volume 1
PB - SciTePress
ER -