Home > Research > Publications & Outputs > Quantitative Reasoning about Cloud Security Usi...


Text available via DOI:

View graph of relations

Quantitative Reasoning about Cloud Security Using Service Level Agreements

Research output: Contribution to Journal/MagazineJournal articlepeer-review

<mark>Journal publication date</mark>1/07/2017
<mark>Journal</mark>IEEE Transactions on Cloud Computing
Issue number3
Number of pages15
Pages (from-to)457-471
Publication StatusPublished
Early online date27/08/15
<mark>Original language</mark>English


While the economic and technological advantages of cloud computing are apparent, its overall uptake has been limited, in part, due to the lack of security assurance and transparency on the Cloud Service Provider (CSP). Although, the recent efforts on specification of security using Service Level Agreements, also known as 'Security Level Agreements' or secSLAs is a positive development multiple technical and usability issues limit the adoption of Cloud secSLA's in practice. In this paper we develop two evaluation techniques, namely QPT and QHP, for conducting the quantitative assessment and analysis of the secSLA based security level provided by CSPs with respect to a set of Cloud Customer security requirements. These proposed techniques help improve the security requirements specifications by introducing a flexible and simple methodology that allows Customers to identify and represent their specific security needs. Apart from detailing guidance on the standalone and collective use of QPT and QHP, these techniques are validated using two use case scenarios and a prototype, leveraging actual real-world CSP secSLAdata derived from the Cloud Security Alliance's Security, Trust and Assurance Registry. © 2013 IEEE.