Home > Research > Publications & Outputs > Quantitative Reasoning about Cloud Security Usi...

Links

Text available via DOI:

View graph of relations

Quantitative Reasoning about Cloud Security Using Service Level Agreements

Research output: Contribution to journalJournal articlepeer-review

Published

Standard

Quantitative Reasoning about Cloud Security Using Service Level Agreements. / Luna, J.; Taha, A.; Trapero, R.; Suri, Neeraj.

In: IEEE Transactions on Cloud Computing, Vol. 5, No. 3, 01.07.2017, p. 457-471.

Research output: Contribution to journalJournal articlepeer-review

Harvard

Luna, J, Taha, A, Trapero, R & Suri, N 2017, 'Quantitative Reasoning about Cloud Security Using Service Level Agreements', IEEE Transactions on Cloud Computing, vol. 5, no. 3, pp. 457-471. https://doi.org/10.1109/TCC.2015.2469659

APA

Luna, J., Taha, A., Trapero, R., & Suri, N. (2017). Quantitative Reasoning about Cloud Security Using Service Level Agreements. IEEE Transactions on Cloud Computing, 5(3), 457-471. https://doi.org/10.1109/TCC.2015.2469659

Vancouver

Luna J, Taha A, Trapero R, Suri N. Quantitative Reasoning about Cloud Security Using Service Level Agreements. IEEE Transactions on Cloud Computing. 2017 Jul 1;5(3):457-471. https://doi.org/10.1109/TCC.2015.2469659

Author

Luna, J. ; Taha, A. ; Trapero, R. ; Suri, Neeraj. / Quantitative Reasoning about Cloud Security Using Service Level Agreements. In: IEEE Transactions on Cloud Computing. 2017 ; Vol. 5, No. 3. pp. 457-471.

Bibtex

@article{2aaa27b9a9e6400f8a38f0892d65a050,
title = "Quantitative Reasoning about Cloud Security Using Service Level Agreements",
abstract = "While the economic and technological advantages of cloud computing are apparent, its overall uptake has been limited, in part, due to the lack of security assurance and transparency on the Cloud Service Provider (CSP). Although, the recent efforts on specification of security using Service Level Agreements, also known as 'Security Level Agreements' or secSLAs is a positive development multiple technical and usability issues limit the adoption of Cloud secSLA's in practice. In this paper we develop two evaluation techniques, namely QPT and QHP, for conducting the quantitative assessment and analysis of the secSLA based security level provided by CSPs with respect to a set of Cloud Customer security requirements. These proposed techniques help improve the security requirements specifications by introducing a flexible and simple methodology that allows Customers to identify and represent their specific security needs. Apart from detailing guidance on the standalone and collective use of QPT and QHP, these techniques are validated using two use case scenarios and a prototype, leveraging actual real-world CSP secSLAdata derived from the Cloud Security Alliance's Security, Trust and Assurance Registry. {\textcopyright} 2013 IEEE.",
keywords = "Cloud security, security metrics, security quantification, security service level agreements, Cryptography, Specifications, Cloud securities, Cloud service providers, Quantitative assessments, Security level agreements, Security metrics, Security services, Service Level Agreements, Outsourcing",
author = "J. Luna and A. Taha and R. Trapero and Neeraj Suri",
year = "2017",
month = jul,
day = "1",
doi = "10.1109/TCC.2015.2469659",
language = "English",
volume = "5",
pages = "457--471",
journal = "IEEE Transactions on Cloud Computing",
issn = "2168-7161",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

RIS

TY - JOUR

T1 - Quantitative Reasoning about Cloud Security Using Service Level Agreements

AU - Luna, J.

AU - Taha, A.

AU - Trapero, R.

AU - Suri, Neeraj

PY - 2017/7/1

Y1 - 2017/7/1

N2 - While the economic and technological advantages of cloud computing are apparent, its overall uptake has been limited, in part, due to the lack of security assurance and transparency on the Cloud Service Provider (CSP). Although, the recent efforts on specification of security using Service Level Agreements, also known as 'Security Level Agreements' or secSLAs is a positive development multiple technical and usability issues limit the adoption of Cloud secSLA's in practice. In this paper we develop two evaluation techniques, namely QPT and QHP, for conducting the quantitative assessment and analysis of the secSLA based security level provided by CSPs with respect to a set of Cloud Customer security requirements. These proposed techniques help improve the security requirements specifications by introducing a flexible and simple methodology that allows Customers to identify and represent their specific security needs. Apart from detailing guidance on the standalone and collective use of QPT and QHP, these techniques are validated using two use case scenarios and a prototype, leveraging actual real-world CSP secSLAdata derived from the Cloud Security Alliance's Security, Trust and Assurance Registry. © 2013 IEEE.

AB - While the economic and technological advantages of cloud computing are apparent, its overall uptake has been limited, in part, due to the lack of security assurance and transparency on the Cloud Service Provider (CSP). Although, the recent efforts on specification of security using Service Level Agreements, also known as 'Security Level Agreements' or secSLAs is a positive development multiple technical and usability issues limit the adoption of Cloud secSLA's in practice. In this paper we develop two evaluation techniques, namely QPT and QHP, for conducting the quantitative assessment and analysis of the secSLA based security level provided by CSPs with respect to a set of Cloud Customer security requirements. These proposed techniques help improve the security requirements specifications by introducing a flexible and simple methodology that allows Customers to identify and represent their specific security needs. Apart from detailing guidance on the standalone and collective use of QPT and QHP, these techniques are validated using two use case scenarios and a prototype, leveraging actual real-world CSP secSLAdata derived from the Cloud Security Alliance's Security, Trust and Assurance Registry. © 2013 IEEE.

KW - Cloud security

KW - security metrics

KW - security quantification

KW - security service level agreements

KW - Cryptography

KW - Specifications

KW - Cloud securities

KW - Cloud service providers

KW - Quantitative assessments

KW - Security level agreements

KW - Security metrics

KW - Security services

KW - Service Level Agreements

KW - Outsourcing

U2 - 10.1109/TCC.2015.2469659

DO - 10.1109/TCC.2015.2469659

M3 - Journal article

VL - 5

SP - 457

EP - 471

JO - IEEE Transactions on Cloud Computing

JF - IEEE Transactions on Cloud Computing

SN - 2168-7161

IS - 3

ER -