Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Quantitative Reasoning about Cloud Security Using Service Level Agreements
AU - Luna, J.
AU - Taha, A.
AU - Trapero, R.
AU - Suri, Neeraj
PY - 2017/7/1
Y1 - 2017/7/1
N2 - While the economic and technological advantages of cloud computing are apparent, its overall uptake has been limited, in part, due to the lack of security assurance and transparency on the Cloud Service Provider (CSP). Although, the recent efforts on specification of security using Service Level Agreements, also known as 'Security Level Agreements' or secSLAs is a positive development multiple technical and usability issues limit the adoption of Cloud secSLA's in practice. In this paper we develop two evaluation techniques, namely QPT and QHP, for conducting the quantitative assessment and analysis of the secSLA based security level provided by CSPs with respect to a set of Cloud Customer security requirements. These proposed techniques help improve the security requirements specifications by introducing a flexible and simple methodology that allows Customers to identify and represent their specific security needs. Apart from detailing guidance on the standalone and collective use of QPT and QHP, these techniques are validated using two use case scenarios and a prototype, leveraging actual real-world CSP secSLAdata derived from the Cloud Security Alliance's Security, Trust and Assurance Registry. © 2013 IEEE.
AB - While the economic and technological advantages of cloud computing are apparent, its overall uptake has been limited, in part, due to the lack of security assurance and transparency on the Cloud Service Provider (CSP). Although, the recent efforts on specification of security using Service Level Agreements, also known as 'Security Level Agreements' or secSLAs is a positive development multiple technical and usability issues limit the adoption of Cloud secSLA's in practice. In this paper we develop two evaluation techniques, namely QPT and QHP, for conducting the quantitative assessment and analysis of the secSLA based security level provided by CSPs with respect to a set of Cloud Customer security requirements. These proposed techniques help improve the security requirements specifications by introducing a flexible and simple methodology that allows Customers to identify and represent their specific security needs. Apart from detailing guidance on the standalone and collective use of QPT and QHP, these techniques are validated using two use case scenarios and a prototype, leveraging actual real-world CSP secSLAdata derived from the Cloud Security Alliance's Security, Trust and Assurance Registry. © 2013 IEEE.
KW - Cloud security
KW - security metrics
KW - security quantification
KW - security service level agreements
KW - Cryptography
KW - Specifications
KW - Cloud securities
KW - Cloud service providers
KW - Quantitative assessments
KW - Security level agreements
KW - Security metrics
KW - Security services
KW - Service Level Agreements
KW - Outsourcing
U2 - 10.1109/TCC.2015.2469659
DO - 10.1109/TCC.2015.2469659
M3 - Journal article
VL - 5
SP - 457
EP - 471
JO - IEEE Transactions on Cloud Computing
JF - IEEE Transactions on Cloud Computing
SN - 2168-7161
IS - 3
ER -