Alessandra De Benedictis, V. Casola, M. Rak, Umberto Villano
{"title":"Cloud Security: From Per-Provider to Per-Service Security SLAs","authors":"Alessandra De Benedictis, V. Casola, M. Rak, Umberto Villano","doi":"10.1109/INCoS.2016.61","DOIUrl":null,"url":null,"abstract":"Cloud Security is still considered one of the main factors inhibiting the diffusion of the Cloud Computing paradigm. Potential Cloud Service Customers (CSCs) do not trust delegating every kind of resources and data to external Cloud Service Providers (CSPs). The problem grows in complexity due to the increasing adoption of complex supply chains: CSPs that offer Sofware-as-a-Service (SaaS) cloud services often do not have their own data centers, but just acquire resources and services from other CSPs. This makes ithard, if not impossible, to ascribe the responsibility of a securityincident. A possible solution is the adoption of Security ServiceLevel Agreements (SLAs): CSPs should deliver services withan SLA that details each guarantee offered in terms of security, and CSCs should be able to compare offerings from differentCSPs and verify that SLAs are respected during service lifecycle. This paper shows how it is possible to build up a per-serviceSecurity SLA in a chain of cloud services, proposing asolution based on a security evaluation technique to comparedifferent cloud service supply chains based on their SecuritySLAs.","PeriodicalId":102056,"journal":{"name":"2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INCoS.2016.61","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Cloud Security is still considered one of the main factors inhibiting the diffusion of the Cloud Computing paradigm. Potential Cloud Service Customers (CSCs) do not trust delegating every kind of resources and data to external Cloud Service Providers (CSPs). The problem grows in complexity due to the increasing adoption of complex supply chains: CSPs that offer Sofware-as-a-Service (SaaS) cloud services often do not have their own data centers, but just acquire resources and services from other CSPs. This makes ithard, if not impossible, to ascribe the responsibility of a securityincident. A possible solution is the adoption of Security ServiceLevel Agreements (SLAs): CSPs should deliver services withan SLA that details each guarantee offered in terms of security, and CSCs should be able to compare offerings from differentCSPs and verify that SLAs are respected during service lifecycle. This paper shows how it is possible to build up a per-serviceSecurity SLA in a chain of cloud services, proposing asolution based on a security evaluation technique to comparedifferent cloud service supply chains based on their SecuritySLAs.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
