The federated Cloud paradigm aims to provide flexible and reliable services composed of a mixture of internal and external mini-clouds, but this heterogeneous nature is also fuelling the security concerns of the customers. To allay the fears and deal with the threats associated with outsourcing data and applications to the Cloud, new methods for security assurance are urgently needed. This paper presents current work on Cloud Security Service Level Agreements and our approach on how to manage this in the context of hybrid clouds. The purpose is to facilitate rapid service composition and agreements based on the necessary security requirements and establish trust between the customer and provider.We also show how this can be applied on a realistic case study related to a hybrid Unified Communication service.
Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on the contrary, design overly secure systems that will compromise the performance of critical operations. This paper presents a methodology for visualizing and assessing security risks by means of bow-tie diagrams, which are commonly used within safety assessments. We outline how malicious activities, random failures, security countermeasures and safety barriers can be visualized using a common graphical notation and propose a method for quantifying risks based on threat likelihood and consequence severity. The methodology is demonstrated using a case study from maritime communication. Our main conclusion is that adding security concepts to the bow-ties is a promising approach, since this is a notation that high-risk industries are already familiar with. However, their advantage as easy-to-grasp visual models should be maintained, hence complexity needs to be kept low.
Service Level Agreements (SLAs) have been used for decades to regulate aspects such as throughput, delay and response times of services in various outsourcing scenarios. However, security aspects have typically been neglected in SLAs. In this paper we argue that security SLAs will be necessary for future Internet services, and provide examples of how this will work in practice.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.