Expressing cloud security requirements for SLAs in deontic contract languages for cloud brokers

Meland, Per Håkon; Bernsmed, Karin; Jaatun, Martin Gilje; Castejón, Humberto Nicolás; Undheim, Astrid

doi:10.1504/ijcc.2014.058831

Cited by 15 publications

(10 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Nevertheless some works have been done in order to address this issue as we will explain in the next section. Here we just show an example schema from the paper [12], which extends the standard WS-Agreement [31] schema to cover the security requirements. Table 1 shows how we could specify the security requirement on data retention in an SLA.…”

Section: A Security Requirements and Slasmentioning

confidence: 99%

“…As shown in Figure 3, it gives a very good example about what needs to be covered in the SLAs for a composed online meeting service, which has four individual services: VOICE, MSG, PRESENCE, and CONF. Furthermore, paper [12] proposed a scheme to let the service broker bridge the security requirements from service consumers and the security guarantees promised by service providers. The broker is in charge of compositing web services and maintaining a mutually agreed contract.…”

Section: Figure 2 Composition Of Three Servicesmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Quantitative Evaluation of Web Service Security

Zhou

Shi

Yang

2016

2016 IEEE Trustcom/BigDataSE/Ispa

View full text Add to dashboard Cite

-The number of web services available on the Internet has grown rapidly. Service consumers face a hard decision over which service to choose among the available ones. Security holds a key after various vulnerabilities have been exploited by attackers on number of notable web services. This paper carries out a survey on how security has been expressed and promised for web services, through both the Web Service Description Language and Service Level Agreements. It reviews existing technologies used for comparing individual web services, as well as for service compositions. Taking security into account further complicates the already difficult process of choosing the right service. The paper reveals that despite existing efforts, a quantitative solution needs to be established urgently in order to help service consumers to choose the most secure service for them to use.

show abstract

Section: A Security Requirements and Slasmentioning

confidence: 99%

Section: Figure 2 Composition Of Three Servicesmentioning

confidence: 99%

A Survey on Quantitative Evaluation of Web Service Security

Zhou

Shi

Yang

2016

2016 IEEE Trustcom/BigDataSE/Ispa

View full text Add to dashboard Cite

show abstract

“…To this list, Breaux and Gordon [39] add the dimension of constraint changes across jurisdictions when regulations share a common focus. Further, a comparison of the potential languages that can be used by cloud users to express such requirements, has been made by Meland et al [59]. The authors examine several languages usable for cloud SLAs, among which there are also XACML, WSAgreement, LegalXML; however, they conclude that prior to choosing how to express security requirements, it is more stringent to converge towards common concepts of security contracts.…”

Section: Existing Workmentioning

confidence: 99%

Verifying cloud services

Bouchenak

Chockler

et al. 2013

SIGOPS Oper. Syst. Rev.

View full text Add to dashboard Cite

As cloud-based services gain popularity in both private and enterprise domains, cloud consumers are still lacking in tools to verify that these services work as expected. Such tools should consider properties such as functional correctness, service availability, reliability, performance and security guarantees. In this paper we survey existing work in these areas and identify gaps in existing cloud technology in terms of the verification tools provided to users. We also discuss challenges and new research directions that can help bridge these gaps.

show abstract

“…CloudSurfer depends on that the Cloud providers advertise their offered security controls in a machinereadable form, as shown in the lower-most part of Figure 1. There is no prevalent standard for expressing contract requirements and offerings, but based on the recommendations by Meland et al (Meland et al, 2013), WS-Agreement (Andrieux et al, 2003) was chosen. This language is extensible and allows the use of any service terms, but has no built-in predicates for security.…”

Section: Design and Interactionmentioning

confidence: 99%

CloudSurfer - A Cloud Broker Application for Security Concerns

Frtunic¹,

Jovanovic²,

Gligorijvic³

et al. 2013

Proceedings of the 3rd International Conference on Cloud Computing and Services Science

View full text Add to dashboard Cite

The broker is foreseen to take an important role in the future Cloud ecosystem. A Cloud broker will simplify the relationships between Cloud providers and customers, by aggregating, integrating and customizing services in accordance to the customers' needs. This paper demonstrates how security requirements can be a part of the Cloud brokering model. We present CloudSurfer, which is a prototype implementation of an independent Cloud broker that allows the customer to search for services that fulfill a set of security requirements. The application has been evaluated by representatives from the software industry and academia, and is freely available for further research.

show abstract

Expressing cloud security requirements for SLAs in deontic contract languages for cloud brokers

Cited by 15 publications

References 21 publications

A Survey on Quantitative Evaluation of Web Service Security

A Survey on Quantitative Evaluation of Web Service Security

Verifying cloud services

CloudSurfer - A Cloud Broker Application for Security Concerns

Contact Info

Product

Resources

About