Quantitative Reasoning about Cloud Security Using Service Level Agreements

Luna, Jesús; Taha, Ahmed; Trapero, Ruben; Suri, Neeraj

doi:10.1109/tcc.2015.2469659

Cited by 55 publications

(37 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Esposito, Castiglione and Choo (2016), for example, remarked that ensuring data sovereignty can also be part of the SLA management system. This is also echoed by Luna et al (2016) in this special issue, who emphasized the importance of including security specifications in SLAs (i.e. the development of security level agreements).…”

Section: Securitymentioning

confidence: 84%

Cloud Security Engineering: Theory, Practice and Future Research

Choo

Rana

Rajarajan

2017

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

show abstract

Section: Securitymentioning

confidence: 84%

Cloud Security Engineering: Theory, Practice and Future Research

Choo

Rana

Rajarajan

2017

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

show abstract

“…Other EU projects such as SPECS [22] and EscudoCloud [23] also looked at quantifying the capacity of a given cloud provider to satisfy security Servive Level Agreements (SLAs) using information published in the CSA STAR registry. It also has a focus on usability, but the endeavour is different in essence.…”

Section: Related Workmentioning

confidence: 99%

“…It also has a focus on usability, but the endeavour is different in essence. Here we are assessing risk scenarios in an automated way, whereas in that work [23] does not provide an automated processing for the answers given by the CSPs to the CAIQ, making it difficult to compare more than three providers quickly.…”

Section: Related Workmentioning

confidence: 99%

A risk assessment model for selecting cloud service providers

Çayırcı

Garaga

Oliveira³

et al. 2016

J Cloud Comp

View full text Add to dashboard Cite

The Cloud Adoption Risk Assessment Model is designed to help cloud customers in assessing the risks that they face by selecting a specific cloud service provider. It evaluates background information obtained from cloud customers and cloud service providers to analyze various risk scenarios. This facilitates decision making an selecting the cloud service provider with the most preferable risk profile based on aggregated risks to security, privacy, and service delivery. Based on this model we developed a prototype using machine learning to automatically analyze the risks of representative cloud service providers from the Cloud Security Alliance Security, Trust & Assurance Registry.

show abstract

“…However, the algorithm used in the QHP is based on matrices and eigenvectors that are associated to high computational costs, hence not suitable for scenarios with efficiency constraints. A side by side comparison of the QPT and the QHP, providing insights into their individual and collective capabilities, is available in [19].…”

Section: Related Workmentioning

confidence: 99%

“…The last element of the final PV is the score for the CSC SecSLA and serves as the benchmark. For more details on the methodology see [2,19], or use cases considered in Section 6.…”

Section: Quantitative Hierarchy Process (Qhp)mentioning

confidence: 99%