Dealing with the provisioning of cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that they are understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLOs)), (ii) automating the provisioning of security mechanisms able to grant desired security features (by means of a security-driven resource allocation process), and (iii) continuously monitoring the services in order to verify the fulfillment of specified Security SLOs (by means of cloud security monitoring solutions). We propose to face the Security SLA life cycle management with a framework able to enrich cloud applications with security features. In this paper we (i) present a novel Security SLA model and (ii) illustrate a security-driven planning process that can be adopted to determine the (optimum) deployment of security-related software components. Such process takes into account both specific implementation constraints of the security components to be deployed and customers security requirements, and enables the automatic provisioning and configuration of all needed resources. In order to demonstrate the applicability of the approach, we present and discuss a practical application of the model on a real case study.
Automatically Enforcing Security SLAs in the Cloud / Casola, Valentina; DE BENEDICTIS, Alessandra; Rak, Massimiliano; Modic, Jolanda; Erascu, Madalina. - In: IEEE TRANSACTIONS ON SERVICES COMPUTING. - ISSN 1939-1374. - 10:5(2016), pp. 741-755. [10.1109/TSC.2016.2540630]
Automatically Enforcing Security SLAs in the Cloud
Valentina Casola;Alessandra De Benedictis;
2016
Abstract
Dealing with the provisioning of cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that they are understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLOs)), (ii) automating the provisioning of security mechanisms able to grant desired security features (by means of a security-driven resource allocation process), and (iii) continuously monitoring the services in order to verify the fulfillment of specified Security SLOs (by means of cloud security monitoring solutions). We propose to face the Security SLA life cycle management with a framework able to enrich cloud applications with security features. In this paper we (i) present a novel Security SLA model and (ii) illustrate a security-driven planning process that can be adopted to determine the (optimum) deployment of security-related software components. Such process takes into account both specific implementation constraints of the security components to be deployed and customers security requirements, and enables the automatic provisioning and configuration of all needed resources. In order to demonstrate the applicability of the approach, we present and discuss a practical application of the model on a real case study.| File | Dimensione | Formato | |
|---|---|---|---|
|
art06_TSC_Casola_published.pdf
non disponibili
Tipologia:
Versione Editoriale (PDF)
Licenza:
Accesso privato/ristretto
Dimensione
724.24 kB
Formato
Adobe PDF
|
724.24 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
