Risk propagation of security SLAs in the cloud

Matthew L. Hale, Rose Gamble

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

For organizations with mission critical systems, moving data or functionality to the cloud introduces a risk of additional exposed vulnerabilities associated with cloud service providers not implementing organizationally selected security controls. When internal system details are abstracted away as part of the cloud architecture, the organization must rely on contractual obligations embedded in service level agreements (SLAs) to assess service offerings for security risk. Whenever an SLA is formed, the level of risk incurred is based on how well the offered service terms meet the organizational security demands. In the cloud, additional SLAs between third party cloud service providers are formed to federate cloud resources, effectively distributing organizational risk among the various providers involved in the negotiated federations or service compositions. At runtime, whenever a cloud or service violates its SLA with respect to security controls or cancels any security offerings, the risk of noncompliance with organizational security policies increases. This paper provides a process to adapt to the propagated changes of service provider security risks within a service composition or federation due to SLA violations. The process is based on a distributed risk-aware renegotiation algorithm that replaces services if they violate SLAs.

Original languageEnglish (US)
Title of host publication2012 IEEE Globecom Workshops, GC Wkshps 2012
Pages730-735
Number of pages6
DOIs
Publication statusPublished - Dec 1 2012
Event2012 IEEE Globecom Workshops, GC Wkshps 2012 - Anaheim, CA, United States
Duration: Dec 3 2012Dec 7 2012

Publication series

Name2012 IEEE Globecom Workshops, GC Wkshps 2012

Conference

Conference2012 IEEE Globecom Workshops, GC Wkshps 2012
CountryUnited States
CityAnaheim, CA
Period12/3/1212/7/12

    Fingerprint

Keywords

  • algorithms
  • audit
  • certification
  • cloud computing
  • matchmaking
  • quality of security service
  • risk
  • security
  • service level agreement
  • web services

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Hale, M. L., & Gamble, R. (2012). Risk propagation of security SLAs in the cloud. In 2012 IEEE Globecom Workshops, GC Wkshps 2012 (pp. 730-735). [6477665] (2012 IEEE Globecom Workshops, GC Wkshps 2012). https://doi.org/10.1109/GLOCOMW.2012.6477665