Security Assurance of (Multi-)Cloud Application with Security SLA Composition
| Autor: | Massimiliano Rak |
|---|---|
| Přispěvatelé: | Vari, Au, M.H.A., Castiglione, A., Choo, K.-K.R., Palmieri, F., Li, K.-C., Rak, Massimiliano |
| Rok vydání: | 2017 |
| Předmět: |
Policy composition
Computer science Supply chain Security policy Cloud computing 02 engineering and technology Computer security computer.software_genre Theoretical Computer Science Service-level agreement 0202 electrical engineering electronic engineering information engineering Orchestration (computing) 020203 distributed computing Cloud computing security Security SLA business.industry Service level agreement Computer Science (all) Security service Software security assurance Cloud security SecSLA 020201 artificial intelligence & image processing business computer |
| Zdroj: | 12th International Conference on Green, Pervasive, and Cloud Computing. GPC 2017. Lecture Notes in Computer Science, vol 10232. Lecture Notes in Computer Science Lecture Notes in Computer Science-Green, Pervasive, and Cloud Computing Green, Pervasive, and Cloud Computing ISBN: 9783319571850 GPC |
| ISSN: | 0302-9743 1611-3349 |
| DOI: | 10.1007/978-3-319-57186-7_57 |
| Popis: | Despite the diffusion of the cloud computing paradigm, cloud security is still considered one of the main inhibitors for the adoption of cloud-based solution. Security Service Level Agreements (Security SLAs), i.e. agreements among providers and customers that states the level of security granted on the services delivered, adopted to enable a Cloud Service Provider (CSP) to declare its security policy and a way to measure them from cloud service customer (CSC) point of view. Security SLAs, however, not completely solve the security issue in cloud when we have complex supply chains. This paper proposes a technique to automatically generate Security SLA, relying on CSP declaration and on the services, composing the application. Security SLAs and cloud applications are modeled, enabling automatic reasoning over the security offerings and the evaluation of the security policy over an orchestration of cloud services. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|