Quantitative Assessment of Cloud Security Level Agreements - A Case Study

Jesus Luna Garcia; Hamza Ghani; Tsvetoslava Vateva; Neeraj Suri

doi:10.5220/0004019900640073

Quantitative Assessment of Cloud Security Level Agreements - A Case Study

Jesus Luna Garcia, Hamza Ghani, Tsvetoslava Vateva, Neeraj Suri

2012

Abstract

The users of Cloud Service Providers (CSP) often motivate their choice of providers based on criteria such as the offered service level agreements (SLA) and costs, and also recently based on security aspects (i.e., due to regulatory compliance). Unfortunately, it is quite uncommon for a CSP to specify the security levels associated with their services, hence impeding users from making security relevant informed decisions. Consequently, while the many economic and technological advantages of Cloud computing are apparent, the migration of key sector applications has been limited, in part, due to the lack of security assurance on the CSP. In order to achieve this assurance and create trustworthy Cloud ecosystems, it is desirable to develop metrics and techniques to compare, aggregate, negotiate and predict the trade-offs (features, problems and the economics) of security. This paper contributes with a quantitative security assessment case study using the CSP information found on the Cloud Security Alliance’s Security, Trust & Assurance Registry (CSA STAR). Our security assessment rests on the notion of Cloud Security Level Agreements — SecLA — and, a novel set of security metrics used to quantitatively compare SecLAs.

Download

Paper Citation

in Harvard Style

Luna Garcia J., Ghani H., Vateva T. and Suri N. (2012). Quantitative Assessment of Cloud Security Level Agreements - A Case Study . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 64-73. DOI: 10.5220/0004019900640073

in Bibtex Style

@conference{secrypt12,
author={Jesus Luna Garcia and Hamza Ghani and Tsvetoslava Vateva and Neeraj Suri},
title={Quantitative Assessment of Cloud Security Level Agreements - A Case Study},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={64-73},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004019900640073},
isbn={978-989-8565-24-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Quantitative Assessment of Cloud Security Level Agreements - A Case Study
SN - 978-989-8565-24-2
AU - Luna Garcia J.
AU - Ghani H.
AU - Vateva T.
AU - Suri N.
PY - 2012
SP - 64
EP - 73
DO - 10.5220/0004019900640073