SLA-Oriented Security Provisioning for Cloud Computing

6th International Symposium on Telecommunications (IST), 2012

aYkvj"kortguukxg"rtqitguu"qh"enqwf"eqorwvkpi"cpf" kvu"kphnwgpeg"qp"ocp{"curgevu"qh"wvknkv{"eqorwvkpi."ocp{"qh" eqorcpkgu"cpf"gpvgtrtkugu"ctg"vgpfkpi"vq"vjku"pgy"rtqfwev" qh" kphqtocvkqp" vgejpqnqi{=" uqog" qh" vjgug" eqorcpkgu" ctg" kpvgtguvgf" kp" eqpuwokpi" enqwf" ugtxkegu" cpf" qvjgtu" vgpf" vq" rtqxkfg" enqwf" ugtxkegu0" Vjg" oquv" eqooqp" vjkpi" hqt" vjgug" vyq" oclqt" encuugu" qh" wugtu" ku" ugtxkeg" ngxgn" citggogpvu" *UNCu+" yjkej" ctg" ugv" dgvyggp" vjgo0" Ocp{" htcogyqtmu" jcxg"dggp"kpvtqfwegf"hqt"UNC"ocpcigogpv"kp"ygd"ugtxkeg" ngxgn." dwv" vjgtg" ctg" hgy" crrnkecdng" htcogyqtmu" vjcv" ctg" urgekhke" hqt" enqwf" eqorwvkpi" ugtxkegu0" Kp" vjku" rcrgt." yg" rtqrqug" c" htcogyqtm" hqt" UNC" ocpcigogpv" kp" enqwf" eqorwvkpi" cpf" gurgekcnn{" kpvgt/enqwf" gpxktqpogpvu0" Vjku" htcogyqtm"ku"dcugf"qp"YUNC"yjkej"ku"kpvtqfwegf"d{"KDO." dwv" yg" jcxg" ejcpigf" kv" vq" hkv" kpvq" enqwf" eqorwvkpi" gpxktqpogpvu0"Vjku"htcogyqtm"ku"kp"hcev"c"eqorqpgpv"qh"vjg" enqwf" eqorwvkpi" htcogyqtm" yjkej" yg" jcxg" kpvtqfwegf" kp" qwt" rtgxkqwu" yqtm0" Kp" vjku" rcrgt" yg" ctg" pqv" iqkpi" vq" rtqxkfg"c"nkuv"qh"enqwf"ugtxkeg"UNC"rctcogvgtu="kpuvgcf."yg" rtqrqug" c" htcogyqtm" vq" ocpcig" enqwf" ugtxkeg" UNCu" cpf" ogvtkeu0

2017 IEEE International Conference on Edge Computing (EDGE), 2017

Nowadays, Cloud providers revise the terms of their Service Level Agreements (SLAs) to include security provisions due to their criticality for their customers. In order to speed up their adoption by service providers and consumers and to make them more actionable, security SLAs monitoring should be described in a machine-processable, agile and extensible way. Several tools for SLA management are available on the market but most deal with performance metrics and do not refer to security properties. There are other tools for monitoring cloud security, in a non-SLA way. However, they are not associated with SLA management systems. We propose an extension to an SLA language (i.e., rSLA) to enable the description of security requirements in an SLA document. We also extend the rSLA framework by a security methodology that makes use of known tools and that enables continuously checking that the security requirements are respected during runtime according to the SLA document.

2012

Cloud computing has evolved from the provisioning of virtual machines to the provisioning of complex services, delivered to customers under the terms of Service-Level Agreements (SLAs). SLAs specify the Quality of Service (QoS) that should be provided to customers as well as the billing model. A main concern for cloud service providers is to maintain the agreed SLA terms in order to avoid losses and penalties. Maintaining the SLA in turn requires translating the QoS to configurations of low-level mechanisms, able to enforce the agreed terms. Current systems provide no integrated support for SLA specification, translation, and enforcement. In this paper, we propose an approach for specifying and enforcing SLAs for cloud service providers. The approach covers the creation of SLA templates under a billing model, the design of performance and faulttolerance QoS assurance mechanisms as well as the translation of QoS to appropriate configurations of those mechanisms. We demonstrate the feasibility of our approach by using the Qu4DS framework for PaaS cloud providers. Moreover, we evaluate the impact of failures on the provider profit. The experiments were carried out on the Grid5000 testbed and demonstrate the effectiveness of ensuring fault tolerance in different scenarios.

Cloud Workshops at OOPSLA, 2009

Cloud computing that provides cheap and pay-as-you-go computing resources is rapidly gaining momentum as an alternative to traditional IT Infrastructure. As more and more consumers delegate their tasks to cloud providers, Service Level Agreements(SLA) between consumers and providers emerge as a key aspect. Due to the dynamic nature of the cloud, continuous monitoring on Quality of Service (QoS) attributes is necessary to enforce SLAs. Also numerous other factors such as trust (on the cloud provider) come into consideration, particularly for enterprise customers that may outsource its critical data. This complex nature of the cloud landscape warrants a sophisticated means of managing SLAs. This paper proposes a mechanism for managing SLAs in a cloud computing environment using the Web Service Level Agreement(WSLA) framework, developed for SLA monitoring and SLA enforcement in a Service Oriented Architecture (SOA). We use the third party support feature of WSLA to delegate monitoring and enforcement tasks to other entities in order to solve the trust issues. We also present a real world use case to validate our proposal.

Future Generation Computer Systems, 2016

Quality-of-service and SLA guarantees are among the major challenges of cloud-based services. In this paper we first present a new cloud model called SLAaaS-SLA aware Service. SLAaaS considers QoS levels and SLA as first class citizens of cloud-based services. This model is orthogonal to other SaaS, PaaS, and IaaS cloud models, and may apply to any of them. More specifically we make three contributions: (i) we provide a novel domain specific language that allows to describe QoS-oriented SLA associated with cloud services; (ii) we present a general control-theoretic approach for managing cloud service SLA; (iii) we apply the proposed language and control approach to guarantee SLA in various case studies, ranging from cloud-based MapReduce service, to locking service, and higher-level e-commerce service; these case studies successfully illustrate SLA management with different QoS aspects of cloud services such as performance, dependability, financial and energetic costs.

2012

Cloud computing is a paradigm for enabling remote, on-demand access to a set of configurable computing resources as a service. The pay-per-use model enables service providers to offer their services to customers in different Quality-of-Service (QoS) levels. Service Level Agreement (SLA) is a negotiated agreement between a service provider and a customer where QoS parameters specify the quality level of service that the service provider have to guarantee. However, due to the dynamic nature of the Cloud and its instability, some SLA violations can occurred and the service providers can be charged for penalties. In this paper, we aim at addressing the Cloud instability to better control SLA management (in particular SLA violations) and indirectly the Cloud elasticity. We propose CSLA, a new SLA language directly integrating some features dealing with QoS uncertainty and Cloud fluctuation. In our evaluation, we present a novel profit model for service provider and new algorithms (for admission control and scheduling) to meet SLA requirements (e.g. prevent SLA violations) while tackling scalability and dynamic issues.

Procedia Computer Science, 2018

Cloud computing is a novel paradigm that is known for its elasticity and diversity in terms of the services provided to the end users. Although these services offer many benefits such as availability, cost-reduction, flexible payment plans, security, and efficiency, there are still several security concerns that are considered major obstacles preventing tenants from transferring their resources to the cloud. The security provided by the cloud service providers is still inadequate for the tenants security requirements because providers use standard security mechanisms regardless of the tenants requirements. Thus, cloud tenants cannot rely on the security provided by the cloud providers. Although, traditional intrusion detection systems have been proposed and developed by different entities including researchers, academicians, and practitioners as a solution that cloud providers can offer to their tenants to cope with security issues in the cloud, the requirements of the tenants in terms of security are not considered. It is very important, however, to consider the differences in the tenants security requirements to provide better security services. In this research, we concentrate on providing a security service that allows cloud tenants to monitor and protect their virtual environments by deploying a security mechanism that is capable of meeting their needs. The main contribution of this work is providing an efficient, flexible, and low-cost security as a service model-based on Intrusion Detection Systems (IDS)-that takes the tenants security requirements into consideration.

Scalable Computing: Practice and Experience, 2014

Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate the security mechanisms enforced by service provider. Service Level Agreements mainly focus on performance related terms and no guarantees are given for security mechanisms. Customers are interested in tools to verify and monitor the implemented security requirements. On the other hand, developers need tools to deploy Cloud applications offering measurable security grants to end users. In this paper, we propose an approach to implement security mechanisms as components in the application design process. We modeled security interactions according to the specific threat, the specific security requirements and user/application capabilities trying to improve security. It enables a Service Provider to offer security guarantees to customers. The approach has been designed to fit with different Cloud platforms, but to demonstrate its applicability, we will present a case study on the mOSAIC Platform.

Mehran University Research Journal of Engineering and Technology

Cloud Computing is a cutting edge technology in market now a days. In Cloud Computing environment the customer should pay bills to use computing resources. Resource allocation is a primary task in a cloud environment. Significance of resources allocation and availability increase many fold because income of the cloud depends on how efficiently it provides the rented services to the clients. SLA (Service Level Agreement) is signed between the cloud Services Provider and the Cloud Services Consumer to maintain stipulated QoS (Quality of Service). It is noted that SLAs are violated due to several reasons. These may include system malfunctions and change in workload conditions. Elastic and adaptive approaches are required to prevent SLA violations. We propose an application level monitoring novel scheme to prevent SLA violations. It is based on elastic and scalable characteristics. It is easy to deploy and use. It focuses on application level monitoring.

─Cloud Computing is a new computing paradigm originating and combining characteristics from grid computing, distributed computing, parallel computing, virtualization and other computer technologies. Trust and security in Cloud Computing are more complex than in traditional IT systems. Conventional security policies designed for other technologies do not map well to the cloud environment, which, on top of that, may exhibit additional security requirements. In an attempt to assist cloud providers to secure their environment, and specifically for the Software-as-a-Service Model (SaaS), this paper starts with the presentation of the already reported threats. Because of these security threats, there are specific requirements that we claim must be clearly addressed in the Security Policy for the Cloud Environment. Our work focuses on the required structure and contents of such a security policy. In this respect, this paper proposes a model to describe the relationship between threats, measures, and security policies applicable to the SaaS model. It is worth stressing that in the SaaS service model, the client depends on the provider for the proper security measures.