Abstract
Security as a Service (SecaaS) offers security capabilities as a cloud service. It offers the Customers the expertise of specialists in their fields, supports flexible deployment models, allows customers to focus on their business core, and leaves the security to the SecaaS provider. Besides, finding a Cloud Service that guarantees the minimum Security Service Level Agreement (SecSLA) required by the customer may be challenging. Due to the difference in the security objectives between the Cloud Service Provider (CSP) and the Cloud Service Customer (CSC). To enable the customer to use the Cloud Service without giving up security. We propose an approach to upgrade the SecSLA guaranteed by a Cloud Service using a set of SecaaS provided by a third-party CSP. Besides, based on the knowledge graph, we create a service that offers a centralized repository of Cloud Service and SecaaS. It furnishes a GraphQL API (Application Programming Interface) to allow users to search for relevant SecaaS that support their Cloud Services consumed and provide the missing Security Service Level Objective (SSLO) to achieve the minimum SecSLA. To validate our approach, we create a study case with five scenarios and evaluate the response time for each of them. We calculate the overhead of the scenarios that use our approach compared to the other ones.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
ISO/IEC 19086-1:2016 [10]: “documented agreement between the cloud service provider and cloud service customer that governs the covered service(s).”
- 2.
ISO/IEC 19086-1:2016 [10]: “commitment a cloud service provider makes for a specific, quantitative characteristic of a cloud service, where the value follows the interval scale or ratio scale.”
- 3.
ISO/IEC 19086-1:2016 [10]: “commitment a cloud service provider makes for a specific, qualitative characteristic of a cloud service, where the value follows the nominal scale or ordinal scale.”
- 4.
GraphQL: https://graphql.org/.
- 5.
Neo4j: https://neo4j.com/.
- 6.
Docker: https://www.docker.com/.
- 7.
MinIO: https://min.io/.
- 8.
Django framework. https://www.djangoproject.com/.
- 9.
Cryptography library. https://github.com/pyca/cryptography.
References
Taha, A., Trapero, R., Luna, J., Suri, N.: A framework for ranking cloud security services. In: 2017 IEEE International Conference on Services Computing (SCC), pp. 322–329. IEEE, June 2017
Dogra, H., Verma, S., Hubballi, N., Swarnkar, M.: Security service level agreement measurement in cloud: a proof of concept implementation. In: 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), pp. 1–6. IEEE, December 2017
Halabi, T., Bellaiche, M.: Towards quantification and evaluation of security of cloud service providers. J. Inf. Secur. Appl. 33, 55–65 (2017)
Silva, A., Silva, K., Rocha, A., Queiroz, F.: Calculating the trust of providers through the construction weighted Sec-SLA. Futur. Gener. Comput. Syst. 97, 873–886 (2019)
Casola, V., Benedictis, A.D., Modic, J., Rak, M., Villano, U.: Per-service security SLAs for cloud security management: model and implementation. Int. J. Grid Util. Comput. 9(2), 128–138 (2018)
Taha, A., Boukoros, S., Luna, J., Katzenbeisser, S., Suri, N.: QRES: quantitative reasoning on encrypted security SLAs. arXiv preprint arXiv:1804.04426 (2018)
ISO/IEC 17788:2014. https://www.iso.org/obp/ui/#iso:std:iso-iec:17788:ed-1:v1:en
Mell, P., Grance, T.: The NIST definition of cloud computing (2011)
The Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 (“Guidance v4.0”). https://downloads.cloudsecurityalliance.org/assets/research/security-guidance/security-guidance-v4-FINAL.pdf
ISO/IEC19086-1:2016. https://standards.iso.org/ittf/PubliclyAvailableStandards/c067545/_ISO/_IEC/_19086-1/_2016.zip
Consensus Assessment Initiative Questionnaire CAIQ v4. https://cloudsecurityalliance.org/artifacts/star-level-1-security-questionnaire-caiq-v4/
Cloud Security Alliance (CSA). https://cloudsecurityalliance.org/
SP 800–53 Rev 5. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
National Institute of Standards and Technology (NIST). https://www.nist.gov/
Amazon Elastic Container Service (Amazon ECS). https://aws.amazon.com/ecs/
Azure Container Instances. https://azure.microsoft.com/en-us/products/container-instances/
Google Cloud Run. https://cloud.google.com/run
Docker Compose. https://docs.docker.com/compose/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Rahmouni, A., Oukid, S., Ghebghoub, Y. (2023). Upgrade SecSLA Using Security as a Service Based on Knowledge Graph. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2. FTC 2022 2022. Lecture Notes in Networks and Systems, vol 560. Springer, Cham. https://doi.org/10.1007/978-3-031-18458-1_33
Download citation
DOI: https://doi.org/10.1007/978-3-031-18458-1_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18457-4
Online ISBN: 978-3-031-18458-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)