Abstract
As cloud computing technology turning to mature, cloud services have become a trust-based service. Users’ distrust of the security and performance of cloud services will hinder the rapid deployment and development of cloud services. So cloud service providers (CSPs) urgently need a way to prove that the infrastructure and the behavior of cloud services they provided can be trusted. The challenge here is how to construct a novel framework that can effective verify the security conformance of cloud services, which focuses on fine-grained descriptions of cloud service behavior and security service level aggreements (SLAs). In this paper, we propose a novel approach to verify cloud service security conformance, which reduces the description gap between the CSP and users through modeling cloud service behavior and security SLA, these models enable a systematic integration of security constraints and service behavior into cloud while using UPPAAL to check the performance and security conformance. The proposed approach is validated through case study and experiments with real cloud service based on Open-Stack, which illustrates CloudSec approach effectiveness and can be applied on realistic cloud scenario.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Krutz R L, Vines R D, Brunette G. Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Indianapolis: Wiley, 2010
Singh A, Chatterjee K. Cloud security issues and challenges: a survey. Journal of Network and Computer Applications, 2017, 79: 88–115
Lomuscio A, Penczek W, Solanki M, Szreter M. Runtime monitoring of contract regulated web services. Fundamenta Informaticae, 2011, 111(3): 339–355
Van der Aalst W, Adriansyah A, van Dongen B. Replaying history on process models for conformance checking and performance analysis. Wiley Interdisciplinary Reviews Data Mining and Knowledge Discovery, 2012, 2(2): 182–192
Van der Aalst W M P, Dumas M, Ouyang C, Rozinat A, Verbeek E. Conformance checking of service behavior. ACM Transactions on Internet Technology, 2008, 8(3): 1–30
García-Banuelos L, Van Beest N R T P, Dumas M, La Rosa M, Mertens W. Complete and interpretable conformance checking of business processes. IEEE Transactions on Software Engineering, 2015, PP(99): 1–1
Kai J, Miao H, Zhao K, Zhou J, Gao H. A platform for analyzing behaviors of service-oriented application based on the probabilistic model checking. International Journal of Software Innovation, 2015, 3(2): 24–38
Kikuchi S, Aoki T. Evaluation of operational vulnerability in cloud service management using model checking. In: Proceedings of IEEE International Symposium on Service Oriented System Engineering. 2013, 37–48
Moreno G A, Camara J, Garlan D, Schmerl B. Proactive self-adaptation under uncertainty: a probabilistic model checking approach. In: Proceedings of Joint Meeting on Foundations of Software Engineering. 2015, 1–12
Leemans S J J, Fahland D, Van der Aalst W M P. Scalable process discovery and conformance checking. Software and Systems Modeling, 2018, 17(2): 1–33
Liu D, Zic J. Cloud#: a specification language for modeling cloud. In: Proceedings of IEEE International Conference on Cloud Computing. 2011, 533–540
Uriarte R B, Tiezzi F, Nicola R D. SLAC: a formal servicelevel-agreement language for cloud computing. In: Proceedings of IEEE/ACM International Conference on Utility and Cloud Computing. 2014, 419–426
Bergmayr A, Wimmer M, Kappel G, Grossniklaus M. Cloud modeling languages by example. In: Proceedings of IEEE International Conference on Service-oriented Computing and Applications. 2014, 137–146
Cicotti G, Coppolino L, D’Antonio S, Romano L. Runtime model checking for SLA compliance monitoring and QoS prediction. JoWUA, 2015, 6(2): 4–20
Awad A, Decker G, Weske M. Efficient compliance checking using BPMN-Q and temporal logic. In: Proceedings of International Conference on Business Process Management. 2008, 326–341
Hendre A, Joshi K P. A semantic approach to cloud security and compliance. In: Proceedings of IEEE International Conference on Cloud Computing. 2015, 1081–1084
Khadraoui A, Feltus C. Service specification and service compliance: how to consider the responsibility dimension? Journal of Service Science Research, 2012, 4(1): 123–142
Madi T, Majumdar S, Wang Y, Pourzandi M, Debbabi M, Jarraya Y, Wang L. Auditing security compliance of the virtualized infrastructure in the cloud: application to openstack. In: Proceedings of the 6th ACM Conference on Data and Application Security and Privacy. 2016, 195–206
Darvas D, Majzik I, Vinuela E B. Conformance checking for programmable logic controller programs and specifications. In: Proceedings of the 11th IEEE Symposium on Industrial Embedded Systems. 2016, 1–8
Roehm H, Oehlerking J, Woehrle M, Althoff M. Reachset conformance testing of hybrid automata. In: Proceedings of the 19th International Conference on Hybrid Systems: Computation and Control. 2016, 277–286
Viriyasitavat W, Da Xu L, Viriyasitavat W. Compliance checking for requirement-oriented service workflow interoperations. IEEE Transactions on Industrial Informatics, 2014, 10(2): 1469–1477
Acknowledgements
This work was supported by the National Natural Science Foundation of China (Grant Nos. U1636208, NO 61862008).
Author information
Authors and Affiliations
Corresponding author
Additional information
Xiaochen Liu is currently a PhD candidate at School of Computer Science and Engineering in Beihang University, China. She received the BS degree and the MS degree in school of Computer Science and Technology in Beijing Posts and Telecommunications University, China. Her research interests include network management, cloud service management, and cloud security analysis.
Chunhe Xia is now heading the Beijing Key Laboratory of Network Technology, Beihang University, China. He received his PhD degree in Computer Science and Engineering from Beihang University, China in 2003. His research interests include network security, network management, and network measurement.
Tianbo Wang received the PhD degree in computer application from the Beihang University, China in 2018. He is currently a lecturer with Beihang University, China. He has participated in several National Natural Science Foundations and other research projects. His research interests include network and information security, intrusion detection technology, and information countermeasure.
Li Zhong received the BS degree in computer science from Beihang University, and is currently a PhD student of Beihang University, China. His mainly research includes cloud computing technology, social network analysis and source identification of information diffusion.
Xiaojian Li received his PhD degree in Computer Science from Beihang University, China. He is a professor in the School of Computer Science and Information Technology at Guangxi Normal University, China. His research interests focus on the field of cyberspace, including computer network, concealed communication, network penetration, intelligence analysis, and information system security.
Electronic supplementary material
Rights and permissions
About this article
Cite this article
Liu, X., Xia, C., Wang, T. et al. A behavior-aware SLA-based framework for guaranteeing the security conformance of cloud service. Front. Comput. Sci. 14, 146808 (2020). https://doi.org/10.1007/s11704-019-9130-0
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11704-019-9130-0