Authors:
Aida Čaušević
;
Elena Lisova
;
Mohammad Ashjaei
and
Syed Usman Ashgar
Affiliation:
Mälardalen University,Västerås and Sweden
Keyword(s):
Service Level Agreement, Security, SLAC, Security Process, Cloud Computing, Run-time Monitoring.
Abstract:
With development of cloud computing new ways for easy, on-demand, Internet-based access to computing resources have emerged. In such context a Service Level Agreement (SLA) enables contractual agreements between service providers and users. Given an SLA, service users are able to establish trust in that the service outcome corresponds to what they have demanded during the service negotiation process. However, an SLA provides a limited support outside of basic Quality of Service (QoS) parameters, especially when it comes to security. We find security as an important factor to be included in adjusting an SLA according to user defined objectives. Incorporating it in an SLA is challenging due to difficulty to provide complete and quantifiable metrics, thus we propose to focus on a systematic way of addressing security using the security process. In this paper we investigate ways in which security might be incorporated already in the service negotiation process and captured in an SLA. We
propose a corresponding process to develop and maintain an SLA that considers both design-, and run-time. To demonstrate the approach we built upon the existing SLAC language and extend its syntax to support security. An example of a service being provided with security guarantees illustrates the concept.
(More)