Risk propagation of security SLAs in the cloud

Matthew L. Hale; Rose Gamble

doi:10.1109/GLOCOMW.2012.6477665

Risk propagation of security SLAs in the cloud

Matthew L. Hale, Rose Gamble

Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

9 Scopus citations

Abstract

For organizations with mission critical systems, moving data or functionality to the cloud introduces a risk of additional exposed vulnerabilities associated with cloud service providers not implementing organizationally selected security controls. When internal system details are abstracted away as part of the cloud architecture, the organization must rely on contractual obligations embedded in service level agreements (SLAs) to assess service offerings for security risk. Whenever an SLA is formed, the level of risk incurred is based on how well the offered service terms meet the organizational security demands. In the cloud, additional SLAs between third party cloud service providers are formed to federate cloud resources, effectively distributing organizational risk among the various providers involved in the negotiated federations or service compositions. At runtime, whenever a cloud or service violates its SLA with respect to security controls or cancels any security offerings, the risk of noncompliance with organizational security policies increases. This paper provides a process to adapt to the propagated changes of service provider security risks within a service composition or federation due to SLA violations. The process is based on a distributed risk-aware renegotiation algorithm that replaces services if they violate SLAs.

Original language	English (US)
Title of host publication	2012 IEEE Globecom Workshops, GC Wkshps 2012
Pages	730-735
Number of pages	6
DOIs	https://doi.org/10.1109/GLOCOMW.2012.6477665
State	Published - Dec 1 2012
Event	2012 IEEE Globecom Workshops, GC Wkshps 2012 - Anaheim, CA, United States Duration: Dec 3 2012 → Dec 7 2012

Publication series

Name	2012 IEEE Globecom Workshops, GC Wkshps 2012

Conference

Conference	2012 IEEE Globecom Workshops, GC Wkshps 2012
Country	United States
City	Anaheim, CA
Period	12/3/12 → 12/7/12

Keywords

algorithms
audit
certification
cloud computing
matchmaking
quality of security service
risk
security
service level agreement
web services

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1109/GLOCOMW.2012.6477665

Fingerprint Dive into the research topics of 'Risk propagation of security SLAs in the cloud'. Together they form a unique fingerprint.

Cite this

Hale, M. L., & Gamble, R. (2012). Risk propagation of security SLAs in the cloud. In 2012 IEEE Globecom Workshops, GC Wkshps 2012 (pp. 730-735). [6477665] (2012 IEEE Globecom Workshops, GC Wkshps 2012). https://doi.org/10.1109/GLOCOMW.2012.6477665

@inproceedings{db01197650944515a5de4617a67deb9c,

title = "Risk propagation of security SLAs in the cloud",

abstract = "For organizations with mission critical systems, moving data or functionality to the cloud introduces a risk of additional exposed vulnerabilities associated with cloud service providers not implementing organizationally selected security controls. When internal system details are abstracted away as part of the cloud architecture, the organization must rely on contractual obligations embedded in service level agreements (SLAs) to assess service offerings for security risk. Whenever an SLA is formed, the level of risk incurred is based on how well the offered service terms meet the organizational security demands. In the cloud, additional SLAs between third party cloud service providers are formed to federate cloud resources, effectively distributing organizational risk among the various providers involved in the negotiated federations or service compositions. At runtime, whenever a cloud or service violates its SLA with respect to security controls or cancels any security offerings, the risk of noncompliance with organizational security policies increases. This paper provides a process to adapt to the propagated changes of service provider security risks within a service composition or federation due to SLA violations. The process is based on a distributed risk-aware renegotiation algorithm that replaces services if they violate SLAs.",

keywords = "algorithms, audit, certification, cloud computing, matchmaking, quality of security service, risk, security, service level agreement, web services",

author = "Hale, {Matthew L.} and Rose Gamble",

year = "2012",

month = dec,

day = "1",

doi = "10.1109/GLOCOMW.2012.6477665",

language = "English (US)",

isbn = "9781467349413",

series = "2012 IEEE Globecom Workshops, GC Wkshps 2012",

pages = "730--735",

booktitle = "2012 IEEE Globecom Workshops, GC Wkshps 2012",

note = "2012 IEEE Globecom Workshops, GC Wkshps 2012 ; Conference date: 03-12-2012 Through 07-12-2012",

}

TY - GEN

T1 - Risk propagation of security SLAs in the cloud

AU - Hale, Matthew L.

AU - Gamble, Rose

PY - 2012/12/1

Y1 - 2012/12/1

N2 - For organizations with mission critical systems, moving data or functionality to the cloud introduces a risk of additional exposed vulnerabilities associated with cloud service providers not implementing organizationally selected security controls. When internal system details are abstracted away as part of the cloud architecture, the organization must rely on contractual obligations embedded in service level agreements (SLAs) to assess service offerings for security risk. Whenever an SLA is formed, the level of risk incurred is based on how well the offered service terms meet the organizational security demands. In the cloud, additional SLAs between third party cloud service providers are formed to federate cloud resources, effectively distributing organizational risk among the various providers involved in the negotiated federations or service compositions. At runtime, whenever a cloud or service violates its SLA with respect to security controls or cancels any security offerings, the risk of noncompliance with organizational security policies increases. This paper provides a process to adapt to the propagated changes of service provider security risks within a service composition or federation due to SLA violations. The process is based on a distributed risk-aware renegotiation algorithm that replaces services if they violate SLAs.

AB - For organizations with mission critical systems, moving data or functionality to the cloud introduces a risk of additional exposed vulnerabilities associated with cloud service providers not implementing organizationally selected security controls. When internal system details are abstracted away as part of the cloud architecture, the organization must rely on contractual obligations embedded in service level agreements (SLAs) to assess service offerings for security risk. Whenever an SLA is formed, the level of risk incurred is based on how well the offered service terms meet the organizational security demands. In the cloud, additional SLAs between third party cloud service providers are formed to federate cloud resources, effectively distributing organizational risk among the various providers involved in the negotiated federations or service compositions. At runtime, whenever a cloud or service violates its SLA with respect to security controls or cancels any security offerings, the risk of noncompliance with organizational security policies increases. This paper provides a process to adapt to the propagated changes of service provider security risks within a service composition or federation due to SLA violations. The process is based on a distributed risk-aware renegotiation algorithm that replaces services if they violate SLAs.

KW - algorithms

KW - audit

KW - certification

KW - cloud computing

KW - matchmaking

KW - quality of security service

KW - risk

KW - security

KW - service level agreement

KW - web services

UR - http://www.scopus.com/inward/record.url?scp=84875681664&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84875681664&partnerID=8YFLogxK

U2 - 10.1109/GLOCOMW.2012.6477665

DO - 10.1109/GLOCOMW.2012.6477665

M3 - Conference contribution

AN - SCOPUS:84875681664

SN - 9781467349413

T3 - 2012 IEEE Globecom Workshops, GC Wkshps 2012

SP - 730

EP - 735

BT - 2012 IEEE Globecom Workshops, GC Wkshps 2012

T2 - 2012 IEEE Globecom Workshops, GC Wkshps 2012

Y2 - 3 December 2012 through 7 December 2012

ER -