Risk propagation of security SLAs in the cloud

Matthew L. Hale, Rose Gamble

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations


For organizations with mission critical systems, moving data or functionality to the cloud introduces a risk of additional exposed vulnerabilities associated with cloud service providers not implementing organizationally selected security controls. When internal system details are abstracted away as part of the cloud architecture, the organization must rely on contractual obligations embedded in service level agreements (SLAs) to assess service offerings for security risk. Whenever an SLA is formed, the level of risk incurred is based on how well the offered service terms meet the organizational security demands. In the cloud, additional SLAs between third party cloud service providers are formed to federate cloud resources, effectively distributing organizational risk among the various providers involved in the negotiated federations or service compositions. At runtime, whenever a cloud or service violates its SLA with respect to security controls or cancels any security offerings, the risk of noncompliance with organizational security policies increases. This paper provides a process to adapt to the propagated changes of service provider security risks within a service composition or federation due to SLA violations. The process is based on a distributed risk-aware renegotiation algorithm that replaces services if they violate SLAs.

Original languageEnglish (US)
Title of host publication2012 IEEE Globecom Workshops, GC Wkshps 2012
Number of pages6
StatePublished - 2012
Externally publishedYes
Event2012 IEEE Globecom Workshops, GC Wkshps 2012 - Anaheim, CA, United States
Duration: Dec 3 2012Dec 7 2012

Publication series

Name2012 IEEE Globecom Workshops, GC Wkshps 2012


Conference2012 IEEE Globecom Workshops, GC Wkshps 2012
Country/TerritoryUnited States
CityAnaheim, CA


  • algorithms
  • audit
  • certification
  • cloud computing
  • matchmaking
  • quality of security service
  • risk
  • security
  • service level agreement
  • web services

ASJC Scopus subject areas

  • Computer Networks and Communications


Dive into the research topics of 'Risk propagation of security SLAs in the cloud'. Together they form a unique fingerprint.

Cite this