On the Adoption of Security SLAs in the Cloud

  • Valentina CasolaEmail author
  • Alessandra De Benedictis
  • Massimiliano Rak
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8937)


Can security be provided as-a-Service? Is it possible to cover a security service by a proper Service Level Agreement? This paper tries to reply to these questions by presenting some ongoing research activities from standardization bodies and academia, trying to cope with the open issues in the management of Security Service Level Agreement in its whole life cycle, made of negotiation, enforcement and monitoring phases.


Service Level Agreement Security SLA Cloud computing SLA life cycle 



This research is partially supported by the grant FP7-ICT-2013-11-610795 (SPECS).


  1. 1.
    ISO/IEC 17788:2014. Information Technology-Cloud Computing-Overview and Vocabulary. Technical report, International Organization for Standardization (2014)Google Scholar
  2. 2.
    ISO/IEC 17789:2014. Information Technology-Cloud computing-Reference architecture. Technical report, International Organization for Standardization (2014)Google Scholar
  3. 3.
    ISO/IEC NP 19086–1. Information Technology-Cloud computing-Service level agreement (SLA) framework and technology-Part 1: Overview and concepts. Technical report, International Organization for Standardization (2014)Google Scholar
  4. 4.
    Almorsy, M., Ibrahim, A., Grundy, J.: Adaptive security management in saas applications. In: Nepal, S., Pathan, M. (eds.) Security, Privacy and Trust in Cloud Systems, pp. 73–102. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  5. 5.
    Andrieux, A., Czajkowski, K., Dan, A., Keahey, K., Ludwig, H., Nakata, T., Pruyne, J., Rofrano, J., Tuecke, S., Xu, M.: Web Services Agreement Specification (WS-Agreement). Technical report, Global Grid Forum, Grid Resource Allocation Agreement Protocol (GRAAP) WG, September 2005Google Scholar
  6. 6.
    Casola, V., De Benedictis, A., Rak, M., Villano, U.: Preliminary design of a platform-as-a-service to provide security in cloud. In: CLOSER 2014 – Proceedings of the 4th International Conference on Cloud Computing and Services Science, pp. 752–757, Barcelona, Spain, April 3–5 (2014)Google Scholar
  7. 7.
    Casola, V., Fasolino, A.R., Mazzocca, N., Tramontana, P.: An ahp-based framework for quality and security evaluation. In: Proceedings of the 2009 International Conference on Computational Science and Engineering, CSE 2009, vol. 03, pp. 405–411. IEEE Computer Society, Washington, DC (2009)Google Scholar
  8. 8.
    Casola, V., Fasolino, A.R., Mazzocca, N., Tramontana, P.: A policy-based evaluation framework for quality and security in service oriented architectures. In: Proceedings – 2007 IEEE International Conference on Web Services, ICWS 2007, pp. 1181–1182 (2007)Google Scholar
  9. 9.
    Casola, V., Mazzeo, A., Mazzocca, N., Rak, M.: An innovative policy-based cross certification methodology for public key infrastructures. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 100–117. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  10. 10.
    Casola, V., Mazzeo, A., Mazzocca, N., Rak, M.: A sla evaluation methodology in service oriented architectures. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds.) Advances in Information Security, pp. 119–130. Springer, USA (2006)Google Scholar
  11. 11.
    Casola, V., Mazzeo, A., Mazzocca, N., Vittorini, V.: A policy-based methodology for security evaluation: a security metric for public key infrastructures. J. Comput. Secur. 15(2), 197–229 (2007)Google Scholar
  12. 12.
    Casola, V., Mazzocca, N., Luna, J., Manso, O., Medina, M., Rak, M.: Static evaluation of certificate policies for grid pkis interoperability. In: Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 391–399 (2007)Google Scholar
  13. 13.
    Cloud Security Alliance. Cloud Control Matrix v3.0.
  14. 14.
    Cloud Security Alliance. Consensus Assessment Initiative Questionnaire V1.1.
  15. 15.
    European Commission. SWD(2012) 271 final. Unleashing the Potential of Cloud Computing in Europe. Technical report, September 2012Google Scholar
  16. 16.
    Emeakaroha, V.C., Brandic, I., Maurer, M., Dustdar, S.: Low level metrics to high level slas - lom2his framework: bridging the gap between monitored metrics and sla parameters in cloud environments. In: 2010 International Conference on High Performance Computing and Simulation (HPCS), pp. 48–54, June 2010Google Scholar
  17. 17.
    Emeakaroha, V.C., Ferreto, T.C., Netto, M.A.S., Brandic, I., De Rose., C.A.F.: Casvid: Application level monitoring for sla violation detection in clouds. In: 2012 IEEE 36th Annual Computer Software and Applications Conference (COMPSAC), pp. 499–508, July 2012Google Scholar
  18. 18.
    Harsh, P., Jegou, Y., Cascella, R.G., Morin, C.: Contrail virtual execution platform challenges in being part of a cloud federation. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 50–61. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  19. 19.
    Liu, F., Tong, J., Mao, J., Bohn, R.B., Messina, J.V., Badger, M.L., Leaf, D.M.: NIST SP - 500–292. Cloud Computing Reference Architecture. Technical report, National Institute of Standards & Technology, September 2011Google Scholar
  20. 20.
    Mell, P.M., Grance, T.: SP 800–145. The NIST Definition of Cloud Computing. Technical report, National Institute of Standards & Technology, Gaithersburg, MD, United States (2011)Google Scholar
  21. 21.
    European Network and Information Security Agency (ENISA). Procure secure. a guide to monitoring of security service levels in cloud contracts, April 2012Google Scholar
  22. 22.
    Rak, M., Venticinque, S., Mahr, T., Echevarria, G., Esnal, G.: Cloud application monitoring:the mosaic approach. In: 2011 IEEE Third International Conference on Cloud Computing Technology and Science (CloudCom), pp. 758–763, November 2011Google Scholar
  23. 23.
    European Commission C-SIG (Cloud Select Industry Group) subgroup. IP/14/743. New guidelines to help EU businesses use the Cloud. Technical report, June 2014Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Valentina Casola
    • 1
    Email author
  • Alessandra De Benedictis
    • 1
  • Massimiliano Rak
    • 2
  1. 1.Universita’ di Napoli Federico IINaplesItaly
  2. 2.Seconda Universita’ di NapoliCasertaItaly

Personalised recommendations