Advertisement

A Security Metric Catalogue for Cloud Applications

  • Valentina Casola
  • Alessandra De Benedictis
  • Massimiliano Rak
  • Umberto Villano
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 611)

Abstract

Cloud monitoring and, above all, security monitoring, is of fundamental importance for both providers and consumers. The availability of effective security metrics and related monitoring tools would not only improve the trust of consumers in acquired services and the control of providers over their infrastructures, but it would also enable the adoption of security-oriented Service Level Agreements stating formal guarantees about measurable security parameters.

In this paper, we discuss a Security SLA model including the concepts needed to formalize security metrics and security-oriented Service Level Objectives in compliance with existing standards, and present a novel Security Metric Catalogue collecting several metrics that can be used to monitor the level of security provided by a cloud or multi-cloud application.

Notes

Acknowledgment

This research is partially supported by the grant FP7-ICT-2013-11-610795 (SPECS) and H2020-ICT-07-2014-644429 (MUSA).

References

  1. 1.
    A4Cloud project web site (2017). http://www.a4cloud.eu/
  2. 2.
    MUSA project web site (2017). http://www.musa-project.eu
  3. 3.
    SPECS project web site (2017). http://www.specs-project.eu
  4. 4.
    A4Cloud Consortium: Deliverable D: 35.1: Metrics for Accountability. (2013). http://www.a4cloud.eu/sites/default/files/D35.1%20Metrics%20for%20accountability.pdf
  5. 5.
    Andrieux, A., Czajkowski, K., Dan, A., Keahey, K., Ludwig, H., Nakata, T., Pruyne, J., Rofrano, J., Tuecke, S., Xu, M.: Web services agreement specification (WS-Agreement). In: Global Grid Forum. The Global Grid Forum (GGF) (2004)Google Scholar
  6. 6.
    Casola, V., De Benedictis, A., Rak, M.: On the Adoption of Security SLAs in the Cloud. In: Felici, M., Fernández-Gago, C. (eds.) A4Cloud 2014. LNCS, vol. 8937, pp. 45–62. Springer, Cham (2015). doi: 10.1007/978-3-319-17199-9_2 Google Scholar
  7. 7.
    Casola, V., De Benedictis, A., Rak, M.: Security monitoring in the cloud: an SLA-based approach. In: 2015 10th International Conference on Availability, Reliability and Security (ARES), pp. 749–755 (2015). doi: 10.1109/ARES.2015.74(2015)
  8. 8.
    Casola, V., De Benedictis, A., Rak, M., Modic, J., Erascu, M.: Automatically enforcing security slas in the cloud. IEEE Trans. Serv. Comput. PP(99), 1 (2016). doi: 10.1109/TSC.2016.2540630 CrossRefGoogle Scholar
  9. 9.
    Casola, V., De Benedictis, A., Rak, M., Villano, U.: Preliminary design of a platform-as-a-service to provide security in cloud. In: CLOSER 2014 - Proceedings of the 4th International Conference on Cloud Computing and Services Science, Barcelona, Spain, 3–5 April 2014, pp. 752–757 (2014)Google Scholar
  10. 10.
    Center for Internet Security: The CIS Security Metrics v1.1.0. (2010). https://benchmarks.cisecurity.org/tools2/metrics/cis_security_metrics_v1.1.0.pdf
  11. 11.
    Cloud Security Alliance: Cloud Control Matrix v3.0. https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3/
  12. 12.
    Cloud Security Alliance: The Treacherous Twelve, Cloud Computing Top Threats in 2016 (2016). https://cloudsecurityalliance.org/download/the-treacherous-twelve-cloud-computing-top-threats-in-2016/
  13. 13.
    International Organization for Standardization: ISO/IEC CD 19086–2. Information Technology - Cloud computing - Service level agreement (SLA) framework - Part 2: Metric Model (2017). https://www.iso.org/standard/67546.html
  14. 14.
    MUSA Consortium: Deliverable D2.1: Initial Sbd methods for multi-cloud applications (2016). http://www.tut.fi/musa-project/wp-content/uploads/2017/02/MUSA-D2.1-Initial-SbD-methods-for-multi-cloud-applications.pdf
  15. 15.
    National Institute of Standards and Technology: NIST Special Publication 800–55 Rev1. Performance measurement guide for information security (2008). http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-55r1.pdf
  16. 16.
    National Institute of Standards and Technology: NIST SP-800-53: Recommended Security Controls for Federal Information Systems (2013)Google Scholar
  17. 17.
    SPECS Consortium: Deliverable D4.3.2: Implementation of the enforcement SLA components - Intermediary (2015). http://www.specs-project.eu/publications/public-deliverables/d4-3-2/
  18. 18.
    SPECS Consortium: The SPECS Security Metric Catalogue (2017). http://apps.specs-project.eu/specs-app-security_metric_catalogue/
  19. 19.
    Jansen, W.: NIST Interagency/Internal Report (NISTIR) - 7564. Directions in Security Metrics Research (2009). http://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7564.pdf

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Valentina Casola
    • 1
  • Alessandra De Benedictis
    • 1
  • Massimiliano Rak
    • 2
  • Umberto Villano
    • 3
  1. 1.DIETIUniversity of Naples Federico IINaplesItaly
  2. 2.DIIUniversity of Campania Luigi VanvitelliAversaItaly
  3. 3.DINGUniversity of SannioBeneventoItaly

Personalised recommendations