Security SLAs – An Idea Whose Time Has Come?

  • Martin Gilje Jaatun
  • Karin Bernsmed
  • Astrid Undheim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7465)


Service Level Agreements (SLAs) have been used for decades to regulate aspects such as throughput, delay and response times of services in various outsourcing scenarios. However, security aspects have typically been neglected in SLAs. In this paper we argue that security SLAs will be necessary for future Internet services, and provide examples of how this will work in practice.


Service Composition Security Requirement Service Level Agreement Intrusion Detection System Service Orient Architecture 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bernsmed, K., Jaatun, M.G., Meland, P.H., Undheim, A.: Security SLAs for Federated Cloud Services. In: Proceedings of the Sixth International Conference on Availability, Reliability and Security, AReS 2011 (2011)Google Scholar
  2. 2.
    International Telecommunication Union: Terms and Definitions Related to Quality of Service and Network Performance Including Dependability, ITUT E.800 (2008)Google Scholar
  3. 3.
    Irvine, C.: Quality of security service. In: Proc. ACM New Security Paradigms Workshop, pp. 91–99 (2000)Google Scholar
  4. 4.
    Henning, R.R.: Security service level agreements: quantifiable security for the enterprise? In: Proceedings of the 1999 Workshop on New Security Paradigms. NSPW 1999, pp. 54–60. ACM, New York (2000)CrossRefGoogle Scholar
  5. 5.
    Grgic, I., Røhne, M.: Agreements in IP-based Networks. Telektronikk 2(3), 186–212 (2001)Google Scholar
  6. 6.
    Lindskog, S., Jonsson, E.: Adding Security to Quality of Service Architectures. In: Proceedings of the SS-GRR Conference (2002),
  7. 7.
    SLA@SOI Consortium: SLA@SOI (2011),
  8. 8.
    Righi, R.R., Kreutz, D.L., Westphall, C.B.: Sec-mon: An architecture for monitoring and controlling security service level agreements. In: XI Workshop on Managing and Operating Networks and Services (2006)Google Scholar
  9. 9.
    Casola, V., Mazzeo, A., Mazzocca, N., Rak, M.: A SLA evaluation methodology in Service Oriented Architectures. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds.) Quality of Protection. Advances in Information Security, vol. 23, pp. 119–130. Springer, US (2006)CrossRefGoogle Scholar
  10. 10.
    Frankova, G., Yautsiukhin, A.: Service and protection level agreements for business processes. In: Young Researchers Workshop on Service (2007)Google Scholar
  11. 11.
    de Chaves, S.A., Westphall, C.B., Lamin, F.R.: SLA Perspective in Security Management for Cloud Computing. In: Proceeding of the 2010 Sixth International Conference on Networking and Services, pp. 212–217. IEEE (March 2010)Google Scholar
  12. 12.
    mOSAIC Consortium: mOSAIC (Open source API and platform for multiple clouds) (2011),
  13. 13.
    Meland, P.H., Bernsmed, K., Jaatun, M.G., Undheim, A., Castejon, H.: Expressing Cloud Security Requirements in Deontic Contract Languages. In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science, CLOSER (2012)Google Scholar
  14. 14.
    Open Grid Forum: Web Services Agreement Specification, WS-Agreement (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Martin Gilje Jaatun
    • 1
  • Karin Bernsmed
    • 1
  • Astrid Undheim
    • 2
  1. 1.Department of Software Engineering, Safety and SecuritySINTEF ICTTrondheimNorway
  2. 2.Telenor Research and Future StudiesTrondheimNorway

Personalised recommendations