Abstract
Cloud computing, the growing technology which most of the small as well as large organizations adopt to maintain IT as it is a very cost effective organization should consider the business risk associated with cloud computing all of which are still not resolved. The risk can be categorized in several issues like privacy, security, legal risks. To solve these types of severe risks, organization might make and develop SLA for the establishment of an agreement between the customer and the cloud providers. This chapter provides a survey on the various frameworks to develop SLA based security metrics. Various security attributes and possible threats are having also been discussed in this chapter.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
R. Barga et al. Cloud computing architecture and application programming: DISC’09 tutorial, half day, in ACM Sigact News 40.2 (22 Sept 2009), pp. 94–95
B.R. Kandukuri, A. Rakshit, Cloud security issues, in IEEE International Conference on Services Computing, SCC’09 (IEEE, 2009)
I.S. Hayes, Metrics for IT outsourcing services level agreements (2004), www.Clarity-consulting.com/metricsarticle.Htm
E. Chew et al., Performance measurement guide for information security. Special Publication (NIST SP)-800-55 Rev 1 (2008)
J. Huang, D.M. Nicol, Trust mechanisms for cloud computing. J. Cloud Comput. Adv. Syst. Appl. 2(1), 9 (2013)
V. Casola et al., SLA-based secure cloud application development. Scalable Comput. Pract. Exp. 17(4), 271–284 (2016)
M. Rak et al., Security as a service using a SLA-based approach via SPECS, in 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom) (IEEE, 2013), pp. 1–6
J. Feng, Yu. Chen, Pu. Liu, Bridging the missing link of cloud data storage security in AWS, in Consumer Communications and Networking Conference (Ksons) (2010), pp. 1–2
M. Alhamad, T. Dillon, E. Chang, Conceptual SLA framework for cloud computing, in 2010 4th IEEE International Conference on Digital Ecosystems and Technologies (DEST) (IEEE, 2010), pp. 606–610
R. Van Solingen et al., Goal Question Metric (GQM) approach, in Encyclopedia of Software Engineering, ed. by J.J. Marciniak (Wiley Interscience, New York, 2002). Online version
G.B. Tanna et al., Information assurance metric development framework for electronic bill presentment and payment systems using transaction and workflow analysis. Decis. Support Syst. 41(1), 242–261 (2005)
De Chaves, S. Aparecida, C.B. Westphall, F.R. Lamin, SLA perspective in security management for cloud computing, in 2010 Sixth International Conference on Networking and Services (ICNS) (IEEE, 2010)
M.A.T. Rojas et al., Inclusion of security requirements in SLA lifecycle management for cloud computing, in IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) (IEEE, 2015), pp. 7–12
T. Klaus, Security metrics-replacing fear, uncertainty, and doubt (2008), pp. 62–63
W. Jansen, Directions Research in Security Metrics (Diane Publishing, 2010)
E. Kahraman, Evaluating IT security performance with quantifiable metrics, Master’s thesis, DSV SU/KTH (2005)
J. Wei et al., Managing security in a cloud environment, in Proceedings were Encapsulated ACM 2009 Workshop On Cloud Computing Security (K ACM, 2009), pp. 91–96
Kaiping Xue, Peilin Hong, A dynamic secure group sharing framework in public cloud computing. IEEE Trans. Cloud Comput. 2(4), 459–470 (2014)
V.R. Thakare, K.J. Singh, Users’ Security Requirements Architectural Framework (USRAF) for emerging markets in cloud computing, in 2015 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM) (IEEE, 2015), pp. 74–80
A. Aieh et al., Deoxyribonucleic acid (DNA) for a shared secret key cryptosystem with Diffie–Hellman key sharing technique, in 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT) (IEEE, 2015), pp. 1–6
C. Martin, M. Refai, A policy-based metrics framework for information security performance measurement, in 2nd IEEE/IFIP International Workshop on Business-Driven IT Management, 2007. BDIM’07 (IEEE, 2007), pp. 94–101
C. Martin, M. Refai, Service-Oriented Approach to Visualize IT Security Performance Metrics Trust Management (2007), pp. 403–406
S. Chandra, R.A. Khan, Software security metric identification framework (SSM), in Proceedings of the International Conference on Advances in Computing, Communication and Control (ACM, 2009), pp. 725–731
E. Al-Shaer, L. Khan, M.S. Ahmed, A comprehensive objective network security metric framework for proactive security configuration, in Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead (ACM, 2008), p. 42
B. Von Solms, Information security governance: COBIT or ISO 17799 or both? Comput. Secur. 24(2), 99–104 (2005)
A. Da Veiga, J.H.P. Eloff, An information security governance framework. Inf. Syst. Manag. 24(4), 361–372 (2007)
H. Ludwig et al., Web service level agreement (WSLA) language specification, IBM Corporation (2003), pp. 815–824
F. Zhu, H. Li, J. Lu, A service level agreement framework of cloud computing based on the Cloud Bank model, in 2012 IEEE International Conference on Computer Science and Automation Engineering (CSAE) (IEEE, 2012), pp. 255–259
L. Zhao, S. Sherif, L. Anna, A framework for consumer-centric SLA management of cloud-hosted databases. IEEE Trans. Serv. Comput. 8(4), 534–549 (2015)
M. Almorsy, J. Grundy, A.S. Ibrahim, Collaboration-based cloud computing security management framework, in 2011 IEEE International Conference on Cloud Computing (CLOUD) (IEEE, 2011) pp. 364–371
Y. Chi et al., SLA-tree: a framework for efficiently supporting SLA-based decisions in cloud computing, in Proceedings were incompletely International L4th Conference On Extending Database Technology (K ACM, 2011), pp. 129–140
A.M. Hammadi, O. Hussain, A framework for SLA assurance in cloud computing, in 2012 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA) (IEEE, 2012), pp. 393–398
S.K. Garg, S. Versteeg, R. Buyya, A framework for ranking of cloud computing services. Futur. Gener. Comput. Syst. 29(4), 1012–1023 (2013)
R. Trapero et al., A novel approach to manage cloud security SLA incidents. Futur. Gener. Comput. Syst. 72, 193–205 (2017)
V. Casola et al., Security-by-design in clouds: a security-SLA based methodology to build secure cloud applications. Procedia Comput. Sci. 97, 53–62 (2016)
C.P. Pfleeger, S.L. Pfleeger, Security in Computing. Prentice Hall Professional Technical Reference (2002)
T. Jena, Disaster recovery services in intercloud using genetic algorithm load balancer. Int. J. Electr. Comput. Eng. 6(4), 18–28 (2016)
A. Aich, A. Sen, S.R. Dash, A survey on cloud environment security risk and remedy, in 2015 International Conference on Computational Intelligence and Networks (CINE) (IEEE, 2015), pp. 192–193
M. K. Iskander et al., Enforcing policy and data consistency of cloud transactions, in 2011 31st International Conference on Distributed Computing Systems Workshops (ICDCSW) (IEEE, 2011), pp. 253–262
S.C. Payne, A guide to security metrics. SANS Institute Information Security Reading Room (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Dash, S.R., Sen, A., Bharimalla, P.K., Mishra, B.S.P. (2018). Frameworks to Develop SLA Based Security Metrics in Cloud Environment. In: Mishra, B., Das, H., Dehuri, S., Jagadev, A. (eds) Cloud Computing for Optimization: Foundations, Applications, and Challenges. Studies in Big Data, vol 39. Springer, Cham. https://doi.org/10.1007/978-3-319-73676-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-73676-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73675-4
Online ISBN: 978-3-319-73676-1
eBook Packages: EngineeringEngineering (R0)