2013 IEEE 5th International Conference on Cloud Computing Technology and Science (2013)
Bristol, United Kingdom United Kingdom
Dec. 2, 2013 to Dec. 5, 2013
The cloud offers attractive options to migrate corporate applications, without any implication for the corporate security manager to manage or to secure physical resources. While this ease of migration is appealing, several security issues arise: can the validity of corporate legal compliance regulations still be ensured for remote data storage? How is it possible to assess the Cloud Service Provider (CSP) ability to meet corporate security requirements? Can one monitor and enforce the agreed cloud security levels? Unfortunately, no comprehensive solutions exist for these issues. In this context, we introduce a new approach, named SPECS. It aims to offer mechanisms to specify cloud security requirements and to assess the security features offered by CSPs, and to integrate the desired security services (e.g., credential and access management) into cloud services with a Security-as-a-Service approach. Furthermore, SPECS intends to provide systematic approaches to negotiate, to monitor and to enforce the security parameters specified in Service Level Agreements (SLA), to develop and to deploy security services that are cloud SLA-aware and are implemented as an open-source Platform-as-a-Service (PaaS). This paper introduces the main concepts of SPECS.
Security, Monitoring, Cloud computing, Context, Protocols, Educational institutions
M. Rak, N. Suri, J. Luna, D. Petcu, V. Casola and U. Villano, "Security as a Service Using an SLA-Based Approach via SPECS," 2013 IEEE 5th International Conference on Cloud Computing Technology and Science(CLOUDCOM), Bristol, United Kingdom United Kingdom, 2013, pp. 1-6.