Cloud Security Service Level Agreements: Representation and Measurement

摘要

Service Level Agreements (SLAs) are commonly used to negotiate the computation and performance requirements between a service provider and user. In commercial cloud computing environments, SLAs are commonly used to negotiate performance guarantees. However there are no standardized mechanisms for defining and enforcement of security SLAs in cloud computing. In this paper, we consider the problem of defining security SLAs in cloud computing environment. We divide these SLAs into three categories as availability, security and integrity related SLAs. We provide a mechanism to formally describe SLAs and a method for run-time evaluation of these SLAs through a trusted Third Party Auditor (TPA). TPA collects necessary evidence in the form of logs from the cloud on a cloud user's behalf and evaluates SLA's compliance against collected evidence. We implement few sample SLAs of each category in a cloud testbed and show that TPA can evaluate and enforce the security requirements.