Ming Jiang,James Byrne,Karsten Molka,Django Armstrong,Karim Djemame,Tom Kirkham

DOI: https://doi.org/10.5220/0004377302070212

2013-01-01

Abstract:Automated control of Cloud Service Level Agreements (SLA) is typically focused on Quality of Service (QoS) management and monitoring of the Cloud Infrastructure in-line with the SLA. Using risk assessments to bridge the needs of the Service Provider and Infrastructure Provider is one way in which the management of the whole Cloud SLA life-cycle can be achieved automatically. In this paper we adapt the QoS based risk approach and combine it with business orientated goal monitoring to improve the business input into the management of SLA from both a Cloud IP and SP perspective. We demonstrate this approach using probability of failure QoS risk linked to economic modelling of cost from the business goals of a SP.

Karim Djemame,Benno Barnitzke,Marcelo Corrales,Mariam Kiran,Ming Jiang,Django Armstrong,Nikolaus Forgó,Iheanyi Nwankwo

DOI: https://doi.org/10.1098/rsta.2012.0075

2013-01-01

Abstract:Cloud computing technologies have reached a high level of development, yet a number of obstacles still exist that must be overcome before widespread commercial adoption can become a reality. In a cloud environment, end users requesting services and cloud providers negotiate service-level agreements (SLAs) that provide explicit statements of all expectations and obligations of the participants. If cloud computing is to experience widespread commercial adoption, then incorporating risk assessment techniques is essential during SLA negotiation and service operation. This article focuses on the legal issues surrounding risk assessment in cloud computing. Specifically, it analyses risk regarding data protection and security, and presents the requirements of an inherent risk inventory. The usefulness of such a risk inventory is described in the context of the OPTIMIS project.

Tom Kirkham,Django Armstrong,Karim Djemame,Marcelo Corrales,Mariam Kiran,Iheanyi Nwankwo,Ming Jiang,Nikolaus Forgo

DOI: https://doi.org/10.1109/TrustCom.2012.97

2012-01-01

Abstract:Cloud transformations require dynamic redistribution of resources across cloud infrastructure. From a legal perspective this movement of data from one data processor to another without the explicit consent of the data subject is a threat to data privacy. Levels of assurance and accountability have to be provided from the cloud infrastructure providers to the data subject in order to maintain trust. In cases of Cloud Transformation multiple providers are present and passing accountability down the chain is essential. Existing Service Level Agreements (SLA) and policy based privacy implementations fail to provide the flexibility and accountability needed in establishing these new relationships. By introducing combined risk and privacy assessment alongside SLA negotiation, the legal and data management implications of Cloud Transformation events can be better accounted for. This will better protect the privacy of data subjects and increase confidence and trust in the Cloud computing platform.

Hanene Boussi Rahmouni,Kamran Munir,Mohammed Odeh,Richard McClatchey

DOI: https://doi.org/10.48550/arXiv.1202.5482

2012-11-13

Abstract:There is widespread agreement that cloud computing have proven cost cutting and agility benefits. However, security and regulatory compliance issues are continuing to challenge the wide acceptance of such technology both from social and commercial stakeholders. An important facture behind this is the fact that clouds and in particular public clouds are usually deployed and used within broad geographical or even international domains. This implies that the exchange of private and other protected data within the cloud environment would be governed by multiple jurisdictions. These jurisdictions have a great degree of harmonisation; however, they present possible conflicts that are hard to negotiate at run time. So far, important efforts were played in order to deal with regulatory compliance management for large distributed systems. However, measurable solutions are required for the context of cloud. In this position paper, we are suggesting an approach that starts with a conceptual model of explicit regulatory requirements for exchanging private data on a multijurisdictional environment and build on it in order to define metrics for non-compliance or, in other terms, risks to compliance. These metrics will be integrated within usual data access-control policies and will be checked at policy analysis time before a decision to allow/deny the data access is made.

Distributed, Parallel, and Cluster Computing

Mariam Kiran,Ming Jiang,Django Armstrong,Karim Djemame

DOI: https://doi.org/10.1109/dasc.2011.89

2011-01-01

Abstract:The principles of risk management have been introduced in grid computing to help document and anticipate certain risks and manage them to ensure job executions are successful. Clouds are more complex environments with further concerns like risk, trust, eco-efficiency, green, security or cost. In this paper we present ongoing research work to analyze and address the risk factor in clouds with the aim of optimizing cloud services. The main contribution of this work is the presentation of a methodology for performing risk assessment in cloud environments including the target use cases, risk identification, mitigation and monitoring. Together with the corresponding mitigation strategies, the methodology provides technological assurance that will lead to a high confidence of Cloud service consumers on one side, and a cost effective and reliable productivity of cloud Service/Infrastructure Providers on the other side. The design of the risk assessment framework and its software toolkit implementation are part of the research and development work of the OPTIMIS (Optimized Infrastructure Services) project whose objective is to enable an open and dependable Cloud Service Ecosystem that delivers IT services that are adaptable, reliable, auditable and sustainable both ecologically and economically. The paper presents some preliminary results on the risk assessment of a Service/Infrastructure Provider at the cloud service deployment stage.

Sundar Krishnan,Lei Chen

DOI: https://doi.org/10.48550/arXiv.1905.10868

2019-05-27

Abstract:Legal issues have risen with the changing landscape of computing, especially when the service, data and infrastructure is not owned by the user. With the Cloud, the question arises as to who is in the possession of the data. The Cloud provider can be considered as a legal custodian, owner or possessor of the data thereby causing complexities in legal matters around trademark infringement, privacy of users and their data, abuse and security. By introducing Cloud design focusing on privacy, legal as a service on a Cloud and service provider accountability, users can expect the service providers to be accountable for privacy and data in addition to their regular SLAs.

Computers and Society

Frank S. de Boer,Elena Giachino,Stijn de Gouw,Reiner Hähnle,Einar Broch Johnsen,Cosimo Laneve,Ka I Pun,Gianluigi Zavattaro

DOI: https://doi.org/10.4204/EPTCS.302.1

2019-08-27

Abstract:Service Level Agreements (SLA) are commonly used to specify the quality attributes between cloud service providers and the customers. A violation of SLAs can result in high penalties. To allow the analysis of SLA compliance before the services are deployed, we describe in this paper an approach for SLA-aware deployment of services on the cloud, and illustrate its workflow by means of a case study. The approach is based on formal models combined with static analysis tools and generated runtime monitors. As such, it fits well within a methodology combining software development with information technology operations (DevOps).

Distributed, Parallel, and Cluster Computing,Software Engineering

Jordi Guitart,Mario Macias,Karim Djemame,Tom Kirkham,Ming Jiang,Django Armstrong

DOI: https://doi.org/10.1109/cloudcom.2013.62

2013-01-01

Abstract:In order to improve service execution in Clouds, the management of Cloud Infrastructure has to take measures to adhere to Service Level Agreements and Business Level Objectives, from the application layer through to how services are supported at the lowest hardware levels. In this paper a risk model methodology and holistic management approach is developed specific to the operation of the Cloud Infrastructure Provider and is applied through improvements to SLA fault tolerance in Cloud Infrastructure. Risk assessments are used to analyse execution specific data from the Cloud Infrastructure and linked to a business driven holistic management component that is part of a Cloud Manager. Initial results show improved eco-efficiency, virtual machine availability and reductions in SLA failure across the whole Cloud infrastructure by applying our combined risk-based fault tolerance approach.

Karim Djemame,Afnan Ullah Khan,Manuel Oriol,Ming Jiang,Mariam Kiran

DOI: https://doi.org/10.1109/CloudCom.2012.6427574

2012-01-01

Abstract:Cloud computing provides outsourcing of resources bringing economic benefits. The outsourcing however does not allow data owners to outsource the responsibility of confidentiality, integrity and access control, as it still is the responsibility of the data owner. As cloud computing is transparent to both the programmers and the users, it induces challenges that were not present in previous forms of distributed computing. Furthermore, cloud computing enables its users to abstract away from low-level configuration such as configuring IP addresses and routers. It creates an illusion that this entire configuration is automated. This illusion is also true for security services, for instance automating security policies and access control in cloud, so that individuals or end-users using the cloud only perform very high-level (business oriented) configuration. This paper investigates the security challenges posed by the transparency of distribution, abstraction of configuration and automation of services by performing a detailed threat analysis of cloud computing across its different deployment scenarios (private, bursting, federation or multi-clouds). This paper also presents a risk inventory which documents the security threats identified in terms of availability, integrity and confidentiality for cloud infrastructures in detail for future security risks. We also propose a methodology for performing security risk assessment for cloud computing architectures presenting some of the initial results.

Shengli Zhou,Lifa Wu,Canghong Jin

DOI: https://doi.org/10.1109/cc.2017.8068773

2017-01-01

China Communications

Abstract:A Service Level Agreement（SLA） is a legal contract between any two parties to ensure an adequate Quality of Service（Qo S）. Most research on SLAs has concentrated on protecting the user data through encryption. However, these methods can not supervise a cloud service provider（CSP） directly. In order to address this problem, we propose a privacy-based SLA violation detection model for cloud computing based on Markov decision process theory. This model can recognize and regulate CSP’s actions based on specific requirements of various users. Additionally, the model could make effective evaluation to the credibility of CSP, and can monitor events that user privacy is violated. Experiments and analysis indicate that the violation detection model can achieve good results in both the algorithm’s convergence and prediction effect.

Rajkumar Buyya,Saurabh Kumar Garg,Rodrigo N. Calheiros

DOI: https://doi.org/10.48550/arXiv.1201.4522

2012-01-22

Distributed, Parallel, and Cluster Computing

Abstract:Cloud computing systems promise to offer subscription-oriented, enterprise-quality computing services to users worldwide. With the increased demand for delivering services to a large number of users, they need to offer differentiated services to users and meet their quality expectations. Existing resource management systems in data centers are yet to support Service Level Agreement (SLA)-oriented resource allocation, and thus need to be enhanced to realize cloud computing and utility computing. In addition, no work has been done to collectively incorporate customer-driven service management, computational risk management, and autonomic resource management into a market-based resource management system to target the rapidly changing enterprise requirements of Cloud computing. This paper presents vision, challenges, and architectural elements of SLA-oriented resource management. The proposed architecture supports integration of marketbased provisioning policies and virtualisation technologies for flexible allocation of resources to applications. The performance results obtained from our working prototype system shows the feasibility and effectiveness of SLA-based resource provisioning in Clouds.

Vincent C. Emeakaroha,Marco A. S. Netto,Rodrigo N. Calheiros,César A. F. De Rose

DOI: https://doi.org/10.4018/978-1-4666-1631-8.ch014

2012-01-01

Abstract:One of the key factors driving Cloud computing is flexible and on-demand resource provisioning in a pay-as-you-go manner. This resource provisioning is based on Service Level Agreements (SLAs) negotiated and signed between customers and providers. Efficient management of SLAs and Cloud resources to reduce cost, achieve high utilization, and generate profit is challenging due to the large-scale nature of Cloud environments and complex resource provisioning processes. In order to advance the adoption of this technology, it is necessary to identify and address the issues preventing proper resource and SLA management. The authors purport that monitoring is the first step towards successful management strategies. Thus, this chapter identifies the SLA management and monitoring challenges in Clouds and federated Cloud environments, and proposes a novel resource monitoring architecture as a basis for resource management in Clouds. It presents the design and implementation of this architecture and presents the evaluation of the architecture using heterogeneous application workloads.

Chang Guo,Ying Li,Zhonghai Wu

DOI: https://doi.org/10.1109/ICPADS.2016.0085

2016-01-01

Abstract:One of the major advantages of the cloud storage system is that it simplifies the time-consuming processes of hardware and software provisioning, deployment and distribution for users. Currently there is a tremendous increase in the scale of data generated as well as being consumed by applications on cloud storage systems, but besides availability metrics, few of cloud storage services provide data privacy guarantees in their Service Level Agreements (SLAs), which can be a major concern for the adoption of cloud storage services. The paper firstly proposes an analysis approach for the data privacy, then introduces privacy into the service quality, and defines a service quality evaluation model including privacy, availability, throughput, transfer time and operating cost. At last, a novel data distribution strategy called SLA-DO is presented. The comparison experiment results confirmed that SLA-DO strategy shows better performance in SLAs compliance, resource utilization, security guarantees and multiple cloud environmental adaptability than the data distribution policy adopted in HDFS and OpenStack.

J. Uma Maheswari,S. Vijayalakshmi,Rajiv Gandhi N,Laith H. Alzubaidi,Khonimkulov Anvar,R. Elangovan

DOI: https://doi.org/10.1051/e3sconf/202339904040

2023-01-01

E3S Web of Conferences

Abstract:The globe has adopted the cloud computing environment, which organizes data and manages space for data storage, processing, and access. This technical development has brought up questions regarding data security and privacy in cloud computing environments, though. The purpose of this abstract is to offer a thorough review of the issues, solutions, and future developments related to data privacy and security in cloud computing. Keeping data private and secure while it is being processed and stored in outside data centres is the main difficulty in cloud computing systems. The abstract discusses the dangers of insider threats, data breaches, and illegal access to sensitive information. It digs further into the legal and compliance criteria that businesses must follow in order to protect user data in the cloud. In result, data privacy and security in cloud computing environments remain critical concerns for organizations and individuals alike. In the survey the overview of how to use cloud storage globally and its challenges, solution and future innovation is well explained. It underscores the importance of robust encryption, access controls, user awareness, and emerging technologies in safeguarding data in the cloud. By addressing these concerns, organizations can leverage the power of cloud computing while maintaining the confidentiality, integrity, and availability of their data.

Junaid Hassan,Danish Shehzad,Usman Habib,Muhammad Umar Aftab,Muhammad Ahmad,Ramil Kuleev,Manuel Mazzara

DOI: https://doi.org/10.1155/2022/8303504

2022-06-07

Abstract:Cloud computing is a long-standing dream of computing as a utility, where users can store their data remotely in the cloud to enjoy on-demand services and high-quality applications from a shared pool of configurable computing resources. Thus, the privacy and security of data are of utmost importance to all of its users regardless of the nature of the data being stored. In cloud computing environments, it is especially critical because data is stored in various locations, even around the world, and users do not have any physical access to their sensitive data. Therefore, we need certain data protection techniques to protect the sensitive data that is outsourced over the cloud. In this paper, we conduct a systematic literature review (SLR) to illustrate all the data protection techniques that protect sensitive data outsourced over cloud storage. Therefore, the main objective of this research is to synthesize, classify, and identify important studies in the field of study. Accordingly, an evidence-based approach is used in this study. Preliminary results are based on answers to four research questions. Out of 493 research articles, 52 studies were selected. 52 papers use different data protection techniques, which can be divided into two main categories, namely noncryptographic techniques and cryptographic techniques. Noncryptographic techniques consist of data splitting, data anonymization, and steganographic techniques, whereas cryptographic techniques consist of encryption, searchable encryption, homomorphic encryption, and signcryption. In this work, we compare all of these techniques in terms of data protection accuracy, overhead, and operations on masked data. Finally, we discuss the future research challenges facing the implementation of these techniques.

Valentina Casola,Alessandra De Benedictis,Madalina Erascu,Jolanda Modic,Massimiliano Rak

DOI: https://doi.org/10.1109/tsc.2016.2540630

IF: 11.019

2017-09-01

IEEE Transactions on Services Computing

Abstract:Dealing with the provisioning of cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that they are understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLOs)), (ii) automating the provisioning of security mechanisms able to grant desired security features (by means of a security-driven resource allocation process), and (iii) continuously monitoring the services in order to verify the fulfillment of specified Security SLOs (by means of cloud security monitoring solutions). We propose to face the Security SLA life cycle management with a framework able to enrich cloud applications with security features. In this paper we (i) present a novel Security SLA model and (ii) illustrate a security-driven planning process that can be adopted to determine the (optimum) deployment of security-related software components. Such process takes into account both specific implementation constraints of the security components to be deployed and customers security requirements, and enables the automatic provisioning and configuration of all needed resources. In order to demonstrate the applicability of the approach, we present and discuss a practical application of the model on a real case study.

computer science, information systems, software engineering

Zhien Guo,Yiqi Dai

DOI: https://doi.org/10.1109/chinagrid.2012.14

2012-01-01

Abstract:For the actual use of existing security problems and lack of existing solutions for cloud computing, we introduce the SLA(Service Level Agreement) ideas to the security capability negotiations, which called sSLA(Security Service Level Agreement). The framework and data processes of sSLA were implemented on our IMS-based cloud systems, which were showed that this method can effectively eliminate the security concerns of the customers of cloud services.

Taher Labidi,Achraf Mtibaa,Walid Gaaloul,Faiez Gargouri

DOI: https://doi.org/10.1002/cpe.5315

2019-05-16

Concurrency and Computation: Practice and Experience

Abstract:<p>Service Level Agreement (SLA) has recently garnered increasing attention in cloud computing due to its capability in the definition and the monitoring of the Quality of Service (QoS). SLA is generally generated following a process of negotiation in which the client chooses a subset of clauses among choices predefined by the provider on a "take it or leave it" basis. However, the heterogeneity between client requests and provider offers may result in inappropriate SLA. In addition, the cloud service context may change over the time, which causes a client requirement adjustment, and therefore, the SLA becomes unsatisfactory. In this paper, we propose a cloud SLA negotiation and re‐negotiation approach. Our aim is to ameliorate the SLA negotiation phase by adding the ability to integrate a semantic mapping between client requests and provider offers to generate a suitable SLA document. Moreover, our approach includes a context‐aware system to adapt the SLA throughout reasoning techniques and automatically ensure the re‐negotiation. We develop a prototype, and we test its performance. The results of a case study also show the efficiency of our approach.</p>

Jun Tang,Yong Cui,Qi Li,Kui Ren,Jiangchuan Liu,Rajkumar Buyya

DOI: https://doi.org/10.1145/2906153

IF: 16.6

2016-01-01

ACM Computing Surveys

Abstract:With the rapid development of cloud computing, more and more enterprises/individuals are starting to outsource local data to the cloud servers. However, under open networks and not fully trusted cloud environments, they face enormous security and privacy risks (e.g., data leakage or disclosure, data corruption or loss, and user privacy breach) when outsourcing their data to a public cloud or using their outsourced data. Recently, several studies were conducted to address these risks, and a series of solutions were proposed to enable data and privacy protection in untrusted cloud environments. To fully understand the advances and discover the research trends of this area, this survey summarizes and analyzes the state-of-the-art protection technologies. We first present security threats and requirements of an outsourcing data service to a cloud, and follow that with a high-level overview of the corresponding security technologies. We then dwell on existing protection solutions to achieve secure, dependable, and privacy-assured cloud data services including data search, data computation, data sharing, data storage, and data access. Finally, we propose open challenges and potential research directions in each category of solutions.

Karim Djemame,Django J. Armstrong,Mariam Kiran,Ming Jiang

2011-01-01

Abstract:As the realization of Cloud computing environments advances from a simple and single private Cloud towards a more complex Cloud Service Ecosystem consisting of multiple coexisting public or hybrid Clouds, there are emerging high level concerns such as risk, trust, ecological, security, cost and legal factors that underpin the non-functional properties of the ecosystem. These concerns are beyond the traditional focus of providing functionalities at levels close to a single Cloud infrastructure such as hardware resource virtualization. In this paper we present ongoing research work to analyze and address the risk factor in such a Cloud Service Ecosystem for the purpose of optimizing Cloud service. The main contributions of the work are the design and implementation of an effective and efficient risk assessment framework (methodologies of risk identification, evaluation, mitigation and monitoring) for Cloud service provision. Together with the corresponding mitigation strategies, the framework provides technological assurance that will lead to a higher confidence of Cloud service consumers on one side and a cost-effective and reliable productivity of Cloud Service Provider (SP) and resources organized by individual Infrastructure Provider (IP) on the other side. The design of the risk assessment framework and its software toolkit implementation is part of the research and development work of the OPTIMIS (Optimized Infrastructure Services) project whose objective is to enable an open and dependable Cloud Service Ecosystem that delivers IT services that are adaptable, reliable, auditable and sustainable both ecologically and economically.