SPECS: Secure Provisioning of Cloud Services based on SLA management

Massimiliano Rak
Second University of Naples / CeRICT
Topics recommended for the 2016-2017 Work Programme: 

Cloud Security, Security Service Level Agreement and measurable Security: While the economic and technological advantages of cloud computing are appealing, the migration of key sector applications onto the cloud has been partly limited by the lack of trust in the security assurance provided by Cloud Service Providers (CSPs). The diffusion of the “as-a-service” approach, which delegate each kind of resources to remote cloud provider, needs the adoption of new security methodologies, able to introduce security mechanisms and controls in a modular way, offering security as a service. Security Service Level Agreements looks a clear and standard way to clarify the responsibilities of the involved parties, Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs), respect to the security threats. At state of art there is a lack of (i) clear definition of possible Service Level Objectives, i.e. the terms defined in the Security SLAs and their measured levels, and of (ii) clear and shared techniques for measuring security parameters.

Projects major results: 

SPECS proposes an innovative Security Platform-as-a-Service that offers a solution for the SPECS’ Security-as-a-Service approach, based on SLA life cycle management. Such platform enables the delivering of security services, described in details through Security SLAs. Cloud Service Customers are able to define at fine grain level the security features they need through a user-centric negotiation of Cloud SLA, that helps CSCs to negotiate Cloud SLA effectively with a set of CSPs, by understanding the resulting trade-offs. In order to support CSCs to verify the correctness of the services offered by CSPs, SPECS offers innovative Solutions for Continuous Security Monitoring, which implements SLA monitoring solutions dedicated to continuously control the security offered by CSP and to help ensuring the granted security service level objectives. Moreover SPECS aims at developing Innovative Security Services to Enforce SLA, i.e. services dedicated to grant security features to CSCs in order to fulfill an agreed SLA.

Potential exploitation strategy: 

Standardisation effort: Security Service Level agreements needs a clear and shared view among CSPs and CSCs, in order to enable correct negotiation and definition of responsibilities and actions to be performed., in such a context standardisation bodies have a relevant role. SPECS participates actively to different standardisation bodies, contributing to definition of standards and following the existing activities in order to produce solutions aligned with the state of art. Dissemination: scientific results are diffused trough publications to relevant conferences and through cooperation with other research projects. Prototypes are open source and diffused through well known code repository. The exploitation plan of results after the end of the project and possible commercialisation of products is under discussion and will be publicly available after the first year of the project.

An update since the last Concertation meeting (March 2014): 

SPECS has not participated to the previous concertation meeting. SPECS has collaborated with the A4Cloud project, organising a shared workshop and participated to the CIRRUS final event. SPECS shares technologies and innovative solution with other cloud-related projects like MODA-clouds and reusing results from closed projects like mOSAIC or SLA-at-SOI. SPECS members participate to the EU C-SIG on SLA and support standardisation activities on cloud and SLA by SLA and NIST.