Security Service Level Agreements Based Authentication and Authorization Model for Accessing Cloud Services

Today, traded cloud services are described by service level agreements that specify the obligations of providers such as availability or reliability. Violations of service level agreements lead to penalty payments. The recent development of prominent cloud platforms such as the re-design of Amazon's spot marketspace underpins a trend towards dynamic cloud markets where consumers migrate their services continuously to different marketspaces and providers to reach a cost-optimum. This leads to a heterogeneous IT infrastructure and consequently aggravates the monitoring of the delivered service quality. Hence, there is a need for a transparent penalty management system, which ensures that consumers automatically get penalty payments from providers in case of service violations. \newline In the paper at hand, we present a cloud monitoring system that is able to execute penalty payments autonomously. In this regard, we apply smart contracts hosted on blockchains, which continuously monitor cloud services and trigger penalty payments to consumers in case of service violations. For justification and evaluation we implement our approach by the IBM Hyperledger Fabric framework and create a use case with Amazon's cloud services as well as Azures cloud services to illustrate the universal design of the presented mechanism.

Download Full-text

Security service level agreements for outsourced security functions

Information Security Technical Report ◽

10.1016/s1363-4127(97)83019-1 ◽

1996 ◽

Vol 1 (3) ◽

pp. 48-50 ◽

Cited By ~ 1

Author(s):

Bill Pepper

Keyword(s):

Service Level ◽

Service Level Agreements ◽

Security Service

Download Full-text

MDE Approach for the Establishment of a Service Level Agreements Monitoring by Trusted Third Party in the Cloud Computing

International Journal of Grid and High Performance Computing ◽

10.4018/ijghpc.2015100101 ◽

2015 ◽

Vol 7 (4) ◽

pp. 1-20 ◽

Cited By ~ 6

Author(s):

Adil Maarouf ◽

Mahmoud El Hamlaoui ◽

Abderrahim Marzouk ◽

Abdelkrim Haqiq

Keyword(s):

Cloud Computing ◽

Real Time ◽

Critical Issue ◽

Service Level ◽

Cloud Services ◽

Third Party ◽

Cloud Provider ◽

Service Level Agreements ◽

Trusted Third Party ◽

Model Driven

Establishing and monitoring SLA violations in real-time has become a critical issue for Cloud Computing. In this paper the authors investigate this issue and propose a model to express the SLA contract requirements using Model Driven Engineering (MDE), as a mean for establishing service level agreements between a cloud provider and cloud customer in the context of a particular service provision. The participation of a Trusted Third Party (TTP) may be necessary in order to resolve conflicts between prospective signatories, likewise to monitor SLA violations in real-time in the goal to ensure online monitoring cloud services and provide better than best-effort behavior for clouds. The main focus of this work is firstly to use MDE technology for the creation of the SLA contract and then to integrate TTP that should be able to apply an advanced penalty model that guarantees the performance and the reliability of the Cloud.

Download Full-text