RESEARCH ARTICLE
A broker-based cooperative security-SLA evaluation
methodology for personal cloud computing
Sang-Ho Na and Eui-Nam Huh*
Kyung Hee University, Seoul, Korea
ABSTRACT
An underlying cloud computing feature, outsourcing of resources, makes the service-level agreement (SLA) a critical factor for quality of service (QoS), and many researchers have addressed the question of how an SLA can be evaluated. Lately, security SLAs have also received much attention to guarantee security in a user perspective and provide optimal and efficient security service in the security paradigm shifting by cloud computing, such as security as a service. The quantitative measurement of security metrics is a considerably difficult problem and might be considered one of the multi-dimensional aspects of security threats. To address these issues, we provide a novel cooperative security-SLA evaluation model for the personal cloud service environment including a multi-dimensional approach to analyze security threats depending on services type as well as a cooperative model to reach a general consensus of priorities, that is, indicators depending on services type and security metrics based on cloud brokers. Copyright © 2014 John Wiley & Sons, Ltd.
KEYWORDS
security SLA; SLA evaluation; personal cloud service; cooperative model *Correspondence
Eui-Nam Huh, Kyung Hee University, Seoul, Korea. E-mail: [email protected]
1. INTRODUCTION
Explosive growth in information systems is shifting to the cloud computing paradigm, and cloud computing hasfive typical features: multi-tenancy, scalability, elasticity, pay as you go, and self-provisioning of resources. These attributes allow customers to manage their computing capability as needed. In the 1980s, personal computers (PCs) were “hooked up”[1] to a set of devices in order to input and output information, while after the paradigm shift, personal devices, that is, mobile devices, are“hooked up”[1] via a personal cloud that is registered with and has permission to use a network, for example, the Internet. Cloud services delivered over the Internet, such as Web-based applications, meet users’ “4S” needs: storing and synchronizing personal data, and sharing and streaming stored personal data via a personal cloud. The personal cloud, or the Personal Cloud, is a hybrid cloud in which the public cloud and private cloud are combined in a user-centric cloud computing model to facilitate access to personal data and manage personal data. The personal cloud is categorized according to service types: online storage, online desktop, and Web-based application.
For the outsourcing of virtual resources, the guarantee of availability and the capability of resources become a
more important consideration, and accordingly, the com-ponents of service-level agreement (SLA) have become critical factors. An SLA is a contract negotiated between a service provider and a user that establishes service levels, which are enforced by penalties and compensation if the conditions are violated by the cloud service provider [2]. In cloud computing environments, the pay-as-you-go model has been adopted because the outsourcing of resources requires reasonable SLAs regarding availability, security, and so forth. In particular, cloud-based access to data and services brings with it some threats regarding privacy and data security. Therefore, it requires more attention to the SLA components of security (denoted as a security SLA).
However, quantitative SLA analysis is difficult because security threats vary and include many different, multi-dimensional aspects. In order to evaluate security SLAs, technical approaches and administrative procedures of cloud service providers make it harder to define, analyze, and evaluate SLAs for security services.
Furthermore, the requirement for accurate measurement of security has a trade-off with quality of service (QoS) components in terms of the performance. Moreover, security needs differ slightly depending on the service type. For example, data encryption services for Web applications require more access controls than those for storage services.
Therefore, in addition to the security threats, the security control for each service type is an important aspect of security SLAs.
The Cloud Security Alliance (CSA) has published documents regarding the top threats and security guidance in cloud computing [3]. Among the various articles,“The Notorious Nine”, the latest article issued in Feb 2013, provides a ranking of the top threats, along with implica-tions and suggested security controls based on a survey of industry experts. This threat ranking deserves consider-ation as it suggests the relative priorities of threats.
Quantitative approaches for the evaluation of security SLAs are necessary for the provision of secure cloud services. This paper, therefore, suggests a novel quantitative model that cloud brokers can use to evaluate security SLAs on personal cloud services. This study includes security-SLA evaluation model based on a multi-dimensional approach to analyze security threats as follows:
(1) a cooperative security-SLA evaluation model to reach general consensus on security SLA in broker-based personal cloud computing environment;
(2) evaluation of the relative weight of security controls based on the personal cloud service type;
(3) reflect users’ requirements in accordance with network environments to evaluate security SLA. The remainder of this paper is organized as follows. In Section 2, we discuss related work. In Section 3, we propose a cooperative security-SLA evaluation model for broker-based personal cloud service environments with the aforementioned features employing network model in analytic network process (ANP) [4]. In Section 4, we verify our concept gradationally and sum up our contribu-tion. Finally, we conclude the paper including our plans for future work in Section 5.
2. RELATED WORKS
Wuet al. have reviewed recent research regarding SLAs and have identified sensitive issues such as the different SLA parameters of users and service providers and the difficulty in quantifying these parameters [5]. Owing to continued service suspensions in cloud computing envi-ronments, Hossain and Huh [6] provided convincing answers to the refund model in regard to SLA violation.
Nowadays, security aspects are emerging as issues for SLAs in cloud computing. Security SLAs for cloud computing have been given considerable attention in recent years, particularly regarding how to reach a unified agreement between users and providers [7–10]. The studies in [9,10] illuminated the question of how cloud providers could address the user’s security needs, such as integrity and confidentiality, from the SLA perspective and pro-vided a detailed outline of security controls. Cloud security SLAs are negotiated between the user and cloud providers [10]. An important part of this view is in regard to the
current emergence of cloud collaboration services to the worldwide market [11,12]. Most research has introduced security SLAs and provided security parameters but has rarely focused on how to measure these security aspects. As mentioned earlier, the parameters of SLAs, especially those of the security aspects, are very difficult to estimate and calculate.
To negotiate a specific security SLA, the foremost consideration is how to establish contractible security parameters and an evaluation methodology for each secu-rity parameter. The CSA has published articles regarding top threats and security guidance in cloud computing [3]. Among the various articles, “The Notorious Nine” provides a top threats ranking, implications, and security controls based on a survey of industry experts. This paper showed that security threats and parameters can be quanti-fied, suggesting which threats are most influential and thus should take priority in security efforts. However, this rank-ing only considered the implications of specific security breaches and did not consider the correlations between threats. To satisfy users’security-specific SLAs, the secu-rity aspects should be addressed from the users’point of view. Tianet al. [13] suggested a novel threat evaluation model using the analytic hierarchy process (AHP) to attempt to address privacy and potential threats in radio frequency identification, employing the AHP model to analyze user preference regarding threats.
3. COOPERATIVE SECURITY-SLA
EVALUATION MODEL
3.1. Overview of security SLA
To achieve security SLAs for users, security metrics and goal agreed between the parties that provide cloud service are needed. As mentioned in related works, however, many researcher and security-relative institute provide security metrics and results in a form somewhat differing. There-fore, we might define and deal with the security metrics of services in transparent manner by involved stakeholders. The service providers then could compete based on a consensus of security metrics. A user could be ensured trust-worthy evaluation result of security SLA. For reaching a consensus of security metrics, we provide a broker-based cooperative security-SLA evalaution model such as the Delphi technique in the next section (Figure 1).
The security SLA is different with risk assessment. While the risk assessment is evaluation from system of service provider, security SLA is an approach in the view of a user regarding security threats. As we know, security threats such as common vulnerabilities and exposures (CVE) have targets, for example, network, system, and data, to exploit for malicious purpose. In this sense, we might consider defense-in-depth model for information security, that is, network–host–application–data, to evaluate security threats including a user environment such as network layer and service-specific characteristic such as
host-application layer. It means that a measure of the degree of security threats is different according to the service types and network environment of a user to access services. For example, public wireless network and private network of enterprise, or a Web-based application delivered https session and a virtual desktop infrastructure (VDI) service delivered by secure container, have different threats, re-spectively. This idea is examined in Section 3.3, and we will see how this subject matter is being unveiled in Section 3.4. 3.2. A cloud broker-based cooperative security-SLA evaluation model
The cloud broker, as shown in Figure 2, is an entity of a cloud partner, which includes cloud brokers, auditors, and a cloud service developer; cloud brokers [13,14] can be people or organizations. A broker provides suitable cloud services to cloud customers to evaluate and select cloud service providers for user purposes, which are categorized as VDI service (denoted as a webtop), online storage, and Web-based applica-tion (denoted as a webApp) in personal cloud services [15]. Based on the earlier cloud broker definition, in the next
paragraphs, we will describe cloud brokers’specific roles for security SLAs in order to offer suitable personal cloud services. In our proposal, a cooperative security-SLA evaluation model offers appropriate personal cloud services based on cooperative evaluation results. This model provides a for-malized expression of security controls, which is defined by a cloud broker with general consensus among cloud pro-viders and cloud brokers. Above all, the formalized expres-sion of security control can be easily understood by cloud customers; in particular, standardized templates are needed to prevent potential confusion. Many researchers have pointed out the confusion caused by the different definitions of security control metrics. A standardized contract template should therefore be prepared under the auspices of a cloud broker or another appropriate institution.
Workflows 1–9 in Figure 1 show how cloud brokers and cloud service providers can reach a general consensus on security-SLA evaluation. For the formalized expression of security control (step 4 in Figure 1), cloud service providers initially assess security control based on the definition of security-SLA metrics provided by cloud brokers. As we men-tioned in Section 1, security vulnerabilities and user
Figure 1.Security SLA evaluation and negotiation model.
requirements are slightly different for each type of personal cloud service. When cloud service providers consider assessing the security aspects of their service, they place a great deal of weight upon the different security controls based on their service purpose, performance, and other aspects. This will be reflected when establishing the priorities of the secu-rity controls process (step 5 in Figure 1). Before describing how the priority values of the security controls are established, we will briefly examine the security threats and corresponding security controls and provide a security threats analysis of personal cloud service types in next section. 3.3. Security threats and metrics for security SLA
Security threats and vulnerabilities in cloud computing are studied by many researchers and institutes. We considered the nine most notorious threats [3]: data breach, data loss, account hijacking, insecure APIs, denial of service, malicious insider, abuse of cloud services, insufficient due diligence, and shared technology issue. Among the nine threats, we selected five security concerns from the user’s point of view. These are as follows: data breaches
(DB), data loss (DL), account hijacking (AH), insecure APIs (API), and malicious insiders (MI). We then attempted to match these to the corresponding security controls [10,16], which have outlined a framework for security mechanisms in SLAs for cloud services. Table I categorizes thefive threats into the corresponding security controls: secure resource pooling (storage, processing, and networking), access control (AC) audit, verification, and compliance (AU). When we consider threat evaluation, a multi-dimensional approach model is needed. This means that we might consider not only the technical factors based on service-specific threats but also unpredictable threats such as the network environment, malicious insider.
To analyze security threats based on the technology dependence and uncertainty of threats in cloud, we employed a 2 × 2 thinking matrix (Figure 3 [17]), which is used to facilitate better thinking and decisions. Figure 3 is based upon two considerations with aforementionedfive threats. The AH, although mostly predictable and a technical issue in managed network such as private network in cloud, it has high uncertainty of threats in untrusted network (UN) like public wireless network. This makes explicit statements about evaluation of security threats based on service-specific characteristic, that is, technical factor, is staring point and evaluation of unpredictable security threats, for example, network environments, is end for security SLA.
In this sense, we have assumed that the personal cloud infrastructure consists of a relatively trustworthy internal net-work and an untrusted external netnet-work (i.e., the Internet), as shown in Figure 4. Security threats are different depending on the network environment, as we noted in Figure 4 (e.g., ma-licious insiders do not have to be considered in the Internet en-vironment). This means that the priorities or weight values of corresponding security controls might be applied respectively. Furthermore, as we mentioned, depending on the per-sonal cloud service type, there are different preferences among the user requirements. In the case of webtop, a user may want a strict authentication process with certification and a VPN solution above everything else; usually, we do not expect data encryption using the desktop. An online storage user, on the other hand, might look for secure data backup, integrity, and encryption.
In summary, security threats are closely related with QoS of services, and we might consider the security threats to assess security SLAs based on underlying service type
Table I. Security treats and controls.
Security controls DB DL AH API MI
S Data isolation ● Data encryption ● Data location ● Data integrity ● Data backup ● P Application isolation ● ● Virtualfirewalls ● ● Application integrity ● ● N Network encryption ● ● Traffic isolation ● ● Integrity protection ● ● AC Identity management ● ● ● ● ● Access management ● ● ● ● ● Key management ● ● ● ● ● AU Logging ● ● ● ● ● Auditing ● ● ● ● ● Certification ● ● Customer privacy ●
and property. With these considerations in mind, let us now describe a security-SLA evaluation model that takes a multi-dimensional approach.
3.4. Security-SLA evaluation model
Researchers, for the most part, have tended to center around providing security-SLA definitions, needs, security metrics, and negotiation processes. As previous researchers have noted, the main issues are (i) the confusion caused by different security metrics or parameters between service providers and customers; (ii) how the security metric is measured; and (iii) the difficulty in monitoring security metrics. To address the confusion about security metrics or parameters, we have proposed cooperative security-SLA process based on broker in Section 3.1.1. We, here, aim to provide security-SLA evaluation methodology with simulation including self-assessment of service providers and security requirements of users reflected security-SLA evaluation in view of a multi-dimensional approach for recommending suitable services to users based on evalua-tion results.
3.4.1. Previous works and our purpose.
We have previously outlined a simple security-SLA evaluation model [17,18] that employs an AHP, which is a mathematics-based and psychology-based decision-making technique described by Saaty in 1970s [19]; we pointed out the correlation between threats and established weight values (priorities) of each threat to quantify the threats for SLA evaluation. Our previous works attempted to measure threats and security metrics. In this study, we extend the scope of our previous study focusing on multi-dimensional threat evaluation approaches that con-sider the personal cloud service types and network envi-ronment. We employed AHP with the outer dependence method and the ANP [4]: AHP with the outer dependence method extended to the network model.
3.4.2. ANP model for security SLA.
We provide series ANP model for security SLA as in Figure 5. The series ANP model consists of goal, scenario,
criteria, and alternative. The meaning of each layer regarding ANP model in Figure 5 are given as follows:
• Goal: Security-SLA evaluation is a scenario-based reachable objective.
• Scenario: Service usage scenario has influence on se-curity controls (Criteria): network environments and service types. In each scenario on network environ-ment, for example, UN and trusted network (TN), the priorities are determined by pair-comparison ma-trices on criteria, that is, security controls.
• Criteria: Corresponding security controls, S, P, N, AC, and AU as described in Section 3.3, with security threats, is a standard to assess the alternative, that is, service providers. We describe the aforementioned definition and relationship to assess personal cloud services from the security perspective shown in Figure 9.
• Alternative: Consisting of service providers, which are webtop, online storage, and webApp.
The notations of components in each layer are given as follows:
• N= {Nx|x= 1,…,o}: A set ofonetwork environment; whereo= 2, UN, TN.
• ST= {STy|y= 1,…,p}: A set ofpservice types, where p= 3, webApp, online storage, and webtop.
• WST,N= {WSC|SC= 1,…,m}: A set ofmweights on security controls of service type (ST) and network en-vironments (N).
• SC= {SCi|i= 1,…,m}: A set ofm security controls (criteria).
• CS= {CSj|j= 1,…,n}: A set ofnservices to compare. Figure 6 describes hierarchical model for the network model earlier. The weight on service type is missed, and weight value on service types in preparation phase has been determined (refer to Section 4), affecting the result of pair comparison in accordance with network environment. The details are shown in the scenario phase of Section 4. Thefinal result provides a basis for a recommendation to users by a cloud broker.
The important concept of this model is that there are different priorities (weight) based on the services and network environments. For example, the webtop service for enterprise puts a higher priority (weight value) on access control in UN than in TN. Because webtop service uses some of container solution such as VDI to deliver the content securely, when it comes to service, the online storage service needs more secure storage control than the webApp in a user perspective.
4. SECURITY-SLA EVALUATION
In this section, we will see how we could evaluate security SLA according to our model. To reach a goal, service
recommendation for a user purpose, defining security metrics and weight on security controls, is needed as described in Section 3.2. We here use Table I shown in Section 3.3 for the security metrics. Then weight value on security controls is affected by service type based on our assumption.
4.1. Weight evaluation using pair comparison To evaluate each component in Figures 5 and 6 shown in Section 3.4.2, we use pair-comparison matrix between elements of each component in view of object that is affected by the component as given in the exam-ple in Figure 7; elements of SC component (Criteria) are n= 3, and the pair comparison is enumerated for
Figure 6.ANP hierarchy model. Figure 5. Network model for security SLA.
the scenario explained in Section 3.4.2.θin Figure 6 is one of Saaty’s discrete nine-value scales [19], which are from 1 (equal importance) to 9 (extreme importance), and 2, 4, 6, and 8 are intermediate values.
Let the preceding pair-comparison matrix beA= (aij), the resulting matrix of the pair comparison on elements ai,aj. Those matrices have the following characteristics:
aii ¼ 1;aji ¼ 1=aij Aω ¼ λω
whereλis eigenvalue of the matrixAandωis dominant ei-genvector. The eigenvector is a priority in Figure 6, and the consistency index (CI) value can be acquired by the fol-lowing equation:
CI ¼ ðλnÞðn1Þ wheren= (number of target elements).
TheCIshould be lower than 0.1. If that is the case, the result of pair comparison is reliable. Let the initial vector beu(0) to calculateλandω.
uð Þ ¼0 ð1=n1=n…1=nÞ
v kð Þ ¼ Aku kð 1Þ;k ¼ 1;2; …;n v kð Þ ¼ ðv1ð Þk ;v2ð Þk ; …vnð Þk Þ u kð Þ ¼ v kð Þ=t kð Þ
Against a sufficiently large value ofk,v(k) andu(k) con-verged to determined values, that is,λmaxandωofA, re-spectively. ω is the weight value of the pair-comparison result, and eachω, a result of each component evaluation, is assigned a value in super matrix to calculate security SLA as described subsequently.
4.2. Security-SLA evaluation using super matrix
To attain the goal of hierarchical model in Figure 6 shown in Section 3.4.2, we use the following super matrix to calculate security SLA.
whereIis the unit matrix.
WAare the provided priorities of the alternative services on the security controls by service provider with self-assessment, and WCWA means a network environment considering priorities of alternatives (services) of users. WSWCWAis thefinal evaluation result that means security SLA. LetWbe
W¼ Wij
Then,Whas the following characteristics:
Wij¼Wi=Wj; Wjk¼Wj=Wk WijWjk≈Wi=Wk lim
n→∞W¼W∞
Therefore, we can expressW*on our hierarchy model as follows:
Thefinal result,WSWCWAofW*, means which service providers are better for users from the security perspective. Each value inWare calculated using pair comparison by stage, as follows.
• Preparation phase: establishing weight values on ser-vice types (WST: indicator)
Each cloud service, that is, webApp, online storage, and webtop, has different server configurations, service deliver-ies, and user purposes. Regarding those service-specific fea-tures, measuring security threats and corresponding security controls are different. Each service provider, therefore, does a pair comparison on security controls in view of their
service. Each matrix in Figure 8(a–c) is a comparison result of security control (criteria) on personal cloud service types. This comparison is based on the outer dependence model, in which the alternatives depend on certain criteria, and each priority of the alternatives can be a dominant eigenvector for relative assessment of the alternative. The weight values are useful to discriminate the relative impor-tance of security controls according to the service type.
• WWT= {0.058S, 0.214P, 0.417N, 0.203AC, 0.108AU} • WOS= {0.442S, 0.234P, 0.124N, 0.133AC, 0.069AU} • WWA= {0.174S, 0.058P, 0.103N, 0.460AC, 0.206AU} where WT is webtop, OS is online storage, and WA is webApp.
The results of the preceding three pair-comparison matrices are derived from Figure 8. These results, in Figure 9, indicate that the priorities of security control, that is, the security metrics for security SLAs, should be considered the feature and purpose of the service type; and the relative importance of each security metric cannot be applied to services uniformly.
Each resulting set of priorities for service providers of the same service type is stored in the database (shown in Figure 1), and the geometric average of the priorities can then be used as an indicator (as shown in Figure 10) of the group [19], which provide the same types of cloud services to determine the relative importance of each security metric depending on the service type. LetWiSand WI
S be priorities (dominant eigenvectors) of serviceiin a service group of theStype and an indicator in a service group of theStype, respectively.
WIS¼ ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi W1S;1*W2S;1…W n S;1 n q … ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiW1S;n*W2S;n…W n S;n n q Þ
wherenis the number of services.
Figure 10 shows the priorities of specific service group and indicators of that service group. According to the com-parison graph, we can choose the S3 to meet secure storage needs with average safety at the marketplace level.
• “Scenario”phase: criteria evaluation
The scenario, that is, UN and TN could affect weight value on security controls (criteria) from the perspective of a user. A user in public wireless network has much threats than a user in private network. This hypothesis is perfectly obvious. To gain effect of scenario, we could execute pair comparison, such as in Figure 7, between security controls. If there is some template, such as in Figure 1, to gain user requirements on security controls, then we could do a pair com-parison based on the requirements. This paper is
concerned with the influence on final result of security SLA. We provide two examples about online storage service, as follows:
• WOS,UN= {0.081S, 0.047P, 0.413N, 0.358AC, 0.101AU} • WOS,TN= {0.258S, 0.315P, 0.153N, 0.171AC,
0.103AU}
We might consider here WST of preparation phase. User’s requirements, WOS,UNand WOS, TN, according to the network environments are affected by service-specific characteristic, which isWST. Thefinal result is
WC¼ WOS;UNWST WOS;TNWST WSTis normalized as follows: W’C¼WC=WSUM whereWSUMis sum of elements inWC. Figure 9.Priority comparison between the service types.
W′C¼ 0:236S;0:072P;0:337N;0:309AC;0:046AU 0:483S;0:312P;0:080N;0:095AC;0:030AU
• “Criteria”phase: alternative evaluation
This phase is for evaluation alternative, that is, service providers, to determine which service provider supports better security on each security controls. The security metrics and corresponding security controls already defined using the Delphi technology as described in Figure 1. Thus, in this phase, we could do a pair comparison between service providers. This pair comparisons carry out regarding all security controls, respectively.
• “Goal”phase: security-SLA evaluation
The following example describes the ways in which services may be evaluated using super matrix in Section 4.2. This super matrix consists of W′C in“scenario”phase and WAin“criteria”phase, andWSis expressed asαandβof the super matrixWas shown in Section 4.2.
To reach thefinal goal through preceding super matrix, we need to define theWSahead very clearly. We suppose that the service S2 and service S3 are specialized on enterprise user and public user, respectively. Then we are going tofi g-ure out the impact of the network environments (WS). We make up scenarios in three ways: a user accesses the services only in the TN, that is,WN1; a user accesses the services only
in the public network (UN), that is,WN3; and both networks, that is,WN2, are shown in (a)–(c), as follows.
• WN1= (UN, TN) = (0, 1) • WN2= (UN, TN) = (0.5, 0.5) • WN3= (UN, TN) = (1, 0)
In other words,WN1indicates the enterprise solution not considering public network out of private network, while WN3indicates the common solution for a public user. The enterprise solution often is being offered through managed and controlled private network; sometimes, a user accesses the service in public network environment such as bring your own device (BYOD) in case ofWN2, for example.
Figure 11 describes the results of the aforementioned three cases, respectively, which fully correspond to our view. The enterprise solution S2 meeting the user require-ment,WOS,TN ×WST= (0.483S, 0.312P, 0.080N, 0.095AC, 0.030AU), could be recommended by cloud broker in case of TN. While the public solution S3 is suited for the UN. Figure 12 describes that the security-SLA evaluation results are influenced by which security controls place a great deal of weight on the services, even within in same network environment.
4.3. Simulation of security-SLA negotiation We have addressed the question of which aspects are con-sidered for security SLA and how the aspects are reflected to in security SLA employing ANP model. We here provide some simulations of security-SLA negotiation steps 6 to 9 as shown in Figure 1. Thus, we present how the cloud broker can recommend the service best suited to a user’s requirements.
Atfirst, the user can input his or her requirements to the template made by the cloud broker. The template should be made with a user-friendly expression. The user require-ments could be determined by a pair-comparison matrix on a UN and a TN, which are used in a“scenario”phase.
The needs of users about a security service vary depending on the user purpose and environment. Enterprise users (U1), for example, in corporate networks, are less sensitive to UNs compared with public users (U2). These two users’ requirements of webApp, calculated using pair comparison by two types of users, are shown in Table II.
We suppose that the service type is a webApp; thus, the user wants more secure access control with encryption on uploaded information. Both the network environments and security threats might involve uncertainty. We
consider security-SLA evaluation results depending on the users’requirements as expressed by“network”in Ta-ble II. Figures 13 and 14 describe the security-SLA results, derived by the “goal” phase in Section 4.2, among the following webApp service providers: S1, S2, and S3 (Tables III and IV).
The cloud broker is able to recommend service S2 to the user1, as S2 has higher evaluation results in the TN envi-ronment. The service S2, moreover, also good at BYOD configuration, that is, WN= (UN,TN) = (0.5, 0.5). For Figure 12. Evaluation results on network environments.
Table II. Users’requirements.
User Network S P N AC AU
Enterprise user (U1) UN 0.058 0.214 0.417 0.203 0.108
TN 0.442 0.234 0.124 0.131 0.069
Public user (U2) UN 0.175 0.133 0.210 0.289 0.193
TN 0.211 0.210 0.165 0.235 0.179
user2, however, the graph describes a definite result: ser-vice S3. The cloud broker could recommend serser-vice based
on the priorities of the services to the user with indicator of those service groups, as shown in Figure 8.
4.4. Motivation and contributions of this study
We discuss about security-SLA evaluation in which aspects might be considered and how we can provide a quantitative evaluation. The security could begin as technologies and be completed by human. There is a saying that“The more se-cure you make something, the less sese-cure it becomes”. So, the answer lies in usability. To obtain usability in security, we focus on the paradigm shift, that is, security as a service.
• “Security”as a service
Current security is in thefield of technology, that is why a user cannot access and understand the security. To solve this problem, wefix our sight upon the security SLA for transpar-ent security as shown in Figure 15. The beginning of security SLA is achieving consensus on security service including se-curity metrics and corresponding sese-curity controls. Thus, (i) we propose cooperative security-SLA evaluation model using the Delphi technology in Section 3. The security SLA could accomplish the security reflecting users’ requirements effi -ciently by an objective evaluation of the cloud broker.
• Efficient security as a service
Chen et al.[20] have convincingly expounded on-demand security architecture in cloud computing that dif-ferentiated security architecture according to service-specific characteristics that could prevent an unnecessary drain on IT resources by protecting cloud computing ser-vices at just the right level. In this sense, the security SLA could provide security service at just the right level, efficient security, with agreements, and clarify where the responsibility lies regarding security incidents. (ii) We try to give convincing answers to the considerations for determination of“the right level”through the influence of
Figure 14. Evaluation results of user2 (U2).
Table III. Security-SLA evaluation of user1 (U1).
UN TN S1 S2 S3 First priority 0.1 0.9 0.320 0.308 0.372 S3 0.2 0.8 0.318 0.315 0.367 S3 0.3 0.7 0.308 0.302 0.362 S3 0.4 0.6 0.316 0.322 0.362 S3 0.5 0.5 0.312 0.337 0.352 S3 0.6 0.4 0.31 0.344 0.347 S3 0.7 0.3 0.308 0.351 0.341 S3 0.8 0.2 0.305 0.358 0.336 S2 0.9 0.1 0.303 0.366 0.331 S2
Table IV. Security-SLA evaluation of user2 (U2).
UN TN S1 S2 S3 First priority 0.1 0.9 0.320 0.308 0.372 S3 0.2 0.8 0.318 0.315 0.367 S3 0.3 0.7 0.308 0.302 0.362 S3 0.4 0.6 0.316 0.322 0.362 S3 0.5 0.5 0.312 0.337 0.352 S3 0.6 0.4 0.31 0.344 0.347 S3 0.7 0.3 0.308 0.351 0.341 S3 0.8 0.2 0.305 0.358 0.336 S2 0.9 0.1 0.303 0.366 0.331 S2 0.1 0.9 0.302 0.340 0.358 S3 0.2 0.8 0.302 0.341 0.358 S3 0.3 0.7 0.301 0.341 0.357 S3 0.4 0.6 0.301 0.342 0.357 S3 0.5 0.5 0.301 0.343 0.356 S3 0.6 0.4 0.301 0.343 0.356 S3 0.7 0.3 0.301 0.344 0.356 S3 0.8 0.2 0.3 0.345 0.355 S3 0.9 0.1 0.3 0.345 0.355 S3
service type on security SLA and verify our assumption by mathematical model employing ANP.
Moreover, (iii) we consider user requirements, expressed as “network environments” in this study, for security-SLA evaluation, because different network envi-ronments have different threats. However, the practical method to reflect users’requirements and present quantita-tive evaluation is reserved for future works.
5. CONCLUSION
Great attention has been given to the question of how to measure security SLA and how services could be recom-mended to users based on security SLAs. Even though many researchers have provided definitions and evaluation models or processes for security SLAs, in fact, quantitative methodologies for evaluation are rarely studied, and their difficulty is often noted. In addition, there are few approaches to addressing the confusion caused by the differ-ent criteria (i.e., security metrics or parameters) for security SLAs. In this sense, security-SLA evaluation might consider multi-dimensional approaches such as service types, net-work environments, and quantitative measurements.
In this paper, we proposed a novel cooperative security-SLA evaluation methodology to solve the aforementioned problems by achieving security as a service with security SLA for transparent security. However, a decision methodol-ogy of the elements of a pair-comparison matrix based on an objective analysis has not been described, and this deserves considerable attention in future work.
ACKNOWLEDGEMENTS
This research was supported by the MSIP (Ministry of Science, ICT & Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (NIPA-2014-H0301-14-1020) supervised by the NIPA (National IT Industry Promotion Agency).
REFERENCES
1. Personal Cloud. http://personal-clouds.org [Accessed on March 2014].
2. Sahai A, Graupner S, Machiraju V, Moorsel A. Speci-fying and Monitoring Guarantees in Commercial Grids through SLA. In proceeding(s) of IEEE/ACM Interna-tional Symposium Cluster Computing and the Grid 2003; 292–300.
3. The Cloud Security Alliance. https://cloudsecurityalliance. org/ [Accessed on February 2013].
4. Saaty TL. Decision Making with Dependence and Feedback: The Analytic Network Process. RWS Publi-cations: Pittsburgh, 2001; 1–370.
5. Wu C, Zhu Y, Pan S. The SLA evaluation model for cloud computing. In Proceeding(s) of the International Conference on Computer, Networks and Communica-tion Engineering 2013; 331–334.
6. Hossain AA, Huh E-N. Refundable service through cloud brokerage. Proceeding of IEEE Cloud 2013:972–973. doi:10.1109/CLOUD.2013.115. 7. Ryan MD. Cloud computing security: the scientific
chal-lenge, and a survey of solutions.Journal of Systems and Software 2013; 86(9):2263–2268. doi:10.1016/j. jss.2012.12.025.
8. Zissis D, Lekkas D. Addressing cloud computing security issues. Future Generation Computer Systems 2012; 28(3):583–592. doi:10.1016/j. future.2010.12.006.
9. Rong C, Nguyen ST, Jaatun MG. Beyond lightning: a survey on security challenges in cloud computing. Computers & Electrical Engineering 2013; 39(1): 47–54. doi:10.1016/j.compeleceng.2012.04.015. 10. Bernsmed K, Jaatun MG, Meland PH, Undheim A.
Se-curity SLAs for federated cloud services. In Proceed-ing(s) of the Availability, Reliability and Security (ARES) 2011; 202–209.
11. Collaboration Services: Deployment Options for The Enterprise. Forrester Research: 2012; 1–15.
12. Tian Y, Song B, Huh E-N. A novel threat evaluation method for privacy-aware system in RFID.International Journal of Ad Hoc and Ubiquitous Computing2011;
8(4):230–240.
13. Hassan M, Song B, Huh E-N. A market-oriented dynamic collaborative cloud services platform.Annals of Telecommunications2010;65(11-12):669–688. 14. ISO/IEC CD 17789. Information technology—
Distrib-uted application platforms and services (DAPS)—Cloud Computing—Reference Architecture, 2013.
15. Na S-H, Park J-Y, Huh E-N. Personal cloud computing security framework. Services Computing Conference (APSCC), IEEE Asia-Pacific 2010; 671–675.
16. Bernsmed K, Jaatun MG, Undheim A. Security in service level agreements for cloud computing. In Proceedings of the 1st International Conference on Cloud Computing and Services Science, 2011.
17. Na S-H, Kim K-H, Huh E-N.A methodology for eval-uating cloud computing security service-level agree-ments2013;5(13):235–242.
18. Na S-H, Kim K-H, Huh E-N. Threats evaluation for SLAs in cloud computing, The 3rd International Confer-ence on ConvergConfer-ence Technology 2013; 1570–1571. 19. Saaty TL. How to make a decision: the analytic hierarchy
process.European Journal of Operational1990;48:9–26. 20. Chen J, Wang Y, Wang X. On-demand security architec-ture for cloud computing.Computer2012;45(7):73–78. doi:10.1109/MC.2012.120.
