Computer Science ›› 2016, Vol. 43 ›› Issue (5): 100-107.doi: 10.11896/j.issn.1002-137X.2016.05.019

Previous Articles     Next Articles

Research of Cloud Provider Selection Method Based on SecLA

ZHU Hua-min, WU Li-fa and KANG Hong-kai   

  • Online:2018-12-01 Published:2018-12-01

Abstract: As the range of cloud computing applications is gradually expanded,users become more and more concerned about the security of cloud services.Existing selection methods of cloud provider focus on performance and cost while seldom emphasize security.There is no effective method for evaluating the security services of cloud computing.Under this background,this paper presented a method for quantitative assessment of cloud security services based on security level agreement(SecLA).Firstly,it builds the cloud computing security index system and the quantitative evaluation model based on cloud control matrix(CCM) and accompanying consensus assessments initiative questionnaire(CAIQ),which are published by cloud security alliance(CSA).Secondly,it designs the template framework of SecLA by extending WS-Agreement.Finally,it introduces two underprovisioning parameters to enhance comparison method of alternatives advantage degree and realizes the quantitative comparison of SecLAs in cloud computing environment.The experimental results prove that the methods are feasible and effective.Compared with reference evaluation method(REM) and simple linear weighted method,the cloud providers sorting results in this paper are more reasonable,and underprovisioning parameters contribute a good auxiliary effect to decision making.

Key words: Cloud computing,Cloud security assessment,Cloud security quantification,Security level agreement(SecLA),Cloud provider selection

[1] Feng Deng-guo,Zhang Min,Zhang Yan,et al.Study on CloudComputing Security[J].Journal of Software,2011,22(1):71-83(in Chinese) 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83
[2] Thaweejinda J,Senivongse T.Semantic search for cloud provi-ders with security conformance to cloud controls matrix[C]∥Proceedings of the 2014 11th International Joint Conference on Computer Science and Software Engineering.IEEE,2014:286-291
[3] Bhensook N,Senivongse T.An assessment of security requirements compliance of cloud providers[C]∥Proceedings of the 2012 IEEE 4th International Conference on Cloud Computing Technology and Science(CloudCom).IEEE,2012:520-525
[4] Pumvarapruek N,Senivongse T.Classifying cloud provider security conformance to cloud controls matrix[C]∥Proceedings of the 2014 11th International Joint Conference on Computer Scien-ce and Software Engineering.IEEE,2014:268-273
[5] Luna J,Vateva-Gurova T,Suri N,et al.SecLA-Based Negotiation and Brokering of Cloud Resources[M]∥Helfert M.Cloud Computing and Services Science.Berlin:Springer International Publishing,2014:1-18
[6] Luna J,Langenberg R,Suri N.Benchmarking Cloud SecurityLevel Agreements Using Quantitative Policy Trees[C]∥Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop.ACM,2012:103-112
[7] Hale M L,Gamble R.Secagreement:advancing security risk calculations in cloud services[C]∥Procee-dings of the 2012 IEEE 8th World Congress on Services.IEEE,2012:133-140
[8] Luna J,Ghani H,Vateva T,et al.Q uantitative Assessment of Cloud Security Level Agreements:A Case Study[C]∥Procee-dings of the 2012 International Conference on Security and Gryptography.Scitepress,2012:64-73
[9] Hale M L,Gamble R.Building a Compliance Vocabulary to Embed Security Controls in Cloud SLAs[C]∥Proceedings of the 2013 IEEE 9th World Congress on Services.IEEE,2013:118-125
[10] Cloud Security Alliance.Cloud Controls Matrix[EB/OL].(2015-04-25).https://cloudsecurityalliance.org/research/ccm
[11] Cloud Security Alliance.Consensus Assessments Initiative Question-naire[EB/OL].https://cloudsecurityalliance.org/research/cai
[12] Jiang Zheng-wei,Wu Xi-hong,Yang Pei-an,et al.Cloud Provider Selection Method Based on SecSLA[J].Computer Engineering,2013,39(10):1-5(in Chinese) 姜政伟,巫锡洪,杨沛安,等.基于SecSLA的云供应商选择方法[J].计算机工程,2013,39(10):1-5
[13] Andrieux A,Czajkowski K,Dan A,et al.Web services agreement specification(WS-Agreement)[EB/OL].http://www.ogf.org/documents/GFD.107.pdf
[14] Henning R R.Security service level agreements:quantifiable security for the enterprise[C]∥Proceedings of the 1999 workshop on New Security Paradigms.ACM,1999:54-60
[15] Bernsmed K,Jaatun M G,Meland P H,et al.Security SLAs for federated cloud services[C]∥2011 6th International Conference on Availability,Reliability and Security.IEEE,2011:202-209
[16] Ludwig H,Keller A,Dan A,et al.Web service level agreement(WSLA) language specification[R].IBM,2003:815-824
[17] Lawrence A,Djemame K,Wldrich O,et al.Using Service Le-vel Agreements for Optimising Cloud Infrastructure Services[M]∥Cezon M,Wolfsthal Y.Towards a Service-Based Internet.Berlin:Springer,2011:38-49
[18] Lin Zhi-ming,Mao Zheng-yuan.Comparison Method of Alternatives Advantage Degree for Multiple Attribute Decision-making[J].Statistics and Decision,2015(2):44-47(in Chinese) 林志明,毛政元.多属性决策的方案比较优势度法[J].统计与决策,2015(2):44-47
[19] Cloud Security Alliance.Security,Trust and Assurance Registry(STAR)[EB/OL].https://cloudsecurityalliance.org/star
[20] Chen Ai-zu,Tang Wen,Zhang Dong-li.Research on performance evaluation of system operation[M].Beijing:Science Press,2009:56-60(in Chinese) 陈爱祖,唐雯,张冬丽.系统运行绩效评价研究[M].北京:科学出版社,2009:56-60
[21] Li Xiao-lin,Zhang Li-na.Service Selection Strategies Based onMulti-Attribute Group Decision-Making Considering QoS Pre-ference[J].Computer Systems & pplications,2014,23(12):249-252(in Chinese) 李小林,张力娜.考虑QoS偏好的多属性群决策服务选择策略[J].计算机系统应用,2014,23(12):249-252

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!