Proc. of Intl. Conference on Availability, Reliability and Security (ARES), 2017
Cloud security; security quantification; security service level agreements
The usage of computing resources “as a service” makes cloud computing an attractive solution for enterprises with fluctuating needs for information processing. As security aspects play an important role when cloud computing is applied for business-critical tasks, security service level agreements (secSLAs) have been proposed to specify the security properties of a provided cloud service.
While a number of approaches for service providers exist to assess the compliance of their services to the corresponding secSLAs, there is virtually no support for customers to detect if the services they use comply to the specified security levels. To close this gap, we propose C’mon, an approach to continuously monitor the compliance of cloud services to secSLAs. Our evaluation of C’mon shows its ability to identify violations of contracted security properties in an IaaS setting with very low performance overheads.