C'MON: Monitoring the Compliance of Cloud Services to Contracted Properties

Proc. of Intl. Conference on Availability, Reliability and Security (ARES), 2017

  • Keywords:

    Cloud security; security quantification; security service level agreements

  • Abstract:

    ŒThe usage of computing resources “as a service” makes cloud computing an aŠttractive solution for enterprises with fluƒctuating needs for information processing. As security aspects play an important role when cloud computing is applied for business-critical tasks, security service level agreements (secSLAs) have been proposed to specify the security properties of a provided cloud service.

    While a number of approaches for service providers exist to assess the compliance of their services to the corresponding secSLAs, there is virtually no support for customers to detect if the services they use comply to the specifi€ed security levels. To close this gap, we propose C’mon, an approach to continuously monitor the compliance of cloud services to secSLAs. Our evaluation of C’mon shows its ability to identify violations of contracted security properties in an IaaS seŠtting with very low performance overheads.

Soha Albaghdady, Stefan Winter, Ahmed Taha, Heng Zhang, Neeraj Suri