Proc. of IEEE Services Computing (SCC), 2017
Cloud security; security quantification; security service level agreements
Although the use of Cloud services is proliferating, the notion of Cloud security remains ambiguous. This typically arises from two causes, namely (a) the limited awareness about security details by the average Cloud customer which results in the customers being unable to clearly express their security requirements, or (b) the lack of interfaces/tools that can meaningfully capture the customer requirements. In general, the Cloud customers are only able to provide qualitative requirements due to their inability to express precise security requirements. Nevertheless, Cloud customers still need to assess and benchmark various security services provided by different providers in order to select the most suitable Cloud provider that can satisfy their “imprecise and uncertain” security requirements.
This paper proposes a methodology for enhancing the security aspects of Cloud services by quantitatively comparing the customer security requirements with the security offered by Cloud providers. The novelty of our approach is based on the usage of a fuzzy logic schema to manage the uncertainty of those qualitative requirements. We validate our framework by applying it to real-world data that leverages the standardized Cloud service level agreements structure proposed in the ISO/IEC 19086 standard.