Astrid Undheim

Security SLAs for Federated Cloud Services

The federated Cloud paradigm aims to provide flexible and reliable services composed of a mixture of internal and external mini-clouds, but this heterogeneous nature is also fuelling the security concerns of the customers. To allay the fears and deal with the threats associated with outsourcing data and applications to the Cloud, new methods for security assurance are urgently needed. This paper presents current work on Cloud Security Service Level Agreements and our approach on how to manage this in the context of hybrid clouds. The purpose is to facilitate rapid service composition and agreements based on the necessary security requirements and establish trust between the customer and provider. We also show how this can be applied on a realistic case study related to a hybrid Unified Communication service.

Differentiated Availability in Cloud Computing SLAs

Cloud computing is the new trend in service delivery, and promises large cost savings and agility for the customers. However, some challenges still remain to be solved before widespread use can be seen. This is especially relevant for enterprises, which currently lack the necessary assurance for moving their critical data and applications to the cloud. The cloud SLAs are simply not good enough. This paper focuses on the availability attribute of a cloud SLA, and develops a complete model for cloud data centers, including the network. Different techniques for increasing the availability in a virtualized system are investigated, quantifying the resulting availability. The results show that depending on the failure rates, different deployment scenarios and fault-tolerance techniques can be used for achieving availability differentiation. However, large differences can be seen from using different priority levels for restarting of virtual machines.

Security SLAs – An Idea Whose Time Has Come?

Service Level Agreements (SLAs) have been used for decades to regulate aspects such as throughput, delay and response times of services in various outsourcing scenarios. However, security aspects have typically been neglected in SLAs. In this paper we argue that security SLAs will be necessary for future Internet services, and provide examples of how this will work in practice.

Thunder in the Clouds: Security challenges and solutions for federated Clouds

Cloud federation brings together different service providers and their offered services, so that many Cloud variants can be tailored to match different sets of customer requirements. To mitigate security risks and convince hesitant customers, security must be an integrated part of the federated Cloud concept. This paper surveys the state of the art in Cloud computing security, identifies unsolved issues related to federated Clouds, discusses possible approaches to deal with the threats and points out directions for further work.

Expressing cloud security requirements for SLAs in deontic contract languages for cloud brokers

The uptake of cloud computing is hindered by the fact that current cloud SLAs are not written in machine-readable language, and also fail to cover security requirements. This article considers a cloud brokering model that helps negotiate and establish SLAs between customers and providers. This broker handles security requirements on two different levels: between the customer and the broker, where the requirements are stated in natural language; and between the broker and different cloud providers, where requirements are stated in deontic contract languages. There are several such languages available today with different properties and abstraction levels, from generic container languages to more domain-specific languages for specifying the various details in a contract. In this article, we investigate the suitability of ten deontic contract languages for expressing security requirements in SLAs, and exemplify their use in the cloud brokering model through a practical use case for a video streaming service.

Effects of Dynamic Cloud Cluster Load on Differentiated Service Availability

Accredited to the diverse nature of cloud services, there is a need for cloud providers to offer differentiated availability for different service types in their SLAs. This can be achieved by using different redundancy strategies and fault-tolerance techniques. The availability resulting from these techniques is highly dependent upon the load on cloud datacenters and their clusters. This load is dynamic, caused by both variations in demand and failures in servers, network, and other cloud infrastructure. In this paper, the effect of dynamic load in a cloud cluster on the service availability is studied, using analytical models and simulations. The results are thus obtained for different loads and compared among different service classes. The analytical models are not able to grasp the interaction between different classes, and hence a simulation is performed. The results show that the cluster load has a quantifiable effect on service availability, and it increases with decreasing level of priority assigned to a service class.

Towards an Ontology for Cloud Security Obligations

This paper presents an ontology for Cloud security obligations, which is based on a number of industry accepted standards and guidelines. The ontology terms and relationships have been defined in the W3C ontology language OWL and includes a number of technical security controls that can be implemented by public Cloud providers. This paper outlines the ontology and demonstrates how it can be used in two different application areas.

Exploiting cloud computing — A proposed methodology for generating new business

Cost savings are frequently mentioned as the main driver for cloud computing due to reduced CapEx and OpEx through consolidated data centers, reduced HW/SW investments and IT staffing. Generating new revenues and business through offering cloud-based services are more seldom discussed. When addressing the former cost savings, methodologies like TCO (Total Cost of Ownership) are commonly applied. When addressing the latter, we see an incomplete and inexact methodology being used. This paper suggests a methodology for addressing new business opportunities from cloud computing, which may support Telcos in their exploitation activities towards SMEs or the enterprise market. A business model terminology is introduced briefly followed by a suggested business model framework. Finally, a case example from the VISION Cloud EU Project is briefly presented as an illustration of this model.

Towards a dynamic cloud-enabled service eco-system

Cloud computing re-defined what, in ICT, can be delivered “as a service”. The new types of services increase the potential of some Service-Oriented Architecture concepts, e.g. dynamic discovery and composition of services. We envision a dynamic cloud-enabled service ecosystem in which different business actors cooperate in delivering scalable high-value services to the end user. The different providers should be able to discover, request, use and discard services during runtime based on some internal management logic. We define and use a reference model to explain this dynamicity, characterized by the introduction of the concept of Virtual Distributed Execution Environment (VDEE) between the virtual resources and the applications. Based on a study of the state of the art on cloud and SOA technologies, we identify functions of existing platforms that could be integrated to implement the proposed reference model. We also identify some challenges that still need to be addressed. Finally we anticipate the business-related evolution towards the dynamic cloud.