Cloud Computing : Security Risks, SLA, and Trust

Ambrose, William, Athley, Samuel, Dagland, Niclas

January 2010

<p>With Cloud Computing becoming a popular term on the Information Technology (IT) market, security and accountability has become important issues to highlight. In our research we review these concepts by focusing on security risks with Cloud Computing and the associated services; Software, Platform and Infrastructure (SPI) and connecting them with a social study of trust.</p><p>The method that was conducted during our research was reviewing secondary literature, interviewing different experts regarding Cloud Computing and relating standards already established by ENISA, NIST, and CSA to the interviews.</p><p>The result of this study shows connections between the specific SPIs, both how they compare, but also how they differ. In the end we were also able to rank the top security risks from interviews with experts and see which SPI could be the most insecure one and  what countermeasures could be applied.</p><p>This was further related to trust and Service Level Agreement (SLA) in Cloud Computing to show how the security risks we discuss are related to these two specific areas. By highlighting this we wanted to present useable information for both clients and providers in how to create a better Cloud Computing environment.</p>

Cloud Computing

Service Level Agreement

Security Risks

Trust

Software as a Service

Platform as a Service

Infrastructure as a Service

Computer science

Datalogi

Αλγόριθμοι και μηχανισμοί για την παροχή υπηρεσιών με εγγυημένη ποιότητα σε δίκτυα τύπου internet

Σεβαστή, Αφροδίτη

26 February 2009

Αντικείμενο της παρούσας Διατριβής είναι η μελέτη της απόδοσης και η εισαγωγή νέων χαρακτηριστικών σε μοντέλα για την παροχή υπηρεσιών με εγγυήσεις ποιότητας στα σύγχρονα IP δίκτυα καθώς και η εισαγωγή των απαραίτητων επιχειρησιακών λειτουργιών για την εφαρμογή των μοντέλων αυτών, με στόχο τη βελτίωση της απόδοσης. Ακολουθώντας μια καταγραφή και αξιολόγηση των μηχανισμών και αρχιτεκτονικών που εισάγουν τη διαφοροποίηση εξυπηρέτησης στα IP δίκτυα, η μελέτη που παρουσιάζεται εδώ ακολουθεί σε όλα της τα στάδια τις αρχές της αρχιτεκτονικής DiffServ, η οποία επιτρέπει την παροχή ενός συγκεκριμένου εύρους υπηρεσιών με εγγυήσεις ποιότητας σε συναθροίσεις ροών και περιορίζει την πολυπλοκότητα στα όρια του δικτύου. Η απόδοση και η αποτελεσματικότητα των μηχανισμών και λειτουργιών διαφοροποίησης εξυπηρέτησης με βάση την αρχιτεκτονική DiffServ αξιολογούνται με βάση την εξασφάλιση εγγυημένης χωρητικότητας, φραγμένης από-άκρο-σε-άκρο καθυστέρησης, ελαχιστοποιημένων απωλειών πακέτων και φραγμένου jitter. Ωστόσο, σε κάθε μοντέλο υπηρεσίας για την παροχή QoS, τονίζεται η σημασία της εξασφάλισης των καλύτερων δυνατών εγγυήσεων ποιότητας με την ελάχιστη δυνατή πολυπλοκότητα. Τα διαφορετικά μοντέλα υπηρεσιών θέτουν συγκεκριμένους στόχους λαμβάνοντας υπόψη τις ανάγκες των εφαρμογών στις οποίες απευθύνονται. Οι δύο επικρατέστερες κατηγορίες υπηρεσιών στα πλαίσια της αρχιτεκτονικής DiffServ είναι η κατηγορία των υπηρεσιών μέγιστης προτεραιότητας και η κατηγορία των υπηρεσιών εγγυημένης χωρητικότητας σε συνθήκες συμφόρησης. Στην πρώτη κατηγορία, προτείνεται το μοντέλο υπηρεσίας Gold, το οποίο ακολουθεί τις αρχές τις αρχιτεκτονικής DiffServ για να παρέχει βέλτιστη ποιότητα εξυπηρέτησης σε συναθροίσεις IP ροών, ενώ ταυτόχρονα μπορεί να εφαρμοστεί πρακτικά σε δίκτυα παραγωγής. Στη δεύτερη κατηγορία, προτείνεται το μοντέλο υπηρεσίας Relative για την παροχή υπηρεσιών εγγυημένης χωρητικότητας σε συνθήκες συμφόρησης, με βασικά χαρακτηριστικά την μείωση της υπολογιστικής πολυπλοκότητας και την βελτίωση της δικαιοσύνης μεταξύ των εξυπηρετούμενων TCP ροών. Η υπηρεσία Gold διατηρεί την αρχή της επεκτασιμότητας και παρέχει αυστηρές εγγυήσεις ποιότητας αλλά ταυτόχρονα επιτρέπει την εφαρμογή μηχανισμού ελέγχου αποδοχής νέων αιτημάτων χωρίς διακοπή της λειτουργίας του δικτύου. Eισάγει επίσης ένα νέο χαρακτηριστικό σε σχέση με τα υπάρχοντα σχήματα: την διαφοροποίηση ως προς την εγγυημένη μέγιστη καθυστέρηση που παρέχεται στις ροές. Υλοποιείται με τη χρονοδρομολόγηση LA-EDF, που εισάγει την έννοια της διαφοροποιημένης εξυπηρέτησης εντός της ίδιας κλάσης υπηρεσίας και λειτουργεί ως υποστηρικτικός μηχανισμός του ελέγχου αποδοχής κλήσεων, τον αλγόριθμο DBAC για την αποδοχή κλήσεων χωρίς επέμβαση στη λειτουργία του δικτύου και την δρομολόγηση εξισορρόπησης φόρτου για την καλύτερη αξιοποίηση των διαθέσιμων πόρων χωρίς να παραβιάζονται οι εγγυήσεις ποιότητας. Η υπηρεσία Relative επιτυγχάνει προσαρμοστικότητα σε συνθήκες μεταβαλλόμενου φόρτου, δίκαιη διαφοροποίηση, υψηλή απόδοση, αύξηση της χρησιμοποίησης των διαθέσιμων πόρων ενώ αντιμετωπίζει πολλές από τις αδυναμίες που παρουσιάζουν αντίστοιχα μοντέλα. Υλοποιείται με τον μηχανισμό μαρκαρίσματος TWAM ο οποίος εφαρμόζεται στο σημείο εισόδου των ροών στο δίκτυο και αντιμετωπίζει τα θέματα της μη δίκαιης μεταχείρισης TCP ροών με τη μικρότερη δυνατή υπολογιστική επιβάρυνση σε σχέση με υπάρχοντες μηχανισμούς μαρκαρίσματος και τον μηχανισμό DWRED για την ενεργητική διαχείριση του αποθηκευτικού χώρου των ουρών, ο οποίος λειτουργεί με βάση το μαρκάρισμα της κίνησης που επιφέρει ο TWAM και προσαρμόζεται στις μεταβαλλόμενες συνθήκες λειτουργίας. Μεταξύ των καθοριστικών παραγόντων για την ευρεία υιοθέτηση υπηρεσιών βασισμένων στην αρχιτεκτονική DiffServ στα σύγχρονα δίκτυα παραγωγής, αναδεικνύονται η εισαγωγή ευέλικτων επιχειρηματικών μοντέλων για την υλοποίηση των υπηρεσιών αυτών στο εσωτερικό ενός δικτύου καθώς και χρέωσης των παρεχόμενων υπηρεσιών. Ο ορισμός Συμβολαίων Εξασφάλισης Επιπέδου Υπηρεσιών (ΣΕΕΥ) για δίκτυα που υποστηρίζουν την παροχή QoS υπηρεσιών με βάση την αρχιτεκτονική DiffServ έχει ως στόχο την εξασφάλιση της συμβατότητας των παρεχόμενων από διαφορετικά διασυνδεδεμένα δίκτυα υπηρεσιών προκειμένου για την από-άκρο-σε-άκρο εξασφάλιση εγγυήσεων ποιότητας. Προτείνεται ένα πρότυπο για την υλοποίηση διμερών ΣΕΕΥ σε IP δίκτυα που παρέχουν υπηρεσίες μέγιστης προτεραιότητας καθώς και μια μεθοδολογία για την υλοποίηση από-άκρο-σε-άκρο Συμβολαίων πάνω από διασυνδεδεμένα δίκτυα. Σε ένα IP δίκτυο, η εισαγωγή ενός αριθμού κλάσεων υπηρεσιών που διαφοροποιούνται στις παρεχόμενες ποιοτικές εγγυήσεις απαιτεί την εισαγωγή διαφοροποιημένων μοντέλων χρέωσης που επιπρόσθετα οδηγούν τους χρήστες στην επιλογή της κατάλληλης κλάσης υπηρεσίας η οποία μεγιστοποιεί την αντιληπτή χρησιμότητα. Προκειμένου για τη χρέωση υπηρεσιών με βάση την αρχιτεκτονική DiffServ, τα προφίλ κίνησης των χρηστών και οι διαφορές στην αντιληπτή ποιότητα αντιπροσωπεύουν τη χρησιμότητα που αντιλαμβάνεται ο χρήστης. Προτείνεται ένα μοντέλο χρέωσης όπου το προφίλ της κίνησης αποτελεί το αντικείμενο διαπραγμάτευσης του χρήστη με τον πάροχο, αφού ο χρήστης συνυπολογίσει τις εγγυήσεις ποιότητας εξυπηρέτησης που ανακοινώνονται από τον τελευταίο προκαταβολικά. Η καινοτομία του προτεινόμενου μοντέλου συνίσταται στις εξωτερικές συνθήκες (externalities) που υπεισέρχονται στα υφιστάμενα κόστη και προκαλούνται από τη φύση των υπηρεσιών που υλοποιούνται με βάση το μοντέλο DiffServ, καθώς επίσης και στον καθορισμό των πραγματικών τιμών με βάση τις οποίες χρεώνονται οι χρήστες. / The goal of this Dissertation is to study the performance of existing tools and the introduction of new features to quality of service provisioning models in IP networks as well as the introduction of the business models required for applying these models in an operational environment in ways that the performance is improved. Following the evaluation of mechanisms and architectures for differentiation of service in IP networks, the principles of the DiffServ framework have been adopted. The DiffServ framework specifies the provision of a set of services with qualitative guarantees to traffic aggregates, while keeping complexity at the network edges. The performance and effectiveness of service differentiation mechanisms according to the principles of the DiffServ framework are evaluated according to the following metrics: guaranteed capacity, bounded end-to-end delay, minimization of packet losses and jitter. However, in any QoS model, it is important to ensure the best quality possible by keeping complexity low. Each QoS model is designed to meet the needs of a different traffic type. The two prevailing service models within the DiffServ framework are the maximum priority, maximum quality model and the guaranteed capacity under congestion model. The proposed Gold service falls within the first category above, offering advanced quality to IP traffic aggregates with a set of principles that can easily be applied to operational networks. The proposed Relative service model provides guaranteed capacity under congestion by reducing the complexity and improving fairness among TCP flows. The Gold service preserves scalability and provides strict quality guarantees, incorporating a call admission control mechanism that operates without interfering with the network operations. It introduces a novel feature: differentiation of the guarantees on end-to-end delay provided to traffic flow. It is implemented using LA-EDF scheduling that introduces service differentiation within the same class and supports the call admission control functions, the DBAC algorithm for admission control and flow routing with load balancing for optimizing the use of available resources without compromising in terms of the guaranteed quality. The Relative service achieves high adaptability in transient load conditions, fair differentiation, high quality, increase in the utilization of available resources without demonstrating the same weaknesses as equivalent service models. It is implemented using the TWAM marking mechanism, which is applied at the network ingress and ensures fairness with less overhead than similar mechanisms, and DWRED, the active queue management mechanism that depends upon the TWAM marking and adapts to the varying load levels. The introduction of effective business and pricing models is crucial for the adoption of qualitative service models based on the DiffServ framework in a production network. The definition of Service Level Agreements (SLAs) for networks that provide QoS according to the principles of the DiffServ framework aims at introducing compatibility among the services provided for the provisioning of end-to-end quality guarantees. A template for the implementation for bilateral SLAs between networks that support the maximum priority, maximum quality service model is proposed, together with a methodology for implementing, based on the bilateral SLA, an end-to-end SLA over multiple domains. In an IP network, the introduction of a set of services classes with differing quality guarantees necessitates the application of differentiated pricing models that lead the users to the selection of the appropriate service class in order to maximize their perceived utility. Based on the principles of the DiffServ framework, the utility for each user is determined by the profile of his traffic and the quality of service he perceives. The proposed pricing model appoints the traffic profile as the parameter for negotiation between the user and the provider, after the user assesses the quality guarantees announced by the provider prior to the service provisioning. The innovation here lies in the introduction of externalities to the costs induced as well as the announcement of the actual prices upon which the user will eventually be charged. The externalities are imposed by the nature of the service models implemented according to the DiffServ framework.

Ποιότητα υπηρεσίας

IP δίκτυο

Χρέωση

004.65

Quality of service

IP network

Service level agreement

Pricing

Allocation optimale des ressources pour les applications et services de grille de calcul

Abdelhanine, Filali

January 2008

Mémoire numérisé par la Division de la gestion de documents et des archives de l'Université de Montréal

Bande passante

Bandwidth

Qualité de service

Quality of service

Programmation linéaire

Interger programming

Heuristiques

Heuristics

Contrat de niveau de service

Service level agreement

Gestion de données efficace, continue et fiable par coordination de services

Vargas-Solar, Genoveva

22 May 2014

The emergence of new architectures like the cloud open new challenges for data management. It is no longer pertinent to reason with respect a to set of computing, storage and memory resources, instead it is necessary to conceive algorithms and processes considering an unlimited set of resources usable via a "pay as U go model", energy consumption or services reputation and provenance models. Instead of designing processes and algorithms considering as threshold the resources availability, the cloud imposes to take into consideration the economic cost of the processes vs. resources use, results presentation through access subscription, and the parallel exploitation of available resources. Our research contributes to the construction of service based data management systems. The objective is to design data management services guided by SLA contracts. We proposed methodologies, algorithms and tools for querying, deploying and executing service coordinations for programming data management functions. These functions, must respect QoS properties (security, reliability, fault tolerance, dynamic evolution and adaptability) and behaviour properties (e.g., transactional execution) adapted to application requirements. Our work proposes models and mechanisms for adding these properties to new service based data management functions.

services bases de données

optimisation de requêtes

cloud

stockage

service level agreement

big data

Gerenciamento da capacidade produtiva de um sistema de educação a distância: coordenação das funções manutenção e gestão de contratos. / Capacity management of a distance education system: coordination of the maintenance and contract management functions.

Fernando Tobal Berssaneti

09 November 2006

Nos tempos atuais, cada vez mais as organizações têm investido em equipamentos e infra-estrutura de educação a distância (EAD). Grande parte dos estudos até hoje realizados dizem respeito a aspectos pedagógicos relacionados a esse tipo de sistema produtivo. Contudo, há poucos estudos dedicados a sua gestão. Esta dissertação busca, por meio de uma pesquisa à literatura pertinente, seguida de uma pesquisa de campo, sistematizar o conhecimento sobre a gestão de um sistema de operações de EAD, buscando formas para otimizar sua disponibilidade operacional. Ao longo do trabalho, a disponibilidade é tratada com um indicador de resultado de duas diferentes funções da organização: função gestão de contratos e função manutenção. A primeira diz respeito ao acordo de nível de serviço (SLA) firmado entre a organização foco deste estudo e um fornecedor de serviços de telecomunicações. A segunda função compreende a forma como são adotadas abordagens ou políticas de manutenção para os equipamentos utilizados para a execução desse tipo de serviço. Assim, descreve-se o contexto em que se inserem a disponibilidade e as duas funções a ela relacionadas e buscam-se formas para coordenar essas funções com o objetivo de otimizar a disponibilidade operacional do sistema produtivo. Algumas proposições foram estruturadas e verificadas numa organização, através da metodologia científica pesquisa-ação. Um instrumento referencial foi elaborado para amparar a pesquisa de campo visando facilitar a verificação das proposições propostas, além de colaborar para melhor atingir os objetivos propostos. A conclusão da pesquisa revela que as proposições de estudo não se confirmaram de forma plena, apontando para um sensível distanciamento entre teoria e pratica organizacional, deixando, assim, espaço aberto para novos estudos. / In present days, organizations are investing increasingly in equipment and infrastructure for distance education (DE). Great part of the studies carried out until today focus on the pedagogical aspects related to this type of productive system. However, there are few studies dedicated to its management. It is the goal of this study, through research in specific literature followed by a field research, to systemize the knowledge on management of an operational system for DE, searching for ways to optimize its operational availability. Throughout the work, the availability is considered a result indicator for two different functions of the organization: contract management function and maintenance function. The former one says respect to the service level agreement (SLA) firmed between the organization, focus of this study, and a supplier of telecommunications services. The latter is concerned with the ways that maintenance approaches and politics for the equipment involved in the execution of this type of service are adopted. Thus, the context in which the availability and both related functions are enclosed has been described and ways to co-ordinate these functions with the goal of optimizing the productive system operational availability is searched. The framework of some proposals was developed and verified in an organization through the scientific methodology ?Action Research?. A reference instrument was elaborated to support the field research aiming to ease the verification of the proposals that have been made, besides helping to achieve the proposed goal. The research conclusion discloses that the study proposals weren?t fully confirmed, leading to a considerable withdraw between organizational theory and practice, leaving, thus, an open space for new studies.

Acordos de nível de serviço

Educação a distância

Indicadores de produtividade

Organização da produção

Distance education

Production organization

Productivity measurement

Service level agreement

Vyhodnocování SLA nad HP Quality Center / Evaluating of SLA in HP Quality Center

Doubrava, Jan

January 2012

The objective of this thesis is to propose and describe the database, which enables to measure compliance of Service Level Agreement suppliers of software applications that work with HP Quality Center. The work describes specific solution used in project to implement a new core business system, describes requirements for functionality and use of result the solution. Briefly described is also HP Quality Center, the testing tool, from which are taken the input data and what possibility offers for monitoring the SLA. The proposed database allows calculation of the time which is actually spent by suppliers on solving the errors and comparison of calculated time with the defined SLA. It will also describe how to import data into the database and the basic reports, which are usable after implementation of the proposed solution.

Cognitive management of SLA in software-based networks / Gestion cognitive de SLA dans un contexte NFV

Bendriss, Jaafar

14 June 2018

L’objectif de la thèse est d’étudier la gestion de bout en bout des architectures à la SDN, et comment nos briques OSS (Operation Support System) doivent évoluer: cela implique d’étudier les processus métier associés, leurs implémentations ainsi que l’outillage nécessaire. Les objectifs de la thèse sont donc de répondre aux verrous suivants:1. Identifier les changements impliqués par l’émergence de ces réseaux programmables sur les architectures de gestions en termes d’exigences ou "requirements". L’étude peut être focalisée sur un type de réseau, mobile par exemple. 2. Identifier l’évolution à apporter aux interfaces de gestions actuelles: quelles alternatives aux FCAPS (fault, configuration, accounting, performance, and security) ? Quels changements à apporter aux couches de gestions allant du gestionnaire d’équipement ou "Element Management System" jusqu’au OSS ? / The main goal of the PhD activities is to define and develop architecture and mechanisms to ensure consistency and continuity of the operations and behaviors in mixed physical/virtual environments, characterized by a high level of dynamicity, elasticity and heterogeneity by applying a cognitive approach to the architecture where applicable. The target is then to avoid the "build it first, manage it later" paradigm. The research questions targeted by the PhD are the following: 1. Identify the changes on Network Operation Support Systems implementation when using SDN as a design approach for future networks. The study could be restricted to mobile networks for example, or sub-part of it (CORE networks, RAN, data centers, etc); 2.Identify the needed evolution at the management interfaces level: a. Shall we need alternative to the well-known FCAPS and do we still need the element management system? b. What will change to provision an SDN based service? c. How to ensure resiliency of SDN based networks?

SDN

NFV

Réseau de neurones artificiels

Gestion de réseaux

Niveau de service (SLA)

SDN

NFV

Artificial neural networks

Network management

Service level agreement

An Examination of Service Level Agreement Attributes that Influence Cloud Computing Adoption

Hamilton, Howard Gregory

01 June 2015

Cloud computing is perceived as the technological innovation that will transform future investments in information technology. As cloud services become more ubiquitous, public and private enterprises still grapple with concerns about cloud computing. One such concern is about service level agreements (SLAs) and their appropriateness. While the benefits of using cloud services are well defined, the debate about the challenges that may inhibit the seamless adoption of these services still continues. SLAs are seen as an instrument to help foster adoption. However, cloud computing SLAs are alleged to be ineffective, meaningless, and costly to administer. This could impact widespread acceptance of cloud computing. This research was based on the transaction cost economics theory with focus on uncertainty, asset specificity and transaction cost. SLA uncertainty and SLA asset specificity were introduced by this research and used to determine the technical and non-technical attributes for cloud computing SLAs. A conceptual model, built on the concept of transaction cost economics, was used to highlight the theoretical framework for this research. This study applied a mixed methods sequential exploratory research design to determine SLA attributes that influence the adoption of cloud computing. The research was conducted using two phases. First, interviews with 10 cloud computing experts were done to identify and confirm key SLA attributes. These attributes were then used as the main thematic areas for this study. In the second phase, the output from phase one was used as the input to the development of an instrument which was administered to 97 businesses to determine their perspectives on the cloud computing SLA attributes identified in the first phase. Partial least squares structural equation modelling was used to test for statistical significance of the hypotheses and to validate the theoretical basis of this study. Qualitative and quantitative analyses were done on the data to establish a set of attributes considered SLA imperatives for cloud computing adoption.

Computer Science

Information science

Information technology

cloud computing

information security

service level agreement

transaction cost economics

Business

Computer Sciences

Databases and Information Systems

Organisatoriska krav på molntjänster : En studie om företags kravställning och valmetodik vid anskaffandet av molntjänster.

Enqvist, Marcus, Peterson, Oscar

January 2019

Molntjänster spelar en betydande roll i dagens samhälle och används i såväl den privata sektorn som den offentliga. I och med den utbredda användningen har det ur ett organisationsperspektiv uppstått ett behov att utvärdera tjänsterna. Denna undersökning behandlar hur företags val av molntjänster går till i praktiken, vilka krav företag ställer på molntjänster, vilka krav företag anser vara viktigast, samt hur väl molntjänster lyckas bemöta dessa krav. Undersökningen utfördes genom intervjuer och en kvalitativ analys av tre företags situationer gällande molntjänster. Sammanfattningsvis dras slutsatsen att företagens val av molntjänstleverantör beror på en kombination av lock-ins och tidigare uppfattning av leverantören. Det visade sig att krav på säkerhet och foglighet var viktigast för alla tre företag, och att alla tre även rangordnat pålitlighet och tillförlitlighet som näst viktigast. Därefter skiljer sig rangordningen av kraven något mellan företagen, vilket bland annat beror på att deras kunder har olika krav på diverse faktorer. Vad gäller bemötandet av kraven från leverantören visade det sig att alla tre företag generellt upplever en stor nöjdhet för samtliga krav.

Cloud Computing

Service Level Agreement

Quality of Service

Requirements

Analytic Hierarchy Process

Information Systems, Social aspects

Gerenciamento de acordo de nível de serviço de segurança para computação em nuvem. / Management od security service level agreement for cloud computing.

Torrez Rojas, Marco Antonio

27 October 2016

O paradigma de computação em nuvem, por meio de seus modelos de serviço e implantação, apresenta para os provedores de serviço e consumidores benefícios e desafios. Um dos principais desafios apontados pela área de computação em nuvem é com relação à segurança da informação, especificamente a questão de conformidade com relação a contratos firmados entre o provedor e o consumidor. O acordo de nível de serviço (SLA) é um destes contratos, no qual são estabelecidos requisitos para a entrega e operação do serviço contratado pelo consumidor, bem como penalidades em caso de não atendimento a requisitos estabelecidos no contrato. Comumente, em um SLA definido entre provedor de serviço e consumidor as necessidades de disponibilidade e desempenho com relação ao serviço contratado são especificados, o que não ocorre com relação às necessidades de segurança. A necessidade de especificação de requisitos de segurança em um SLA, em especial confidencialidade e integridade, para o contexto de computação em nuvem, bem como arquiteturas de computação que tratem de requisitos de segurança em um SLA e efetuem o gerenciamento destes requisitos durante o ciclo de vida do SLA, encontram-se em evolução, se comparado aos requisitos de disponibilidade. Considerando a demanda crescente de incorporação de SLA de Segurança nos contratos de serviços de computação em nuvem, este trabalho tem como objetivo propor e avaliar um arcabouço de gerenciamento de serviços de computação em nuvem para o modelo de infraestrutura como serviço (IaaS), tendo como base requisitos de segurança especificados em um SLA, em especial os requisitos de confidencialidade e integridade. O gerenciamento proposto pelo arcabouço contempla as etapas do ciclo de vida de um SLA, que compreende as fases de: i) definir e especificar o SLA; ii) gerenciar e implantar o SLA; iii) executar e gerenciar o SLA e iv) finalizar o SLA. A validação do arcabouço proposto é realizada por meio da sua aplicação em um cenário de uso, onde será verificado o atendimento aos requisitos de segurança definidos e especificados no SLA. Para assegurar que o arcabouço proposto é seguro, bem como a sua integração com o ambiente de computação em nuvem é realizada análise de ameaças do arcabouço, e ações de mitigação apresentadas. Ao final, mostra-se que o arcabouço de gerenciamento proposto cumpre com os objetivos e requisitos propostos. / The cloud computing paradigm given its service and deployment models presents several benefits and challenges. One of the main challenges is related to information security, in particular, the compliance contracts between consumers and service provider. Service Level Agreements (SLAs) are contracts in which requirements about service operation and delivery as well as penalties in case of non-compliance of these requirements are defined. A SLA is usually defined in terms of availability and performance requirements, and data security requirements are normally not specified in details as these requirements. The need for security requirements specified in an SLA, especially confidentiality and integrity to the cloud computing paradigm, as well computing architectures to deal with SLA security requirements and management of cloud services based on SLA security requirements in an automated manner during its entire lifecycle are still in evolution, compared to availability requirements. In order to deal with these ineeds, this work aims to propose and evaluate a framework to orchestrate the management of cloud services for the infrastructure as a service (IaaS) based on SLA security requirements, specifically the confidentiality and integrity requirements. The management proposed by the framework comprehend the steps of the SLA lifecycle: i) SLA specification and definition; ii) SLA deployment and management; iii) SLA execute and monitoring; and iv) SLA termination. The validation of proposed framework is performed by its application in a usage scenario, checking the compliance with defined security requirements and specified in the SLA. To ensure the security of proposed framework and its cloud computing environment integration, a threat modeling is performed and mitigation actions are presented. At last, it is shown that the proposed management framework meets the specified framework requirements.

Acordo de nível de serviço

Cloud computing

Computação em nuvem (Segurança)

Gerenciamento de SLA de segurança

Security

Security SLA

Security SLA management

Service level agreement

SLA