A broker-based framework for standardization and management of Cloud Security-SLAs

Security is still one of the main barriers discouraging companies and businesses which deal with sensitive information and confidential data from migrating toward the Cloud. Recent efforts have tried to specify the security level of the Cloud service with the help of Security Service Level Agreements (Security-SLAs). However, Security-SLAs in their current format and with their present terms are not fully measurable and are hard to monitor. Quantification and standardization of Security-SLAs will surely speed up the Cloud adoption process and attract more customers to benefit from the advantages of Cloud computing in a more confident and secure fashion. In this paper, we propose a broker-based framework that manages the Cloud Security-SLA. We first develop a standard, quantitative, and measurable form to represent the agreement. Then we propose an evaluation and selection model that is fundamentally based on computing the adequate trade-off between the security CIA triad attributes (Confidentiality, Integrity, and Availability) in the context of a multi-objective optimization problem. Simulation results show the set of Pareto-optimal solutions and how the customer can select the most suitable service provider using higher level information that is related to the nature of the service and financial cost.