A Comprehensive Study on the Security Framework in Cloud ... - ijcst

3 downloads 0 Views 228KB Size Report
Abstract. Service Level Agreement (SLA) is defined as a legal agreement between the service provider and customer, the dynamic nature of. Cloud Computing ...
IJCST Vol. 6, Issue 3, July - Sept 2015

ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)

A Comprehensive Study on the Security Framework in Cloud Computing 1

Satinder Kaur, 2Dr. Sawtantar Singh Khurmi

Dept. of Computer Applications, Sri Guru Granth Sahib World Univ., Punjab, India Head, Dept. of Computer Science, Bhai Maha Singh College of Engineering, Mukatsar, Punjab, India 1


Abstract Service Level Agreement (SLA) is defined as a legal agreement between the service provider and customer, the dynamic nature of Cloud Computing needs to continue monitoring of the services. Design of such agreement aim is to maximize the profit to provider as well as assured availability of services to customer. However the restricted choice of appropriate parameters in SLA affects the interacting of end user with cloud services and creates risks of user data.End users are concerned about their data and how it will be stored in cloud and how the data is recovered in the case of failure of disaster. However in reality, none of the SLA considers user perspective while conducting SLA.This paper will discuss about importance of the Parameter while conducting SLA. Keywords Service Level Agreement (SLA), Cloud Computing I. Introduction Cloud Computing becomes the hottest topics in today’s technology .It provides online services as pay-as-you-use basis. Many of the top most IT companies have started implementing the concept of the Cloud Computing. But security is the root cause for any company to think about before adopting Cloud Computing. So, one of the major areas to be discussed in cloud computing is Security, Privacy and Confidentiality of data.Customer doesn’t know about his/her data, how data is stored and who has access to this data. But because of the dynamic nature of the cloud environment makes it difficult for cloud providers to observe current data protection regulations and privacy policies. One method of ensuring that the client receives the correct services best suited according to its needs is the Service Level Agreement (SLA);SLA is defined as a “documented agreement between the Service Provider and Customer”. It is composed of Service Level Objective (SLO),which measures the quality of services by SLA parameters. Hence formalized and competitive SLA which satisfies both the customer and provider is essential. So the main concept in this paper will be SLA and the various parameters in SLA. II. Service Level Agreement The Objective to establish SLA is to improve the Quality of the services. However SLA defined as the expectations among two or more parties regarding service quality, priorities and responsibilities. The Cloud Standards Customer Council views cloud SLA as written expectations for services between cloud consumer and providers. An SLA is not a one-way solution. One party — the cloud service provider, for example — shouldnot impose decisions about how things should be done, particularly when the other party — thecloud service customer, for example — has different expectations about how the SLA should beformulated.

w w w. i j c s t. c o m

An SLA isn't a quick solution. Rushing the process of negotiating the terms and conditions in theSLA doesn't give enough time for the parties to understand each other's expectations particularlywhen each party has a different perception of what a certain terminology stands for.However the concept of "everything-as- services" offered by in cloud manner, this paradigm has made the establishment of SLA more challenging and makes the relation among the cloud providers and users getting more complex. III. SLA Best Practice Best practices are used to describe the process of developing and following a standard way ofdoing things that multiple customers can use. When the customer agrees on the standard way of usingterminologies when negotiating SLAs, they contribute to the process of SLA standardization. The Cloud Standards Custom Council provides cloud consumers with the seven steps theyshould take when evaluating cloud SLAs to help them know what to expect when comparing cloudservice providers or negotiating terms with a provider, as detailed in Practical Guide to CloudService Level Agreements, published by the Cloud Standards Customer Council in April 2012. Step 1: Identify the cloud actors The first step is to identify the cloud actors. The National Institute of Standards and Technology(NIST) Reference Architecture identifies five unique cloud actors: • • • • •

Cloud consumer Cloud provider Cloud carrier Cloud broker Cloud auditor

Each actor has a unique role and responsibilities. Only the first three have relationships withone another regarding the terms and conditions in the SLAs. Step 2: Evaluate business level policies It includes data and business level policies, which can be clarified by the following questions asked by the customer. Data Policy: i) What are the cloud preservation strategy - backup, restore & integrity check?, ii) Which jurisdiction and law should follow, if data spans in several locations or in case of data theft/ loss?, iii) If SLA is terminated / expired, how long the data resides before consumer find alternative options? Business Policy: i) What happens if the services are consumed beyond the SLA and how the charges will be? , ii) When will SLA get activated /enforced? e.g., immediately after signing the SLA or when the consumer accesses the service for the very first time? iii)How to make the payment (Monthly/Quarterly/Yearly) or advanced reservation/on-demand ,auto-debit from the customer credit card, iv) If there is any change in the services (add/ delete/ International Journal of Computer Science And Technology   49

ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)

IJCST Vol. 6, Issue 3, July - Sept 2015

update) ,then what is the impact in SLA ? , v) What are the renewal policies exists -Auto renewal, bargaining mechanisms, vi) what are the different levels of support (based on severity/priority) by the provider for the production issues? vii) What is the target time (Hours/Day/week) to resolve it? Step 3: Understand SaaS, PaaS and IaaS The third step is to understand what SaaS, PaaS, and IaaS are about and which type of cloud it isrunning on (private public or hybrid). Terms and conditions in the SLA depend on the complexity ofcontrol variables that the provider gives to the customer. The SLA for the SaaS is not as complex as the SLA for the PaaS. The only control the SaaScustomer (end users) has is to access the SaaS application, while the PaaS customer (developers) has controls over the application development life cycle but not the virtual machines.The SLA for the IaaS is the most complex as the IaaS consumers (infrastructure specialists) havecontrol over the virtual machines but not physical infrastructure. Step 4: Metrics It includes the critical metrics such as availability and response time. Availability for various services has to be computed differently in the SLA. Step 5: Security Security and privacymetrics are required in order to protect the data against unauthorized access. Security comprises of confidentiality, Integrity, authentication & access control mechanisms. Each country has a different set of privacy regulations than another country. For this reason, the customer should know in which country the data would be stored in the cloud. One country mayprohibit certain privacy data from outside the country, while another country may allow externalprivacy data. Step 6: Identify service management requirements They include what should be monitored and reported(for example, load performance, application performance), and what should be metered. They alsoinclude how rapid provisioning should be (speed, testing, demand flexibility) and how resourcechange should be managed. Step 7: Prepare for and manage service failure The final step is to prepare for and manage service failure, determining what remedies should beprovided. How the disaster recovery plan will work when needed. The planshould define what service outage is, how unexpected incidents will be handled, and what actions need to be taken when the service disruption is prolonged. IV. Service Level Agreement Parameters It consists of set of measurable attributes known as SLA Parameters which is composed of Service Level Objectives (SLO) , which is used to measure the quality of service.There are examples include the parameters of throughput and timing, also the percentage of availability of virtual machines and other resources. The identified set of parameters have categorized into two sets: The first set of parameters obtained from the SLA description and named as Pre-SAL parameters. These parameters are obtained in trust estimation before signing the SLA contract, which can to help to build the customer’s initial trust on the cloud provider.


International Journal of Computer Science And Technology

However, most of cloud service providers focus only on small set of parameters,namely Availability, request completion rate and response time.By comparing the services provided by various companies like Amazon, Rackspace, Microsoft, etc., the study highlighted that none of those providers offer any performance guarantee for the services.The problems and unfulfilled expectations during accomplishing the SLA are the result of poor choice of parameters. The Table given below list out variousparameters which can be used for Managing and monitoring the Quality of services delivered by cloud providers. Table 1: Parameter Availability Scalability Portability Performance Security Reliability Usability

Backup & Recovery Data location

Description The uptime of the services for the user in specific time Ability to increase and decrease the storage space The services working on different devices or different platforms The duration of time to respond on user's requests The security of user data and the safety of the environment in the cloud Services ability to operate over the time without failure The ability of the service to be attractive ,understandable, learnable, operable How the Service store the image of user data and the ability to recover data in disaster Availability zones in which the data are stored

V. Conclusion SLA play a very important role in cloud computing. SLA can guarantee the services provided to the Customer and protecting data by applying appropriate parameters. This paper introduces the various clouds SLA parameter, these parameters has been selected based on the risks facing the user during interacting with cloud. References [1] Ghosh, N. S.K. Ghosh. An approach to identify and monitor SLA parameters for storage-as-a-service cloud delivery model. inGlobecom Workshops (GC Wkshps), 2012 IEEE. 2012. IEEE. [2] Baset, S.A., Cloud SLAs: present and future. ACM SIGOPS Operating Systems Review, 2012. 46(2): p. 57-66. [3] Ben Pring, C.A., William Maurer, Alexa Bona, Best Practices for Service-Level Agreementsfor Software as a Service, 2010, Gartner Stamford. p. 10. [4] Alhamad, M., T. Dillon, and E. Chang. Conceptual SLA framework for cloud computing. inDigital Ecosystems and Technologies (DEST), 2010 4th IEEE International Conference on. 2010. IEEE. [5] Rady, M., Parameters for Service Level Agreements Generation in Cloud Computing, in Advances in Conceptual Modeling2012, Springer. p. 13-22. w w w. i j c s t. c o m

ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print)

IJCST Vol. 6, Issue 3, July - Sept 2015

[6] Chauhan, T., et al. Service level agreement parameter matching in cloud computing. inInformation and Communication Technologies (WICT), 2011 World Congress on. 2011. IEEE. [7] Nie, G., E. Xueni, and D. Chen, Research on Service Level Agreement in Cloud Computing, in Advances in Electric and Electronics2012, Springer. p. 39-43. [8] Chakraborty, S. and K. Roy. An SLA-based Framework for Estimating Trustworthiness of a Cloud. inTrust, Security and Privacy in Computing and cloud computing. inDigital Ecosystems and Technologies (DEST), 2010 4th IEEE International Conference on. 2010. IEEE. [9] The CSCC Practical Guide to Cloud Service Level Agreements v1.0,” Cloud Standards Customer Council, 2012. [10] [Online] Availble: http://www.cloudstandardscustomer council.org/2012_Practical_Guide_to_Cloud_SLAs.pdf [11] Busalim.H, et.al , SERVICE LEVEL AGREEMENT PARAMETERS FOR ECOMMERCE CLOUD, in International Journal of Scientific Knowledge Computing and Information Technology 2014, 4(6), p-8-20 [12] Best practices to develop SLAs for cloud computing ibm. com/developerWorks/ [13] K Saravanan, M Rajaram,An Exploratory Study of Cloud Service Level Agreements - State of the Art Review,in KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS2015, 9(3), p-843-871.

w w w. i j c s t. c o m

International Journal of Computer Science And Technology   51