Uma Arquitetura para Auditoria de Nível de Serviço para Computação em Nuvem
Abstract
This paper's purpose is a multiparty Service Level Agreement (SLA) for cloud computing auditing. Audits are performed on the IaaS provider, IaaS contractor (SaaS provider) and SaaS client. The objective is to audit the cloud environment problems, internally and externally, in an unquestionable way by the parties. The proposal uses inspectors (auditing collector agents) and an independent auditor (third party), capable of identifying SLA deviations through information collected in the parties' environments. The results show that it is possible to audit and diagnose problems in the cloud by combining information from the parties with the independent auditing, in addition to avoiding conflicts of interest of the inspectors.
References
BARBOSA, AC; SAUVÉ, J.; CIRNE, W.; CARELLI, M. (2006). Evaluating architectures for independently auditing service level agreements, Elsevier FGCS, 22, 7, 721-731.
BUYYA, R.; YEO CS.; VENUGOPAL, S. (2008). Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities, High Performance Computing and Communications. Proc. HPCC, pp. 25-27.
CHEN, Y. PAXSON, V., Katz R.H. (2011). New About Cloud Computing Security?, University of California at Berkeley, disponível em <https://eecs.berkeley.edu>. Acesso Fev. 2012.
CHOW, R.; GOLLE, P.; JAKOBSSON, M.; SHI, E.; STADDON, J.; MASUOKA, R.; MOLINA, J. (2009). Controlling data in the cloud: outsourcing computation without outsourcing control. Proceedings of ACM CCSW. ACM, pp. 85-90.
COMUZZI, M; KOTSOKALIS, C.; SPANOUDAKIS, G.; YAHYAPOUR, R. (2009). Establishing and Monitoring SLAs in complex Service Based Systems. ICWS, pp.783-790.
CSA GRC STACK RESEARCH GROUP. (2010). Cloud Security Alliance GRC Stack, disponível em: <https://cloudsecurityalliance.org/research/projects/grc-stack>. Acesso: Jan. 2012.
CSA RESEARCH GROUP. (2010). Guia de Segurança para Áreas Críticas Focado em Computação em Nuvem, disponível: <https://cloudsecurityalliance.org/guidance>. Acesso em Dez. 2012.
EMEAKAROHA, VC.; BRANDIC, I.; MAURER, M.; DUSTDAR, S. (2010). Low Level Metrics to High Level SLAs LoM2HiS Framework: Bridging the GapBetween Monitored Metrics and SLA Parameters in Cloud Environments. Proc. HPCS, pp.48-54.
FIEDLER, M.; HOSSFELD, T.; PHUOC, TG. (2010). A generic quantitative relationship between quality of experience and quality of service, Network, IEEE, 24, 2, pp. 36-41.
GUO, Z.; SONG, M.; SONG, J. (2010). A Governance Model for Cloud Computing, Proc. MASS, pp.1-6.
HAEBERLEN, A. (2010). A Case for the Accountable Cloud, ACM SIGOPS Operating Systems Review, 44, 2, pp. 52-57.
HUBBARD, D; SUTTON, M. (2012). Top Threats to Cloud Computing, Cloud Security Alliance, disponível em: <https://cloudsecurityalliance.org/topthreats>. Acesso em Fev. 2012.
IDC. (2010). It cloud services user survey, pt.2: Top benefits & challenges, disponível em: <https://blogs.idc.com/ie/?p=210>. Acesso em Dez. 2011.
JANSEN, W.; GRANCE, T.(2011). Guidelines on Security and Privacy in Public Cloud Computing, disponível em: <https://nist.gov.br>. Acesso em Nov. 2011.
LANDWEHR, C.E. (2001). Computer Security, International Journal of Information Security, Springer Berlin / Heidelberg, pp. 3-13.
MELL, P; GRANCE T.(2011). The NIST Definition of Cloud Computing, disponível em <https://nist.gov>. Acesso em Out. 2011.
MOORSEL, AV. (2001). Metrics for the Internet Age: Quality of Experience and Quality of Business, disponível em: <https://www.hp.com>. Acesso em Mai 2012.
NURMI, D.; WOLSKI, R.; GRZEGORCZYK, C.; OBERTELLI, G.; SOMAN, S.; YOUSEFF, L.; ZAGORODNOV, D. (2009). The Eucalyptus Open-Source Cloud-Computing System. Proc. of IEEE/ACM CCGRID. IEEE Computer, pp. 124-131.
OPEN CLOUD STANDARDS INCUBATOR – DMTF. (2010). Architecture for Managing Clouds, disponível em: <https://www.dmtf.org>. Acesso em Jan. 2012.
SAUVÉ, J., MARQUES, F.; MOURA, A.; SAMPAIO, M.; JORNADA, J.; RADZIUK, E.; SCHÖNWÄLDER, J. (2005). SLA design from a business perspective, Ambient Networks Lecture Notes in Computer Science, Springer Berlin / Heidelberg, pp. 72-83.
SKENE, J.; RAIMONDI, F.; EMMERICH, W. (2010). Service-Level Agreements for Electronic Services, IEEE Transactions on Software Engineering, 36, 2, pp. 288-304.
WLOKA J., SRIDHARAN, M., TIP, F. (2009). Refactoring for reentrancy. Proc. ACM SIGSOFT and ESEC/FSE. ACM, pp. 173-182.
BUYYA, R.; YEO CS.; VENUGOPAL, S. (2008). Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities, High Performance Computing and Communications. Proc. HPCC, pp. 25-27.
CHEN, Y. PAXSON, V., Katz R.H. (2011). New About Cloud Computing Security?, University of California at Berkeley, disponível em <https://eecs.berkeley.edu>. Acesso Fev. 2012.
CHOW, R.; GOLLE, P.; JAKOBSSON, M.; SHI, E.; STADDON, J.; MASUOKA, R.; MOLINA, J. (2009). Controlling data in the cloud: outsourcing computation without outsourcing control. Proceedings of ACM CCSW. ACM, pp. 85-90.
COMUZZI, M; KOTSOKALIS, C.; SPANOUDAKIS, G.; YAHYAPOUR, R. (2009). Establishing and Monitoring SLAs in complex Service Based Systems. ICWS, pp.783-790.
CSA GRC STACK RESEARCH GROUP. (2010). Cloud Security Alliance GRC Stack, disponível em: <https://cloudsecurityalliance.org/research/projects/grc-stack>. Acesso: Jan. 2012.
CSA RESEARCH GROUP. (2010). Guia de Segurança para Áreas Críticas Focado em Computação em Nuvem, disponível: <https://cloudsecurityalliance.org/guidance>. Acesso em Dez. 2012.
EMEAKAROHA, VC.; BRANDIC, I.; MAURER, M.; DUSTDAR, S. (2010). Low Level Metrics to High Level SLAs LoM2HiS Framework: Bridging the GapBetween Monitored Metrics and SLA Parameters in Cloud Environments. Proc. HPCS, pp.48-54.
FIEDLER, M.; HOSSFELD, T.; PHUOC, TG. (2010). A generic quantitative relationship between quality of experience and quality of service, Network, IEEE, 24, 2, pp. 36-41.
GUO, Z.; SONG, M.; SONG, J. (2010). A Governance Model for Cloud Computing, Proc. MASS, pp.1-6.
HAEBERLEN, A. (2010). A Case for the Accountable Cloud, ACM SIGOPS Operating Systems Review, 44, 2, pp. 52-57.
HUBBARD, D; SUTTON, M. (2012). Top Threats to Cloud Computing, Cloud Security Alliance, disponível em: <https://cloudsecurityalliance.org/topthreats>. Acesso em Fev. 2012.
IDC. (2010). It cloud services user survey, pt.2: Top benefits & challenges, disponível em: <https://blogs.idc.com/ie/?p=210>. Acesso em Dez. 2011.
JANSEN, W.; GRANCE, T.(2011). Guidelines on Security and Privacy in Public Cloud Computing, disponível em: <https://nist.gov.br>. Acesso em Nov. 2011.
LANDWEHR, C.E. (2001). Computer Security, International Journal of Information Security, Springer Berlin / Heidelberg, pp. 3-13.
MELL, P; GRANCE T.(2011). The NIST Definition of Cloud Computing, disponível em <https://nist.gov>. Acesso em Out. 2011.
MOORSEL, AV. (2001). Metrics for the Internet Age: Quality of Experience and Quality of Business, disponível em: <https://www.hp.com>. Acesso em Mai 2012.
NURMI, D.; WOLSKI, R.; GRZEGORCZYK, C.; OBERTELLI, G.; SOMAN, S.; YOUSEFF, L.; ZAGORODNOV, D. (2009). The Eucalyptus Open-Source Cloud-Computing System. Proc. of IEEE/ACM CCGRID. IEEE Computer, pp. 124-131.
OPEN CLOUD STANDARDS INCUBATOR – DMTF. (2010). Architecture for Managing Clouds, disponível em: <https://www.dmtf.org>. Acesso em Jan. 2012.
SAUVÉ, J., MARQUES, F.; MOURA, A.; SAMPAIO, M.; JORNADA, J.; RADZIUK, E.; SCHÖNWÄLDER, J. (2005). SLA design from a business perspective, Ambient Networks Lecture Notes in Computer Science, Springer Berlin / Heidelberg, pp. 72-83.
SKENE, J.; RAIMONDI, F.; EMMERICH, W. (2010). Service-Level Agreements for Electronic Services, IEEE Transactions on Software Engineering, 36, 2, pp. 288-304.
WLOKA J., SRIDHARAN, M., TIP, F. (2009). Refactoring for reentrancy. Proc. ACM SIGSOFT and ESEC/FSE. ACM, pp. 173-182.
Published
2012-11-19
How to Cite
BACHTOLD, Juliana; SANTIN, Altair O.; STIHLER, Maicon; MARCON JR, Arlindo L.; VIEGAS, Eduardo.
Uma Arquitetura para Auditoria de Nível de Serviço para Computação em Nuvem. In: BRAZILIAN SYMPOSIUM ON INFORMATION AND COMPUTATIONAL SYSTEMS SECURITY (SBSEG), 12. , 2012, Curitiba.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2012
.
p. 263-276.
DOI: https://doi.org/10.5753/sbseg.2012.20551.
