Sec-SLA: especificação e validação de métricas para acordos de níveis de serviço orientados à segurança
Abstract
The adoption of service level agreements (SLAs) between companies and users has had a fast increase in the area of telecommunications. The reason for that increase is mainly due to the popularization of Internet and wide use of e-commerce in many enterprises. The majority of service level agreements, so far, have been predominantly concerned with telecommunications and other related aspects of service performance. Consequently, little consideration with the security exists in these contracts. This paper contributes for feeling this gap, in aspects of specification and validation of corresponding metrics, that can be used as inputs in the elaboration of security service level agreements (Sec-SLAs), internally or among organizations.References
A. Keller e G. Kar e H. Ludwig e A. Dan (2002). Managing Dynamic Services: A Contract Based Approach to a Conceptual Architecture. In: Proceedings of Network Operations and Management, pages 513–528. Florence, Italy.
Alexander Keller e Heiko Ludwig (2003). The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services. Journal of Network and Systems Management, 11(1):57–81.
Amitava Dutta-Roy (2000). The Cost of Quality in Internet Style Networks. IEEE Spectrum, 37(9):57–62.
Andre Van Der Walt (2003). Managed Security Services who needs it ? Computer Fraud and Security, 2003(8):15–17.
Avrahan Left e James Rayfield (2003). Service Level Agreements and Commercial Grids. IEEE Internet Computing, 7(4):44–50.
Carl E. Landwehr (2001). Computer security. International Journal of Information Security, 1(1):3–13.
Dinesh Verma (1999). Supporting Service Level Agreements on IP Networks. New Riders, Indianapolis, US. ISBN: 1-57870-146-5.
Guilherme Rhoden e Edison Lopes Melo e Carlos Westphall (2002). Deteccao de intrusoes em backbones de redes de computadores atraves da analise de comportamento com SNMP. In: 20 Simposio Brasileiro de Redes de Computadores. Workshop em Seguranca de Sistemas Computacionais., pages 9–16. Buzios, Brasil.
Gunther Pernul (1995). Information Systems Security: Scope, State-of-the-art, and Evaluation of Techniques. International Journal of Information Management, 15(3):239– 255.
H. Venter e J. Eloff (2003). A taxonomy for information security technologies. Computers & Security, 22(4):299–307.
Jacques Bouman e Jos Trienekens (1999). Specification of Service Level Agreements, Clarifying Concepts on the Basis of Practical Research. In: Proceedings of Software Technology and Engineering Practice STEP, pages 169–178.
Janusz Gozdecki e Andrezej Jajszczyk (2003). Quality of Service Terminology in IP Networks. Communications Magazine IEEE, 41(3):153–159.
Jean Pierre Courtiat (2001). Qualidade de Servico no Mundo IP. Minicurso Simposio Brasileiro de Redes de Computadores (SBRC). Florianopolis, Brasil.
Joaquim Quinteiro Uchoa (2001). Políticas de Seguranca e Políticas de Uso. Simposio de Seguranca em Informatica (SSI). Sao Jose dos Campos, Brasil.
Luciano P. Gaspary e Leonardo L. Fagundes (2003). Avancos Rumo a Integracao de Tecnologias de Gerenciamento de Redes e Seguranca. Minicurso da Escola Regional de Redes de Computadores ERRC. PUCRS, Porto Alegre, Brasil.
Michael E. Whitman (2003). Enemy at the Gate: Threats to Information Security. Communications of the ACM, 46(8):91–95.
Nathan J. Muller (1999). Managing Service Level Agreements. International Journal of Network Management, 9(3):155–166.
Philip C. Hyland e Ravi Sandhu (1998). Management of Network Security Applications. In: Proceedings of 21st NIST-NCSC National Information Systems Security Conferense, pages 154–168. Virginia, US.
Ronda R. Henning (2000). Security Service Level Agreements: Quantifiable Security for the Enterprise? In: Proceedings of the workshop on New security paradigms, pages 54–60. ISBN:1-58113-149-6.
SANS Institute (2003). The Twenty Most Critical Internet Security Vulnerabilities. Acesso via internet. Disponível em: http://www.sans.org/top20/.
SLA Management Team (2001). SLA Management Handbook. TeleManagement Forum. Public Evaluation, Version 1.5 GB 917.
William Stallings (2003). Crytography and Network Security, page 44. Prentice Hall, New Jersey, United States, 3th edition. ISBN: 0-13-091429-0.
Alexander Keller e Heiko Ludwig (2003). The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services. Journal of Network and Systems Management, 11(1):57–81.
Amitava Dutta-Roy (2000). The Cost of Quality in Internet Style Networks. IEEE Spectrum, 37(9):57–62.
Andre Van Der Walt (2003). Managed Security Services who needs it ? Computer Fraud and Security, 2003(8):15–17.
Avrahan Left e James Rayfield (2003). Service Level Agreements and Commercial Grids. IEEE Internet Computing, 7(4):44–50.
Carl E. Landwehr (2001). Computer security. International Journal of Information Security, 1(1):3–13.
Dinesh Verma (1999). Supporting Service Level Agreements on IP Networks. New Riders, Indianapolis, US. ISBN: 1-57870-146-5.
Guilherme Rhoden e Edison Lopes Melo e Carlos Westphall (2002). Deteccao de intrusoes em backbones de redes de computadores atraves da analise de comportamento com SNMP. In: 20 Simposio Brasileiro de Redes de Computadores. Workshop em Seguranca de Sistemas Computacionais., pages 9–16. Buzios, Brasil.
Gunther Pernul (1995). Information Systems Security: Scope, State-of-the-art, and Evaluation of Techniques. International Journal of Information Management, 15(3):239– 255.
H. Venter e J. Eloff (2003). A taxonomy for information security technologies. Computers & Security, 22(4):299–307.
Jacques Bouman e Jos Trienekens (1999). Specification of Service Level Agreements, Clarifying Concepts on the Basis of Practical Research. In: Proceedings of Software Technology and Engineering Practice STEP, pages 169–178.
Janusz Gozdecki e Andrezej Jajszczyk (2003). Quality of Service Terminology in IP Networks. Communications Magazine IEEE, 41(3):153–159.
Jean Pierre Courtiat (2001). Qualidade de Servico no Mundo IP. Minicurso Simposio Brasileiro de Redes de Computadores (SBRC). Florianopolis, Brasil.
Joaquim Quinteiro Uchoa (2001). Políticas de Seguranca e Políticas de Uso. Simposio de Seguranca em Informatica (SSI). Sao Jose dos Campos, Brasil.
Luciano P. Gaspary e Leonardo L. Fagundes (2003). Avancos Rumo a Integracao de Tecnologias de Gerenciamento de Redes e Seguranca. Minicurso da Escola Regional de Redes de Computadores ERRC. PUCRS, Porto Alegre, Brasil.
Michael E. Whitman (2003). Enemy at the Gate: Threats to Information Security. Communications of the ACM, 46(8):91–95.
Nathan J. Muller (1999). Managing Service Level Agreements. International Journal of Network Management, 9(3):155–166.
Philip C. Hyland e Ravi Sandhu (1998). Management of Network Security Applications. In: Proceedings of 21st NIST-NCSC National Information Systems Security Conferense, pages 154–168. Virginia, US.
Ronda R. Henning (2000). Security Service Level Agreements: Quantifiable Security for the Enterprise? In: Proceedings of the workshop on New security paradigms, pages 54–60. ISBN:1-58113-149-6.
SANS Institute (2003). The Twenty Most Critical Internet Security Vulnerabilities. Acesso via internet. Disponível em: http://www.sans.org/top20/.
SLA Management Team (2001). SLA Management Handbook. TeleManagement Forum. Public Evaluation, Version 1.5 GB 917.
William Stallings (2003). Crytography and Network Security, page 44. Prentice Hall, New Jersey, United States, 3th edition. ISBN: 0-13-091429-0.
Published
2004-05-10
How to Cite
RIGHI, Rafael R.; PELLISSARI, Felipe R.; WESTPHALL, Carlos B..
Sec-SLA: especificação e validação de métricas para acordos de níveis de serviço orientados à segurança. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 4. , 2004, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2004
.
p. 107-118.
DOI: https://doi.org/10.5753/sbseg.2004.21230.
