CSA Press Release on SPECS July 2014
Featured Research: SPECS – Secure Provisioning of Cloud Services based on SLA management
(reprinted from CSA with permission)
The press release by partner CSA was published on July 2014 and was useful to disseminate the general information related to the project (objectives, partners, duration), to the CSA membership.
Providing comprehensible and enforceable security assurance by CSP’s is a critical factor to deploy trustworthy Cloud ecosystems. SPECS will develop and implement an open source framework to offer Security-as-a-Service, by relying on the notion of security parameters specified in Service Level Agreements (SLA) and providing the techniques to systematically manage their life-cycle.
The SPECS framework addresses both CSP’s and users by providing techniques and tools for:
- Enabling user-centric negotiation of security parameters in Cloud SLA, along with a trade-off evaluation process among users and CSPs, in order to compose Cloud services fulfilling a minimum required security level.
- Monitoring in real-time the fulfillment of SLAs agreed with CSPs, notifying both users and CSPs, when SLAs are not being fulfilled.
- Enforcing agreed SLA in order to keep a sustained Quality of Security (QoSec) that fulfills the specified security parameters. SPECS’ enforcement framework will also “react and adapt” in real-time to fluctuations in the QoSec by advising/applying the requisite countermeasures.
The proposed framework will be based on an open-source core and will offer simple interfaces to motivate its adoption. It will offer a set of reusable PaaS components for service developers to enable them to integrate SPECS’ SLA-oriented security mechanisms into existing Cloud services.
Using real case studies SPECS will demonstrate that the contributed framework and architecture can be integrated “as-a-Service” into real life Cloud environments, with a particular emphasis on small/medium/federated CSP and end users.
CSA will collaborate towards the elicitation of security requirements for the whole SPECS’ project (PaaS, negotiation, monitoring, enforcement and use cases). Also, CSA will be involved in the design, development and testing of SPECS’ monitoring services, which take into account CSA’s Cloud Trust Protocol. Finally, CSA will also lead the tasks related with standardization, dissemination and exploitation of the obtained results.
SPECS is a 30-month duration project, that started in November 2013.
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.