The growing markets of Cloud services and IoT platforms have dramatically raised system flexibility and deployment options. However, increasing complexity and dependency on third-party providers make it difficult to assess the security and privacy levels that distributed systems can offer to their users. In the last years, machine-readable Service Level Agreements (SLAs) have been studied as an optimal method for copying with security and privacy policies. Still, the computation of the SLAs of applications distributed in diverse infrastructures remains a challenging task. This paper presents a methodology to compose security SLAs (SecSLAs) and privacy SLAs (PLAs) of Cloud-based IoT applications on top of standard controls. The composition considers individual components’ SLAs and the control delegation relationships between the components with respect to different types of controls (common, system-specific or hybrid controls). Furthermore, we propose a technique to calculate the Service Level Objectives (SLO) of the controls declared in the composite SLA based on the SLOs granted by individual components. Finally, the paper presents the validation of the methodology carried out to create the SecSLAs and PLAs of a real multiCloud-based IoT application in the eHealth domain.

Security and Privacy Service Level Agreement composition for Internet of Things systems on top of standard controls / Rios, E.; Higuero, M.; Larrucea, X.; Rak, M.; Casola, V.; Iturbe, E.. - In: COMPUTERS & ELECTRICAL ENGINEERING. - ISSN 0045-7906. - 98:(2022), p. 107690. [10.1016/j.compeleceng.2022.107690]

Security and Privacy Service Level Agreement composition for Internet of Things systems on top of standard controls

Rak M.;Casola V.;
2022

Abstract

The growing markets of Cloud services and IoT platforms have dramatically raised system flexibility and deployment options. However, increasing complexity and dependency on third-party providers make it difficult to assess the security and privacy levels that distributed systems can offer to their users. In the last years, machine-readable Service Level Agreements (SLAs) have been studied as an optimal method for copying with security and privacy policies. Still, the computation of the SLAs of applications distributed in diverse infrastructures remains a challenging task. This paper presents a methodology to compose security SLAs (SecSLAs) and privacy SLAs (PLAs) of Cloud-based IoT applications on top of standard controls. The composition considers individual components’ SLAs and the control delegation relationships between the components with respect to different types of controls (common, system-specific or hybrid controls). Furthermore, we propose a technique to calculate the Service Level Objectives (SLO) of the controls declared in the composite SLA based on the SLOs granted by individual components. Finally, the paper presents the validation of the methodology carried out to create the SecSLAs and PLAs of a real multiCloud-based IoT application in the eHealth domain.
2022
Security and Privacy Service Level Agreement composition for Internet of Things systems on top of standard controls / Rios, E.; Higuero, M.; Larrucea, X.; Rak, M.; Casola, V.; Iturbe, E.. - In: COMPUTERS & ELECTRICAL ENGINEERING. - ISSN 0045-7906. - 98:(2022), p. 107690. [10.1016/j.compeleceng.2022.107690]
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/882225
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 2
social impact