Security and Privacy Service Level Agreement composition for Internet of Things systems on top of standard controls. (March 2022)
- Record Type:
- Journal Article
- Title:
- Security and Privacy Service Level Agreement composition for Internet of Things systems on top of standard controls. (March 2022)
- Main Title:
- Security and Privacy Service Level Agreement composition for Internet of Things systems on top of standard controls
- Authors:
- Rios, Erkuden
Higuero, Mariví
Larrucea, Xabier
Rak, Massimiliano
Casola, Valentina
Iturbe, Eider - Abstract:
- Highlights: This paper proposes a solution to obtain the security and privacy levels that can be granted by Cloud-based IoT critical infrastructures, such as healthcare systems composed of multiple components in Cloud and IoT devices. Particularly, this paper presents a methodology to compose Security Service Level Agreements (SecSLAs) and Privacy SLAs (PLAs) of Cloud-based IoT applications on top of standard controls, which aid in the formalization and assessment of the security and privacy levels of these composite applications. The methodology includes a technique to quantitatively compute the Service Level Objectives (SLO) of the controls declared in the Composed SLA, based on the SLOs granted by individual components. The method relies on the analysis of the relationships between the application components and the security controls implementation. For each component a preliminary SLA template is built, based on security self-assessment techniques. Finally, the paper presents the validation of the methodology showing the creation of the SecSLAs and PLAs of a real multiCloud-based IoT application in the eHealth domain. Abstract: The growing markets of Cloud services and IoT platforms have dramatically raised system flexibility and deployment options. However, increasing complexity and dependency on third-party providers make it difficult to assess the security and privacy levels that distributed systems can offer to their users. In the last years, machine-readable ServiceHighlights: This paper proposes a solution to obtain the security and privacy levels that can be granted by Cloud-based IoT critical infrastructures, such as healthcare systems composed of multiple components in Cloud and IoT devices. Particularly, this paper presents a methodology to compose Security Service Level Agreements (SecSLAs) and Privacy SLAs (PLAs) of Cloud-based IoT applications on top of standard controls, which aid in the formalization and assessment of the security and privacy levels of these composite applications. The methodology includes a technique to quantitatively compute the Service Level Objectives (SLO) of the controls declared in the Composed SLA, based on the SLOs granted by individual components. The method relies on the analysis of the relationships between the application components and the security controls implementation. For each component a preliminary SLA template is built, based on security self-assessment techniques. Finally, the paper presents the validation of the methodology showing the creation of the SecSLAs and PLAs of a real multiCloud-based IoT application in the eHealth domain. Abstract: The growing markets of Cloud services and IoT platforms have dramatically raised system flexibility and deployment options. However, increasing complexity and dependency on third-party providers make it difficult to assess the security and privacy levels that distributed systems can offer to their users. In the last years, machine-readable Service Level Agreements (SLAs) have been studied as an optimal method for copying with security and privacy policies. Still, the computation of the SLAs of applications distributed in diverse infrastructures remains a challenging task. This paper presents a methodology to compose security SLAs (SecSLAs) and privacy SLAs (PLAs) of Cloud-based IoT applications on top of standard controls. The composition considers individual components' SLAs and the control delegation relationships between the components with respect to different types of controls (common, system-specific or hybrid controls). Furthermore, we propose a technique to calculate the Service Level Objectives (SLO) of the controls declared in the composite SLA based on the SLOs granted by individual components. Finally, the paper presents the validation of the methodology carried out to create the SecSLAs and PLAs of a real multiCloud-based IoT application in the eHealth domain. Graphical abstract: Image, graphical abstract … (more)
- Is Part Of:
- Computers & electrical engineering. Volume 98(2022)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 98(2022)
- Issue Display:
- Volume 98, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 98
- Issue:
- 2022
- Issue Sort Value:
- 2022-0098-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-03
- Subjects:
- Cloud security -- IoT security -- Security and privacy -- Security SLA -- Service Level Agreement
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2022.107690 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20850.xml