Verification for Security Monitoring SLAs in IaaS Clouds: the Example of a Network IDS

Abstract : In an IaaS cloud the physical infrastructure is controlled by service providers, including its security monitoring aspect. Clients hosting their information system need to trust and rely on what the providers claim. At the same time providers try to give assurance for some aspects of the infrastructure (e.g. availability) through service level agreements (SLAs). We aim at extending SLAs to include security monitoring terms. In this paper we describe the challenges to reach this goal, we propose a three-steps incremental strategy and we apply the first step of this strategy on the case of network IDS (NIDS) monitoring probes. In this case study we select a relevant metric to describe the performance of an NIDS, that is the metric can figure in an SLA and can be measured to verify that the SLA is respected. In particular we propose an in situ verification method of such a metric on a production NIDS and evaluate experimentally and analytically the proposed method.
Complete list of metadatas

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01577814
Contributor : Amir Teshome Wonjiga <>
Submitted on : Thursday, August 31, 2017 - 11:57:34 AM
Last modification on : Friday, September 13, 2019 - 9:51:33 AM
Long-term archiving on : Friday, December 1, 2017 - 5:04:19 PM

File

RR-9091.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01577814, version 1

Citation

Amir Teshome Wonjiga, Louis Rilling, Christine Morin. Verification for Security Monitoring SLAs in IaaS Clouds: the Example of a Network IDS. [Research Report] RR-9091, Inria Rennes Bretagne Atlantique. 2017. ⟨hal-01577814⟩

Share

Metrics

Record views

651

Files downloads

366