SLA Definition for Network Intrusion Detection Systems in IaaS Clouds - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2021

SLA Definition for Network Intrusion Detection Systems in IaaS Clouds

Résumé

Migrating to the cloud results in losing full control of the physical infrastructure as the cloud service provider (CSP) is responsible for managing the infrastructure including its security. To solve the trust issue that this raises, CSPs provide tenants with guarantees through Service Level Agreements (SLA). However no such SLA addresses the security monitoring aspect of tenants' information systems. Moreover, security monitoring services should be configured according to the tenant's specific requirements. In this paper, we propose a method allowing CSPs to define SLAs providing each tenant with guarantees about the performance of a security monitoring probe, specifically a Network Intrusion Detection System (NIDS), configured according to the tenant's requirements. This method is based on an enhanced cloud SLA language and an efficient SLA template preparation method allowing a CSP to estimate the performance of an NIDS for any possible set of tenant's requirements at reasonable costs. Experimental evaluations show the feasibility of our approach.
Fichier principal
Vignette du fichier
Amir_SLA_Definition_for_Network_Intrusion_Detection_Systems_in_IaaS_Clouds.pdf (1.62 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03085554 , version 1 (21-12-2020)

Identifiants

Citer

Amir Teshome Wonjiga, Louis Rilling, Christine Morin. SLA Definition for Network Intrusion Detection Systems in IaaS Clouds. SAC 2021 - 36th ACM/SIGAPP Symposium on Applied Computing, Mar 2021, Virtual Event, Republic of Korea., South Korea. pp.1-10, ⟨10.1145/3412841.3441885⟩. ⟨hal-03085554⟩
116 Consultations
265 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More