Skip to Main content Skip to Navigation
Conference papers

SLA Definition for Network Intrusion Detection Systems in IaaS Clouds

Abstract : Migrating to the cloud results in losing full control of the physical infrastructure as the cloud service provider (CSP) is responsible for managing the infrastructure including its security. To solve the trust issue that this raises, CSPs provide tenants with guarantees through Service Level Agreements (SLA). However no such SLA addresses the security monitoring aspect of tenants' information systems. Moreover, security monitoring services should be configured according to the tenant's specific requirements. In this paper, we propose a method allowing CSPs to define SLAs providing each tenant with guarantees about the performance of a security monitoring probe, specifically a Network Intrusion Detection System (NIDS), configured according to the tenant's requirements. This method is based on an enhanced cloud SLA language and an efficient SLA template preparation method allowing a CSP to estimate the performance of an NIDS for any possible set of tenant's requirements at reasonable costs. Experimental evaluations show the feasibility of our approach.
Complete list of metadata
Contributor : Amir Teshome Wonjiga Connect in order to contact the contributor
Submitted on : Monday, December 21, 2020 - 7:28:51 PM
Last modification on : Tuesday, October 19, 2021 - 11:04:35 AM


Files produced by the author(s)



Amir Teshome Wonjiga, Louis Rilling, Christine Morin. SLA Definition for Network Intrusion Detection Systems in IaaS Clouds. SAC 2021 - 36th ACM/SIGAPP Symposium on Applied Computing, Mar 2021, Virtual Event, Republic of Korea., South Korea. pp.1-10, ⟨10.1145/3412841.3441885⟩. ⟨hal-03085554⟩



Les métriques sont temporairement indisponibles