SPECS - Secure Provisioning of Cloud Services based on SLA Management

What user need or pain point is your project addressing?

The “as-a-service” approach, which delegates all kinds of resources to remote cloud service providers (CSPs), calls for new security methodologies that introduce security mechanisms and controls in a modular way. This is the base notion behind SPECS security-as-a-service offering.

Cloud service customers (CSCs) need to know the (security) grants that cloud service providers (CSPs) are able to offer. Security service level agreements (SecSLAs) are transparent and standard mechanisms to clearly specify the responsibilities of the parties involved, in particular CSPs and CSCs, with respect to security.

Moreover, CSCs need to select/procure cloud services according to their specific security requirements. However, the state of the art is currently lacking both a clear definition of possible Service Level  Objectives (SLO) (i.e.  the committed terms defined  in  the  Security SLAs), and their measured levels including the techniques for monitoring security parameters.

A CSC might have difficulty in comparing different cloud service offerings in terms of the security being offered by CSPs. Moreover, a CSC has no tools able to assure that security requirements are being correctly fulfilled during the operation of the Cloud service.

SPECS In Action: Demo on Secure Provisioning of Cloud Services | Introduction to SPECS - the video

Project's major results: 

The project has developed a Platform-as-a-Service able to manage the security life cycle of cloud services based on the automated management of cloud Service Level Agreements. Major outputs include the management framework (open source), and demonstrators related to its integration into real-world services.

Target stakeholders: 

Small & medium enterprises, Open Source developers.

Project Start: 
Project End: 

How will your solution/service benefit the end-user?

SPECS  proposes  an  innovative Platform-as-a-Service  that  offers  a  solution  for  the  SPECS’ Security-as-a-Service  approach,  based  on  SLA  life  cycle  management.  The SPECS platform  enables  the delivey of security services, described and guaranteed through Security SLAs. Cloud service customers are able  to  express  at  different  grain-level  the  security  features  they  need  through  a  user-centric negotiation of Security SLA, that helps CSCs to effectively negotiate with a set of CSPs, by understanding the resulting trade-offs.

Moreover, SPECS offers innovative security services to enforce SLA. When a cloud service does not grant the security features that a CSC has expressed in the negotiated SLA, SPECS provides additional security mechanisms that grant such specific feature.

In  order  to  support  CSCs  in  verifying  how correct  of  the  services  offered  by  CSPs are,  SPECS  offers innovative  solutions  for  continuous  security  monitoring.  It  implements  SLA-monitoring solutions  dedicated  to  continuously  control  the  security  offered  by  CSP  and  to  help  ensure  the granted security service level objectives.

SPECS Framework, i.e. the software collection developed within the project, is open source and can be used by cloud service providers to offer their service offerings with security SLAs and/or by developers in order to develop new (SPECS) applications that enhance the security of public CSPs.

Potential exploitation strategy: 

Based on feedback from partners's business units and a market-oriented survey, SPECS has identified a go-to-market strategy based on a service-offering of the developed framework e.g., through cloud broker solutions. Exploitation is supported through SPECS integration with our industrial partners' solutions namely ViPR (EMC), end-to-end encryption (XLAB), STAR Watch (CSA), and a secure web container solution (CERICT). These strategies are being leveraged through SPECS Solutions Portfolio.

Vertical Market: 

Finance & insurance, Other.