TY - JOUR
T1 - Verifying cloud service-level agreement by a third-party auditor
AU - Zhang, Hongli
AU - Ye, Lin
AU - Shi, Jiantao
AU - Du, Xiaojiang
AU - Guizani, Mohsen
PY - 2014/3
Y1 - 2014/3
N2 - In this paper, we study the important issue of verifying service-level agreement (SLA) with an untrusted cloud and present an SLA verification framework that utilizes a third-party auditor (TPA). A cloud provides users with elastic computing and storage resources in a pay-as-you-go way. An SLA between the cloud and a user is a contract that specifies the computing resources and performances that the cloud should provide to the user. A cloud service provider (CSP) has incentives to cheat on the SLA, for example, providing a user with less central processing unit and memory resources than specified in the SLA, which allows the CSP to support more users and make more profits. A malicious CSP can easily disrupt the existing SLA monitoring/verification techniques by interfering with the monitoring/measurement process. A TPA resolves the trust dilemma between a CSP and its users. Under the TPA framework and the untrusted-cloud threat model, we design two effective testing algorithms that can detect an SLA violation of the virtual machine memory size. Using real experiments, we demonstrate that our algorithms can detect cloud cheating on a virtual machine's memory size (i.e., SLA violations). Furthermore, we show that our testing algorithms can defend various attacks from a malicious CSP, which tries to hide an SLA violation.
AB - In this paper, we study the important issue of verifying service-level agreement (SLA) with an untrusted cloud and present an SLA verification framework that utilizes a third-party auditor (TPA). A cloud provides users with elastic computing and storage resources in a pay-as-you-go way. An SLA between the cloud and a user is a contract that specifies the computing resources and performances that the cloud should provide to the user. A cloud service provider (CSP) has incentives to cheat on the SLA, for example, providing a user with less central processing unit and memory resources than specified in the SLA, which allows the CSP to support more users and make more profits. A malicious CSP can easily disrupt the existing SLA monitoring/verification techniques by interfering with the monitoring/measurement process. A TPA resolves the trust dilemma between a CSP and its users. Under the TPA framework and the untrusted-cloud threat model, we design two effective testing algorithms that can detect an SLA violation of the virtual machine memory size. Using real experiments, we demonstrate that our algorithms can detect cloud cheating on a virtual machine's memory size (i.e., SLA violations). Furthermore, we show that our testing algorithms can defend various attacks from a malicious CSP, which tries to hide an SLA violation.
KW - Cloud computing
KW - Security
KW - Service-level agreement
KW - Verification
UR - http://www.scopus.com/inward/record.url?scp=84894064967&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84894064967&partnerID=8YFLogxK
U2 - 10.1002/sec.740
DO - 10.1002/sec.740
M3 - Article
AN - SCOPUS:84894064967
SN - 1939-0114
VL - 7
SP - 492
EP - 502
JO - Security and Communication Networks
JF - Security and Communication Networks
IS - 3
ER -