Dr. Gamble presented three papers at the IEEE Int’l Conference on Web Services (ICWS) , IEEE CLOUD 2012, and IEEE SERVICES 2012, all co-located in Honolulu, HI, where the new IEEE Cloud Initiative was launched. The three papers from SEAT are all part of research in making web services security-aware and building a calculus to verify their security compliance.
Specifically my paper, SecAgreement: Advancing Security Risk Calculations in Cloud Services, (M. Hale & R. Gamble) was presented in the Security and Privacy Engineering track at IEEE SERVICES 2012. This work focused on the question “How can cloud service providers SLAs be augmented meet the security needs of organizational consumers?” Our approach extends WS-Agreement for SLA creation, negotiation, and formation to allow for security risk to be understood as part of service level objectives and service description terms. The result is SecAgreement that embeds the security requirements expectations. We presented a matchmaking algorithm capable of matching SLA requests against SLA offers within the SecAgreement provided by cloud services to choose the least risk cloud to fulfill the request.
The conferences were a great medium for idea exchange and collaboration, and we are looking forward to the next phase of research to incorporate the feedback we received from the presentations! We’ll be posting some information on each paper and conference shortly