, <?xml version ="1.0" encoding ="utf-8"?> 2 <xs:schema xmlns:xs=
, Schema for the ECSLA, an extention for CSLA Language
, Version: 1.0 11 Author: Amir Teshome Wonjiga
,
, CloudServiceType "> 16 <xs:choice > 17 <xs:element numbersname=" software " numberstype="csla: SoftwareType " 18 numbersminOccurs ="1" numbersmaxOccurs ="1"/> 19 <xs:element numbersname=" platform " numberstype="csla: PlatformType, </xs:annotation> 14 15 <xs:complexType numbersname=
,
, SecurityMonitoringType "> 29 <xs:sequence > 30 <xs:element numbersname=" product " numberstype="csla: ProductType " numbersminOccurs ="1" 31 numbersmaxOccurs =" unbounded "/> 32 <xs:element numbersname=" vulnerabilities " numberstype="csla: VulnerabilitiesType, </xs:complexType > 27 28 <xs:complexType numbersname=
, </xs:sequence >
, ProductType "> 40 <xs:sequence > 41 <xs:element numbersname="mode" numberstype="csla: ModeType " numbersminOccurs ="1" 42 numbersmaxOccurs, </xs:complexType > 38 39 <xs:complexType numbersname=
, </xs:sequence > 44 <xs:attribute numbersname="id" numberstype="xs:string "/> 45 <xs:attribute numbersname="name" numberstype="xs:string "/> 46 <xs:attribute numbersname="mode" numberstype="xs:integer "/> 47 <xs:attribute numbersname=" version " numberstype="xs:string "/>
, APPENDIX 52 53 <xs:complexType numbersname=" VulnerabilitiesType "> 54 <xs:sequence > 55 <xs:element numbersname=" vulnerability " numberstype="csla: VulnerabilityType " 56 numbersminOccurs
, </xs:sequence >
, VulnerabilityType "> 61 <xs:attribute numbersname="id" numberstype="xs:string "/> 62 <xs:attribute numbersname="cve" numberstype="xs:string "/> 63 <xs:attribute numbersname=" description, </xs:complexType > 59 60 <xs:complexType numbersname=
, MetricType"> 68 <xs:sequence> 69 <xs:element name="description" type="xs:string" minOccurs="1" maxOccurs="1"/> 70 <xs:element name=, </xs:complexType > 65 66 67 <xs:complexType name=
, </xs:sequence> 72 <xs:attribute name="id" type="xs:string"/> 73 <xs:attribute name="name" type="xs:string"/>
, Type can be simple of complex --> 75 <xs:attribute name="type" type="xs:string"/> 76 <xs:attribute name=
, </xs:complexType> 78 </xs:schema > Listing A.1: ECSLA XML schema
, A tool for dumping the contents of Unified2 log files to stdout, 2018.
, OpenVirteX: A Network Hypervisor, 2014.
, Open Source Security Information and Event Management (SIEM). accessed, 2018.
, , 2018.
, Amazon Compute Service Level Agreement, 2018.
, , 2018.
, Amazon Elastic Compute, 2018.
, , 2018.
, Amazon S3 Service Disruption in the Northern Virginia (US-EAST-1) Region. accessed, 2018.
, AMD Platform Security Processor (PSP). accessed, 2018.
, Technology for Client Virtualization, 2018.
, An Open Global Forum for Advanced Distributed Computing, 2018.
, An open source intrusion detection and prevention system, 2018.
, An open standard for creating a timestamp proof of any data, file, or process, 2018.
, , vol.35, 2001.
, Overcoming the Internet impasse through virtualization, Computer, vol.38, pp.34-41, 2005.
, Web services agreement specification (WS-Agreement), Open grid forum, vol.128, p.216, 2007.
, Hyperledger fabric: a distributed operating system for permissioned blockchains, Proceedings of the Thirteenth EuroSys Conference, p.30, 2018.
, Security technology building a secure system using trustzone technology (white paper), ARM Limited, 2009.
, , 2018.
, The base-rate fallacy and its implications for the difficulty of intrusion detection, Proceedings of the 6th ACM Conference on Computer and Communications Security, pp.1-7, 1999.
, Adding Virtualization Capabilities to the Grid'5000 Testbed, Cloud Computing and Services Science, vol.367, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00946971
, Xen and the art of virtualization, ACM SIGOPS operating systems review, vol.37, pp.164-177, 2003.
, Cloud SLAs: present and future, ACM SIGOPS Operating Systems Review, vol.46, issue.2, pp.57-66, 2012.
, The Tao of network security monitoring: beyond intrusion detection. Pearson Education, 2004.
, QEMU, a fast and portable dynamic translator, USENIX Annual Technical Conference, FREENIX Track, vol.41, p.46, 2005.
, The Resource-as-a-Service
, Security in service level agreements for cloud computing, CLOSER 2011-Proceedings of the 1st International Conference on Cloud Computing and Services Science, 2011.
, Security SLAs for federated cloud services, 2011 Sixth International Conference on. IEEE, pp.202-209, 2011.
, , 2018.
, Autoslice: automated and scalable slicing for software-defined networks, Proceedings of the 2012 ACM conference on CoNEXT student workshop, pp.3-4, 2012.
, A next-generation smart contract and decentralized application platform, 2014.
, Ethereum white paper, 2013.
, B-ROC curves for the assessment of classifiers over imbalanced data sets, Proceedings of the National Conference on Artificial Intelligence, vol.21, p.1581, 1999.
, A framework for the evaluation of intrusion detection systems, IEEE Symposium, p.15, 2006.
, Big data analytics for security, IEEE Security & Privacy, vol.11, pp.74-76, 2013.
, Ethane: Taking control of the enterprise, ACM SIGCOMM Computer Communication Review, vol.37, pp.1-12, 2007.
, Security monitoring in the cloud: an SLA-based approach, Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp.749-755, 2015.
, Automatically enforcing security slas in the cloud, IEEE Transactions on Services Computing, vol.10, pp.741-755, 2017.
, Practical Byzantine fault tolerance, vol.99, pp.173-186, 1999.
, How to enhance cloud architectures to enable cross-federation, 2010 IEEE 3rd international conference on cloud computing. IEEE. 2010, pp.337-345
, TCP SYN flooding and IP spoofing attacks, CERT Advisory CA, pp.1996-2021, 1996.
, SLA perspective in security management for cloud computing, Networking and Services (ICNS), 2010.
, Sixth International Conference on. IEEE. 2010, pp.212-217
, On security analysis of proof-of-elapsed-time (poet), International Symposium on Stabilization, Safety, and Security of Distributed Systems, pp.282-297, 2017.
, Active And Programmable Networks, IEEE Network, vol.12, pp.10-11, 1998.
, Evasion techniques: Sneaking through your intrusion detection/prevention systems, IEEE Communications Surveys & Tutorials, vol.14, pp.1011-1020, 2012.
, Firewalls and Internet security: repelling the wily hacker, 2003.
, A survey of network virtualization, Computer Networks, vol.54, pp.862-876, 2010.
, Network virtualization: state of the art and research challenges, IEEE Communications magazine, vol.47, 2009.
, Binary translation: Static, dynamic, retargetable?" In: icsm, pp.340-349, 1996.
, Cloud File Sharing and Storage for your Business, 2018.
, Cloudstatus: Monitoring Cloud Infrastructure, 2018.
, Computer viruses, Computers & security, vol.6, pp.22-35, 1987.
, Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model. Version 3.1, Revision 5
, Common Vulnerabilities and Exposures, 2018.
, Corrupt iCloud data causes iOS home screen crash, 2018.
, Intel SGX Explained, In: IACR Cryptology ePrint Archive, vol.2016, p.86, 2016.
, Elements of information theory, 2012.
, A methodology for management of cloud computing using security criteria, Cloud Computing and Communications (LATINCLOUD), 2012 IEEE Latin America Conference on, pp.49-54, 2012.
, An approach to security-SLA in cloud computing environment, Communications (LATINCOM), pp.1-6, 2014.
, Software-defined networking security: pros and cons, IEEE Communications Magazine, vol.53, pp.73-79, 2015.
, The science dmz: A network design pattern for data-intensive science, Scientific Programming, vol.22, pp.173-185, 2014.
, Distributed intrusion detection in clouds using mobile agents, Advanced Engineering Computing and Applications in Sciences, 2009. ADVCOMP'09. Third International Conference, pp.175-180, 2009.
, Rest-based SLA management for cloud applications, 2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp.93-98, 2015.
, Decentralized cloud object storage that is affordable and easy to use, 2018.
, , 2018.
, Forwarding and control element separation (ForCES) protocol specification, 2010.
, DriveHQ Service Level Agreement, 2018.
, Scalable network virtualization in softwaredefined networks, IEEE Internet Computing, vol.17, pp.20-27, 2013.
, Signal Detection Theory and ROC Analysis Academic Press Series in Cognition and Perception, 1975.
, Reactive and Adaptive Security Monitoring in Cloud Computing, 2018 IEEE 3rd International Workshops on Foundations and Applications of Self* Systems (FAS* W), pp.5-7, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01884739
, Low level metrics to high level SLAs-LoM2HiS framework: Bridging the gap between monitored metrics and SLA parameters in cloud environments, High Performance Computing and Simulation (HPCS), 2010 International Conference on, pp.48-54, 2010.
, Facebook temporarily loses more than 10% of photos in hard drive failure, 2018.
, DTRAB: Combating against attacks on encrypted protocols through traffic-feature analysis, IEEE/ACM Transactions on Networking (TON), vol.18, pp.1234-1247, 2010.
, Generic routing encapsulation (GRE), 2000.
, What is a VPN?, 1998.
, Floodlight: an Open SDN Controller, 2018.
, Evaluation of web security mechanisms using vulnerability and attack injection, IEEE Transactions on Dependable and Secure Computing, vol.1, p.1, 2014.
, Security and privacy controls for federal information systems and organizations, NIST Special Publication, vol.800, pp.8-13, 2013.
, Analysis of the Intel Pentium's ability to support a secure virtual machine monitor, Proceedings of the... USENIX Security Symposium. USENIX Association, p.129, 2000.
, Attacking, repairing, and verifying SecVisor: A retrospective on the security of a hypervisor, 2008.
, , 2018.
, Blockchain-based database to ensure data integrity in cloud computing environments, 2017.
, Evaluation of intrusion detectors: A decision theory approach, Proceedings. 2001 IEEE Symposium, pp.50-61, 2001.
, Passive tcp reconstruction and forensic analysis with tcpflow, Naval Postgraduate School, 2013.
, When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments, 2005.
, A Virtual Machine Introspection Based Architecture for Intrusion Detection, In: Ndss, vol.3, pp.191-206, 2003.
, Compatibility Is Not Transparency: VMM Detection Myths and Realities, 2007.
, 224 -Open Cloud Computing Interface -Infrastructure, 2018.
, Fundamentals of software engineering, 2002.
, Self-adaptable Security Monitoring for IaaS Cloud Environments, Theses. INSA de Rennes, 2017.
URL : https://hal.archives-ouvertes.fr/tel-01653831
, Survey of virtual machine research, Computer 7, pp.34-45, 1974.
, , 2018.
, , 2018.
, Higher Layer LAN Protocols Working Group et al. 802.1 Q-2014-IEEE Standard for local and metropolitan area networks-bridges and bridged networks, IEEE Std, vol.802, 2014.
, Measuring intrusion detection capability: an information-theoretic approach, Proceedings of the 2006 ACM Symposium on Information, pp.90-101, 2006.
, NOX: towards an operating system for networks, ACM SIGCOMM Computer Communication Review, vol.38, pp.105-110, 2008.
, A multiple-replica remote data possession checking protocol with public verifiability, Data, Privacy and E-Commerce (ISDPE), 2010 Second International Symposium on. IEEE. 2010, pp.84-89
, A privacy-preserving remote data integrity checking protocol with data dynamics and public verifiability, IEEE transactions on Knowledge and Data Engineering, vol.23, pp.1432-1437, 2011.
, Security service level agreements: quantifiable security for the enterprise?, In: Proceedings of the 1999 workshop on New security paradigms, pp.54-60, 1999.
, , 2018.
, Apache Flume: distributed log collection for Hadoop, 2013.
, A survey of autonomic computing-degrees, models, and applications, In: ACM Computing Surveys (CSUR), vol.40, p.7, 2008.
, , 2018.
, Cloudsec: a security monitoring appliance for virtual machines in the iaas cloud model, Network and System Security (NSS), pp.113-120, 2011.
, Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud, In: IACR Cryptology ePrint Archive, p.898, 2015.
, Balancing risk and reward in a market-based task service, pp.160-169, 2004.
, Network virtualization and software defined networking for cloud computing: a survey, IEEE Communications Magazine, vol.51, pp.24-31, 2013.
, Supercloud: Opportunities and challenges, ACM SIGOPS Operating Systems Review, vol.49, pp.137-141, 2015.
, Computer Security Threat Monitoring and Surveillance, 1980.
, Security SLA based monitoring in clouds, 2017 IEEE International Conference on Edge Computing, pp.90-97, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01593433
, Beyond IaaS and PaaS: An extended cloud taxonomy for computation, storage and networking, Utility and Cloud Computing (UCC), vol.6, pp.75-82, 2013.
, Service level agreements: An evaluation from a business application perspective, Proceedings of eChallenges, 2007.
, Intrusion detection: a brief history and overview, In: Computer, vol.35, pp.27-30, 2002.
, Kernel Virtual Machine, 2018.
, Open-source Secure Hardware Enclave, 2018.
, A vision for the Internet, ST Journal of Research, vol.2, pp.4-5, 2005.
, Spectre attacks: Exploiting speculative execution, 2018.
, SLA-driven cloud elasticity anagement approach, Theses. Ecole des Mines de Nantes, 2013.
URL : https://hal.archives-ouvertes.fr/tel-00919900
, CSLA: a Language for improving Cloud SLA Management, International Conference on Cloud Computing and Services Science, pp.586-591, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00675077
, Slang: A language for defining service level agreements, NINTH IEEE WORKSHOP ON FUTURE TRENDS OF DISTRIBUTED COMPUTING SYSTEMS, pp.100-106, 2003.
, The Byzantine generals problem, ACM Transactions on Programming Languages and Systems, pp.382-401
, Management Information Systems: Managing the Digital Firm, p.9780132142854, 2012.
, Software defined environments: An introduction, IBM Journal of Research and Development, vol.58, issue.3, pp.1-1, 2014.
, Openflow: a radical new idea in networking, Communications of the ACM, vol.55, pp.42-47, 2012.
, Meltdown: Reading Kernel Memory from User Space, 27th USENIX Security Symposium (USENIX Security 18), 2018.
, Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation, DARPA Information Survivability Conference and Exposition, 2000. DISCEX'00. Proceedings, vol.2, pp.12-26, 2000.
, Blockchain based data integrity service framework for IoT data, 2017 IEEE International Conference on, pp.468-475
, rSLA: Monitoring SLAs in dynamic service environments, International Conference on Service-Oriented Computing, pp.139-153, 2015.
, Web service level agreement (WSLA) language specification
, Ensuring the data integrity in cloud data storage, Cloud Computing and Intelligence Systems (CCIS), pp.240-243, 2011.
, LXC containers and security, 2018.
, LXC containers and security, 2018.
, Bayes-based ARP attack detection algorithm for cloud centers, Tsinghua Science and Technology, vol.21, pp.17-28, 2016.
, Understanding full virtualization, paravirtualization, and hardware assist, p.17, 2007.
, Automatic evaluation of intrusion detection systems, Computer Security Applications Conference, 2006. ACSAC'06. 22nd Annual. IEEE, pp.361-370, 2006.
, Integrating a network ids into an open source cloud computing environment, Information Assurance and Security (IAS), 2010.
, Sixth International Conference on. IEEE. 2010, pp.265-270
, Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory, ACM Transactions on Information and System Security (TISSEC), vol.3, pp.262-294, 2000.
, OpenFlow: enabling innovation in campus networks, ACM SIGCOMM Computer Communication Review, vol.38, pp.69-74, 2008.
, The NIST definition of cloud computing, 2011.
, Knowledge-defined networking, ACM SIGCOMM Computer Communication Review, vol.47, pp.2-10, 2017.
, Metasploit: The world's most used penetration testing framework, 2018.
, Evaluation of intrusion detection systems in virtualized environments using attack injection, International Workshop on Recent Advances in Intrusion Detection, pp.471-492, 2015.
, Quantifying the Attack Detection Accuracy of Intrusion Detection Systems in Virtualized Environments, 2016 IEEE 27th International Symposium on. IEEE. 2016, pp.276-286
, Compiling pcre to fpga for accelerating snort ids, Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, pp.127-136, 2007.
, Model-based cross cloud development and deployment platform, 2018.
, , 2018.
, Contrail final publishable summary report, Contract. Inria Rennes Bretagne Atlantique, p.36, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01346091
, Bitcoin: A peer-to-peer electronic cash system, 2008.
, Network virtualization as foundation for enabling new network architectures and applications, IEICE transactions on communications, vol.93, pp.454-457, 2010.
, , 2018.
, Next-Generation Intrusion Prevention System (NGIPS), 2018.
, Hypervisor-based cloud intrusion detection system, Computing, Networking and Communications (ICNC), pp.989-993, 2014.
, Nmap: Network mapper utility for network discovery and security auditing, 2018.
, Semantic WS-agreement partner selection, Proceedings of the 15th international conference on World Wide Web, pp.697-706, 2006.
, On Public and Private Blockchains, 2018.
, Open Networking Foundation (ONF). accessed, 2018.
, Open source software for creating private and public clouds, 2018.
, Open Source vulnerability scanner and manager (OpenVAS). accessed, 2018.
, Open vSwitch is a production quality, multilayer virtual switch, 2018.
, , 2018.
, Verifying remote data integrity in peer-to-peer data storage: A comprehensive survey of protocols, Peer-to-Peer Networking and Applications, vol.5, pp.231-243, 2012.
URL : https://hal.archives-ouvertes.fr/hal-02286502
, OWASP Zed Attack Proxy (ZAP, 2018.
, Packets of Death: Vulnerability in ICMPv6 could allow Denial of Service, 2018.
, Papertrail Log Management, 2018.
, Virtualization: Issues, security threats, and solutions, In: ACM Computing Surveys (CSUR), vol.45, p.17, 2013.
, Virtualization and hardware-based security, IEEE Security & Privacy, vol.5, pp.24-31, 2008.
, vTPM: virtualizing the trusted platform module, Proc. 15th Conf. on USENIX Security Symposium, pp.305-320, 2006.
, Performance Monitoring Solution for DevOps and IT Operations, 2018.
, Towards a Security SLA-based Cloud Monitoring Service, pp.598-603, 2014.
, , 2018.
, Enabling Security in Cloud Storage SLAs with CloudProof, USENIX Annual Technical Conference, vol.242, pp.355-368, 2011.
, Formal requirements for virtualizable third generation architectures, Communications of the ACM, vol.17, pp.412-421, 1974.
, Practical guide to cloud service level agreements version 2.0. Whitepaper. Cloud Standards Customer Council (CSCC), 2015.
, Automated evaluation of network intrusion detection systems in iaas clouds, Dependable Computing Conference (EDCC), 2015 Eleventh European, pp.49-60, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01212064
, Insertion, evasion, and denial of service: Eluding network intrusion detection, Tech. rep. SECURE NETWORKS INC CALGARY ALBERTA, 1998.
, A methodology for testing intrusion detection systems, IEEE Transactions on Software Engineering, vol.22, pp.719-729, 1996.
, A quality metric for IDS signatures: in the wild the size matters, EURASIP Journal on Information Security, issue.1, p.7, 2013.
, Security as a service using an SLA-based approach via SPECS, Cloud Computing Technology and Science (CloudCom), vol.2, pp.1-6, 2013.
, A survey of consensus problems in multi-agent coordination, Proceedings of the 2005, pp.1859-1864, 2005.
, SEC-SLA: Specification and validation of metrics to security service level agreements, IV Workshop on Computer System Security, pp.199-210, 2004.
, DISCUS: A massively distributed IDS architecture using a DSL-based configuration, Proc. ISEEE, 2014.
URL : https://hal.archives-ouvertes.fr/hal-00996876
, Hey, you, get off of my cloud: exploring information leakage in thirdparty compute clouds, Proceedings of the 16th ACM conference on Computer and communications security, pp.199-212, 2009.
, DASC'09. Eighth IEEE International Conference on, Dependable, Autonomic and Secure Computing, pp.729-734, 2009.
, Multiprotocol label switching architecture, 2000.
, When open source meets network control planes, Computer, vol.47, pp.46-54, 2014.
, RRDtool is OpenSource industry standard, high performance data logging and graphing system for time series data, 2018.
, rsync: an open source utility that provides fast incremental file transfer, 2018.
, Reconfigurable hardware implementation of host-based IDS, Communications, 2003. APCC 2003. The 9th Asia-Pacific Conference on, vol.2, pp.849-853, 2003.
, multi-platform, open source Host-based Intrusion Detection System (HIDS), 2018.
, Guide to intrusion detection and prevention systems (idps)". In: NIST special publication 800, p.94, 2007.
, Replication management using the state-machine approach, Distributed systems, 1993.
, Secure Provisioning of Cloud Services Based on SLA Management, 2018.
, Flowvisor: A network virtualization layer, OpenFlow Switch Consortium, vol.1, p.132, 2009.
, Binary translation, Communications of the ACM, vol.36, issue.2, pp.69-81, 1993.
, Language support for service-level agreements for application-service provision, 2007.
, , 2018.
, OpFlex control protocol, IETF, Apr, 2014.
, Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane, Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp.127-132, 2013.
, open-source IDS, IPS/NSM engine, 2014.
, The Swiss army knife of log management, 2018.
, Security and privacy challenges in cloud computing environments, IEEE Security & Privacy, vol.8, issue.6, pp.24-31, 2010.
, tcpdump: powerful command-line packet analyzer, 2018.
, The Bro Network Security Monitor, 2018.
, Torshammer: Slow POST Denial Of Service Testing Tool, 2018.
, Diversifying the internet, Global Telecommunications Conference, 2005. GLOBECOM'05. IEEE, vol.2, p.6, 2005.
, Intel virtualization technology, Computer, vol.38, pp.48-56, 2005.
, Slac: A formal service-levelagreement language for cloud computing, Proceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing, pp.419-426, 2014.
, Subchapter III, no 3542, vol.44, 2018.
, Intrusion detection techniques in grid and cloud computing environment, IT Professional, vol.12, pp.38-43, 2010.
, , 2018.
, The platform for network virtualization
, VMware Workstation, 2018.
, Understanding real world data corruptions in cloud systems, 2015 IEEE International Conference on Cloud Engineering (IC2E), pp.116-125, 2015.
, Service level agreements for cloud computing, 2011.
, , 2018.
, Attacking intel trusted execution technology, Black Hat DC 2009, 2009.
, A taxonomy of blockchain-based systems for architecture design, 2017 IEEE International Conference on, pp.243-252
, An exploration of L2 cache covert channels in virtualized environments, Proceedings of the 3rd ACM workshop on Cloud computing security workshop, pp.29-40, 2011.
, Privacy, Confidentiality, and Security of Public Health Information, Public Health Informatics and Information Systems, pp.155-172, 2014.
, Cooperative provable data possession, 2010.
, Une définition de SLO contient le modèle qui peut ensuiteêtre utilisé chaque fois que la mesure est effectuée. -Nous proposons une méthode d'évaluation in situ de la configuration de la supervision de sécurité. Elle permet d'évaluer la performance d'une configuration de l'infrastructure de supervision de sécurité dans un environnement de production. La méthode utilise une technique d'injection d'attaques mais les attaques injectées n'affectent pas les machines virtuelles de production. La méthode peutêtre utilisée par l'une ou l'autre des parties. Elle permetégalement de calculer la métrique requise. Cependant, la méthode exige une coopération entre les locataires et les fournisseurs de service. -Afin d'avoir un service de supervision de sécurité de bout en bout, les locataires ont besoin d'informations telles que la sortie des dispositifs de supervision et les fournisseurs ont besoin de connaissances sur les services qui fonctionnent dans l'environnement des locataires. Par conséquent, il est nécessaire que les deux parties coopèrent. Afin de résoudre la dépendance entre les locataires et les fournisseurs de service lors de la vérification, nous proposons d'utiliser un composant logique sécurisé. L'utilisation proposée d'un composant logique sécurisé pour la vérification est illustrée dans un SLA portant sur l'intégrité des données dans les nuages informatiques. La méthode utilise un registre sécurisé, Nous proposons une solution afin d'aider les fournisseurs de services dans la préparation des modèles de SLA. La solution proposée introduit deux nouvelles idées. Tout d'abord, nous concevons une méthode de construction d'une base de connaissances qui repose sur des regroupements de vulnérabilitésà partir d'heuristiques. Deuxièmement, nous proposons un modèle pour quantifier l'interférence entre des règles de détection associéesà des vulnérabilités différentes
, 1 décrit les travaux futurs qui peuventêtre réalisés dans un court laps de temps et qui sont axés sur l'amélioration des performances, de la conception et de la mise en oeuvre. Le paragraphe 4.2 décrit les objectifs qui peuvent etre atteintsà moyen terme et se concentre principalement sur les tâches restantes dans le cycle de vie des SLAs comme la configuration de l'infrastructure de supervision de la sécurité pour atteindre les SLOs décrits dans les SLAs
, Afin de résoudre ce problème, une méthode d'analyse de vulnérabilité peutêtre intégréeà notre méthode de définition des SLAs. Dans notre travail, nous avons envisagé une sonde de supervision de sécurité spécifique, c.-à-d. une sonde de détection d'intrusion réseau fondée sur des signatures. Les NIDS fondés sur la détection d'anomalies pourraient etre traités enétendant la méthode de définition des SLAs. Plus précisément, les paramètres utilisés pour décrire la performance devraientêtre adaptés au type d'IDS utilisé, nous nous concentrons sur l'amélioration des performances, de la conception et de la mise en oeuvre. Dans notre définition des SLAs, les locataires sont tenus de décrire leurs besoins en termes de vulnérabilités logicielles
, Nous n'avons pas présenté d'évaluation pratique de mesure de l'interférence entre règles. En outre, lors de l'introduction de la notion d'interférence, nous avons supposé que le NIDS lève une alerte pour chaque règle, nous avons introduit le concept théorique d'interférence entre règles (vecteurs et matrice d'interférence)