基于SecLA的云服务商选择方法研究

云计算应用领域不断拓展,用户越来越关注云服务的安全性,现有云服务商选择方法主要考量性能和费用,缺乏有效的安全属性考评方法,为此提出了基于安全等级协议的云安全量化评比方法。基于云安全联盟的云控制矩阵及配套共识评估问卷,设计了云服务商安全指标体系及量化评分模型；对Web服务协议框架进行扩展,设计了云安全等级协议的模板框架；引入负提供参数来增强比较优势度法,实现了云安全等级的量化评比。实验检验了系列方法的可行性及有效性,与参数评估方法、简单线性加权方法等的对比表明,优先度排序更加合理,负提供参数对决策起到了良好的辅助效果。

Research of Cloud Provider Selection Method Based on SecLA

As the range of cloud computing applications is gradually expanded,users become more and more concerned about the security of cloud services.Existing selection methods of cloud provider focus on performance and cost while seldom emphasize security.There is no effective method for evaluating the security services of cloud computing.Under this background,this paper presented a method for quantitative assessment of cloud security services based on security level agreement(SecLA).Firstly,it builds the cloud computing security index system and the quantitative evaluation model based on cloud control matrix(CCM) and accompanying consensus assessments initiative questionnaire(CAIQ),which are published by cloud security alliance(CSA).Secondly,it designs the template framework of SecLA by extending WS-Agreement.Finally,it introduces two underprovisioning parameters to enhance comparison method of alternatives advantage degree and realizes the quantitative comparison of SecLAs in cloud computing environment.The experimental results prove that the methods are feasible and effective.Compared with reference evaluation method(REM) and simple linear weighted method,the cloud providers sorting results in this paper are more reasonable,and underprovisioning parameters contribute a good auxiliary effect to decision making.