The reviewed record of science sign in
Pith

arxiv: 1403.7088 · v1 · pith:LFUZQHJX · submitted 2014-03-26 · cs.CR · cs.HC

Tailored Security: Building Nonrepudiable Security Service-Level Agreements

Reviewed by Pithpith:LFUZQHJXopen to challenge →

classification cs.CR cs.HC
keywords securityserviceagreementsarticlebuildingdimensionsfeaturesmechanism
0
0 comments X
read the original abstract

The security features of current digital services are mostly defined and dictated by the service provider (SP). A user can always decline to use a service whose terms do not fulfill the expected criteria, but in many cases, even a simple negotiation might result in a more satisfying outcome. This article aims at building nonrepudiable security service-level agreements (SSLAs) between a user and an SP. The proposed mechanism provides a means to describe security requirements and capabilities in different dimensions, from overall targets and risks to technical specifications, and it also helps in translating between the dimensions. A negotiation protocol and a decision algorithm are then used to let the parties agree on the security features used in the service. This article demonstrates the feasibility and usability of the mechanism by describing its usage scenario and proof-of-concept implementation and analyzes its nonrepudiability and security aspects.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.