Security assurance of (multi-)cloud application with security SLA composition

Despite the diffusion of the cloud computing paradigm, cloud security is still considered one of the main inhibitors for the adoption of cloud-based solution. Security Service Level Agreements (Security SLAs), i.e. agreements among providers and customers that states the level of security granted on the services delivered, adopted to enable a Cloud Service Provider (CSP) to declare its security policy and a way to measure them from cloud service customer (CSC) point of view. Security SLAs, however, not completely solve the security issue in cloud when we have complex supply chains. This paper proposes a technique to automatically generate Security SLA, relying on CSP declaration and on the services, composing the application. Security SLAs and cloud applications are modeled, enabling automatic reasoning over the security offerings and the evaluation of the security policy over an orchestration of cloud services.