作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

所属专题: 云计算专题

• 云计算专题 • 上一篇    下一篇

基于SecSLA的云供应商选择方法

姜政伟1,2,巫锡洪2,杨沛安1,2,刘宝旭2   

  1. (1. 中国科学院研究生院,北京 100049;2. 中国科学院高能物理研究所计算中心,北京 100049)
  • 收稿日期:2012-11-12 出版日期:2013-10-15 发布日期:2013-10-14
  • 作者简介:姜政伟(1985-),男,博士研究生,主研方向:云计算安全评估与审计;巫锡洪,硕士研究生;杨沛安,博士研究生; 刘宝旭,研究员
  • 基金资助:
    国家科技支撑计划基金资助项目(2012BAH14B02);国家发改委信息安全专项基金资助项目(发改办高技[2012]1424号)

Cloud Provider Selection Method Based on SecSLA

JIANG Zheng-wei 1,2, WU Xi-hong 2, YANG Pei-an 1,2, LIU Bao-xu 2   

  1. (1. Graduate University of Chinese Academy of Sciences, Beijing 100049, China; 2. Computing Center, Institute of High Energy Physics, Chinese Academy of Sciences, Beijing 100049, China)
  • Received:2012-11-12 Online:2013-10-15 Published:2013-10-14

摘要: 当前云计算服务水平协议通常只关注性能,缺乏安全参数,并且客户需要在多家云供应商中做出选择。针对上述问题,提出一种基于SecSLA的云供应商选择方法。构建云计算安全服务水平协议(SecSLA)的指标体系,采用目标-问题-度量方法形成SecSLA的50个底层评估指标项。并将改进的ELECTRE方法引入到云供应商的选择决策过程中,结合净优势值与净劣势值的思想,简化决策过程。实例计算与分析结果表明,SecSLA较全面地覆盖了云计算事故处理、漏洞补丁管理、合规性与可用性等因素,该云供应商选择方法能消除传统选择消去法ELECTRE II的繁琐与对经验的依赖,便于实现编程自动化处理,且最终的评价结果与ELECTRE II、灰色关联、理想解法一致。

关键词: 云计算, 安全服务水平协议, 云供应商选择, 目标-问题-度量方法, ELECTRE方法

Abstract: The cloud computing service level agreement often only focuses on performance while seldom emphasizes security parameters. Besides, customers are confused by several suppliers in cloud computing market. Therefore, cloud computing Security Service Level Agreement(SecSLA) with detailed indexes is put forward and an improved ELECTRE method is introduced to the cloud provider selection process. Goal-Question-Metric method is employed to form 50 bottom evaluation indexes for SecSLA. The modified ELECTRE method combines the value of net advantage and net disadvantage to simplify the decision process.The calculation and analysis of instance prove the following aspects: the proposed SecSLA has a relatively comprehensive coverage of the cloud computing assessment factors, such as incident handling, vulnerability and patch management,compliance and availability; the suggested method eliminates the redundancy and dependence on experience of ELECTRE II, which makes the realization of automatic process easier. The final evaluation order conforms to the result of ELECTRE II, gray correlation method and TOPSIS method, which indicates that the designed method can play a guiding role in the selection of cloud service provider.

Key words: cloud computing, Security Service Level Agreement(SecSLA), cloud provider selection, Goal-Question-Metric(GQM) method, Elimination Et Choice Translating Reality(ELECTRE) method

中图分类号: