Ontology-based Negotiation of Security Requirements in Cloud

The Cloud Computing paradigm attracts many customers because of the potentialities it promises. Despite of many benefits, a widespread adoption is limited by many issues that potential customers still have to face. Security in the cloud is one of the main concern for the customer. The Cloud Service Provider (CSP) is responsible of providing security to customers and assuring that their data and application are properly secured. In this context, the concept of Service Level Agreement (SLA) assumes a great importance. It can be used as a means to formalize and establish in a contract what must effectively be granted in terms of security levels. There is actually Semantic Gap between how security guarantees are intended respectively by customers and providers. A customer is inclined to express security in terms of high-level requirements, while a CSP expresses guarantees through a technical, low-level language. To address this gap, the key is to find a common language for both the customer and the CSP. The goal of this paper is to offer an Ontology-based Negotiation Service allowing a customer to negotiate the interested security level among different CSPs, with the possibility to choose the best security offering; a Security Ontology was developed as a basis for a common semantic language that customers and providers will have to use to express security features and requirements.