Accountable Security Mechanism based on Security Service Level Agreement

Abstract

This paper proposes a mechanism that realizes accountable security using a security service level agreement (SSLA), which defines the security level of a service agreed to between a user and service provider. The mechanism consists of three major components: security expression, translation, and negotiation techniques. The security expression technique provides a means to describe security requirements and capabilities of a user and service provider, as well as the SSLA between them, in different levels of detail. The translation technique provides a means to translate such information among different levels of detail, and the negotiation technique provides a means to negotiate and agree upon the SSLA between the user and service provider. Both the user and service provider need to be accountable and non-repudiable against the agreed to SSLA in order to empower it. The mechanism uses cryptographic identities and digital signatures for this purpose. This paper demonstrates the feasibility and usability of the mechanism by describing its usage scenario and implementing its prototype, and analyzes this mechanism