An Accountable Security Mechanisms in Light of Security Service Level Agreement

Abstract

This paper proposes a mechanism that realizes accountable security using a security service level agreement (SSLA), which defines the security level of a service agreed between a user and service provider. The mechanism consists of three major components: security expression, translation, and negotiation techniques. Security expression technique provides a means to describe security requirements and capabilities of a user and service provider as well as the SSLA between the user and provider in different levels of details. Translation technique provides a means to translate such information among different levels of details, and negotiation technique provides a means to negotiate and agree upon SSLA between the user and service provider. To empower the SSLA, both the user and service provider need to be accountable and non-repudiable against the agreed SSLA, and the mechanism uses cryptographic identities and digital signatures for that. This paper demonstrates the feasibility of the mechanism by implementing its prototype and discusses its effectiveness and efficiency including Denial of Service resilient feature.Note that this paper is based on the research reported in the previous WWRF 29 meeting and reports the issues we promised to develop further at the meeting.