Formalization of SLAs for Cloud Forensic Readiness

The provisioning of a Cloud service requires a number of parties to engage in a legal commitment towards one another. The responsibilities and expectations of both customers and providers are governed by means of a Service Level Agreement (SLA) contract that they sign prior the activation of the service. Once a Cloud service is provided by a party to another it is assumed that all the conditions, i.e., clauses, mentioned in the SLA are read and fulfilled by those who signed it. The notion of Forensic Readiness (FR) is introduced in literature to help controlling and monitoring the behaviour of a computing architecture through a dedicated system; the essence of this capability is motivated by the necessity of facilitating some digital investigations in terms of time and costs. In some cases, such capability can be meant also for alerting and prevent any system attack attempts. In the Cloud, some crimes can be related to violations of the previously agreed upon service security measures. The logging process or documentation of Cloud service violations can then be used by either the provider or the customer to evaluate the quality of the service in subject. In addition, they can lead any of the involved parties to take the necessary legal actions. In this paper we emphasize the importance of automating the process of discovering Service Level Agreement violations in Cloud services. We propose a formal framework for building a Cloud Forensic Readiness System (CFRS) that considers the technical aspects of SLAs while monitoring the fulfilment of the addressed service. The system can eventually issue warnings and alerts to the involved parties as soon as a service violation is detected. Our approach represents SLAs clauses in terms of formal rules that can then be used as system inputs to validate whether an action occurring in a given Cloud architecture is a service level violation or not.