Abstract
The Cloud computing paradigm promises reliable services, accessible from anywhere in the world, in an on-demand manner. Insufficient security has been identified as a major obstacle to adopting Cloud services. To deal with the risks associated with outsourcing data and applications to the Cloud, new methods for security assurance are urgently needed. This paper presents a framework for security in Service Level Agreements for Cloud computing. The purpose is twofold; to help potential Cloud customers to identify necessary protection mechanisms and, in the next step, to facilitate automatic service composition based on a set of predefined security requirements. We demonstrate the practical applicability of the first objective with a small case study.