Service Level Agreements and Security SLA: A Comprehensive Survey
Serena Nicolazzo, Antonino Nocera, Witold Pedrycz
TL;DR
This survey addresses the integration of security and privacy into Service Level Agreements by organizing SLA research around the lifecycle phases (modeling, negotiation, monitoring, and enforcement) and by detailing Security SLAs (SecSLA) and Privacy Level Agreements (PLA). It aggregates 56 recent studies (2017–2023), contrasts traditional SLA language/specifications with SecSLA/PLA approaches, and highlights how ML, blockchain, and formal methods contribute to monitoring, violation detection, and dynamic renegotiation. Key contributions include a lifecycle-based taxonomy, a consolidation of SecSLA/PLA literature, and a synthesis of open challenges—particularly in metricization, automation, and cross-domain interoperability across Cloud and IoT. The work aims to guide researchers and practitioners toward robust, verifiable, and trustable SLA practices in increasingly heterogeneous and dynamic environments.
Abstract
A Service Level Agreement (SLA) is a formal contract between a service provider and a consumer, representing a crucial instrument to define, manage, and maintain relationships between these two parties. The SLA's ability to define the Quality of Service (QoS) expectations, standards, and accountability helps to deliver high-quality services and increase client confidence in disparate application domains, such as Cloud computing and the Internet of Things. An open research direction in this context is related to the possible integration of new metrics to address the security and privacy aspects of services, thus providing protection of sensitive information, mitigating risks, and building trust. This survey paper identifies state of the art covering concepts, approaches, and open problems of SLA management with a distinctive and original focus on the recent development of Security SLA (SecSLA). It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic, spanning from 2017 to 2023. Moreover, it proposes a novel classification criterium to organize the analysis based on SLA life cycle phases. This original point of view can help both academics and industrial practitioners to understand and properly locate existing contributions in the advancement of the different aspects of SLA technology. The present work highlights the importance of the covered topics and the need for new research improvements to tackle present and demanding challenges.