Abstract
The previous chapter introduced our PACTS methodology that supports the establishment of a cloud-specific information security management system (ISMS) compliant to the ISO 27001 standard. In this chapter, we present the results of our collaboration with the industrial partners of the ClouDAT project. The ClouDAT project develops a method including tool support to help small and medium enterprises active in the cloud computing domain to establish an ISO 27001 ISMS. The members of the ClouDAT project decided to base their method on our PACTS method and evaluated our approach. The results of their validation offered valuable insights, which we discuss in this chapter. In addition, the ClouDAT project members were missing a simpler way to formulate security requirements and our collaboration resulted in an extension of PACTS for this purpose. In particular, our joint work focused on the creation of a textual pattern for security requirements, which can be instantiated with elements such as stakeholders from our cloud system analysis pattern.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
ENISA: http://www.enisa.europa.eu.
- 2.
Cloud Security Alliance (CSA): https://cloudsecurityalliance.org.
- 3.
The ClouDAT project homepage: http://ti.uni-due.de/ti/clouddat/de/.
- 4.
Note that SM stands for security management.
- 5.
The NESSoS project: http://www.nessos-project.eu.
- 6.
The ClouDAT project: http://ti.uni-due.de/ti/clouddat/de/.
- 7.
The ClouDAT project: http://ti.uni-due.de/ti/clouddat/de/.
References
Beckers, K., Côté, I., Goeke, L., Güler, S., & Heisel, M. (2013). Structured pattern-based security requirements elicitation for clouds. In Proceedings of the international conference on availability, reliability and security (ARES)—7th international workshop on secure software engineering (SecSE 2013) (pp. 465–474). IEEE Computer Society.
Beckers, K., Côté, I., & Goeke, L. (2014a). A catalog of security requirements patterns for the domain of cloud computing systems. In Proceedings of the 29th Symposium on Applied Computing (pp. 337–342). ACM.
Beckers, K., Côté, I., Goeke, L., Güler, S., & Heisel, M. (2014b). A structured method for security requirements elicitation concerning the cloud computing domain. International Journal of Secure Software Engineering (IJSSE), 5(2), 20–43.
BITKOM. (2009). Cloud-computing—Evolution in der technik, revolution im business.
BSI. (2010). IT-Grundschutzkataloge. Bonn, Germany: Bundesamt für Sicherheit in der Informationstechnik (BSI)—Federal Office for Information Security Germany. (http://www.bsi.bund.de).
BSI. (2011, August). BSI Grundschutz Homepage. Bonn, Germany: Bundesamt für Sicherheit in der Informationstechnik (BSI)—Federal Office for Information Security Germany. (http://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutznode.html).
Cloud Security Alliance (CSA). (2010). Top threats to cloud computing v1.0. (https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf).
Eclipse Foundation. (2011a). Eclipse—An open development platform [Computer software manual]. (http://www.eclipse.org/).
Eclipse Foundation. (2011b). Eclipse graphical modeling framework (GMF). (http://www.eclipse.org/modeling/gmf/).
Eclipse Foundation. (2012a). Eclipse modeling framework project (EMF). (http://www.eclipse.org/modeling/emf/).
Eclipse Foundation. (2012b). Graphical editing framework project (GEF). (http://www.eclipse.org/gef/).
Essoh, A. D. (2010). Cloud computing und sicherheit–geht denn das? Bonn, Germany: Bundesamt für Sicherheit in der Informationstechnik (BSI)—Federal Office for Information Security Germany. (http://www.bsi.bund.de/cae/servlet/contentblob/808266/publicationFile/46724/07_essoh_bsi.pdf).
Eurocloud. (2010). Eurocloud prĂĽfkatalog.
European Network and Information Security Agency (ENISA). (2009). Cloud computing—Benefits, risks and recommendations for information security.
Fabian, B., Gürses, S., Heisel, M., Santen, T., & Schmidt, H. (2010). A comparison of security requirements engineering methods. Requirements Engineering—Special Issue on Security Requirements Engineering, 15(1), 7–40.
Gartner. (2008). Assessing the security risks of cloud computing. (http://www.gartner.com/id=685308).
ISO/IEC. (2005). Information technology—Security techniques—Information security management systems—Requirements (ISO/IEC 27001). Geneva, Switzerland: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
ISO/IEC. (2013). Information technology—Security techniques—Information security management systems—Requirements (ISO/IEC 27001). Geneva, Switzerland: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
Liu, W., He, K.-Q., Zhang, K., & Wang, J. (2008). Combining domain-driven approach with requirement assets for networked software requirements elicitation. In Proceedings of the 2008 IEEE International Conference on Semantic Computing (pp. 354–361). IEEE Computer Society.
Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud security and privacy. O’Reilly.
Mell, P., & Grance, T. (2009). Effectively and securely using the cloud-computing paradigm. NIST. (presentation at NIST).
Palomares, C., Quer, C., Franch, X., Renault, S., & Guerlain, C. (2013). A catalogue of functional software requirement patterns for the domain of content management systems. In Proceedings of the 28th annual acm symposium on applied computing (pp. 1260–1265). ACM.
Streitberger, W., & Ruppel, A. (2009). Cloud-Computing Sicherheit—Schutzziele. Taxonomie. Marktübersicht, Fraunhofer Institute for Secure Information Technology (SIT). Technical report. Darmstadt, Germany: Fraunhofer Institute for Secure Information Technology (SIT).
Withall, S. (2007). Software requirement patterns. Microsoft Press.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Beckers, K. (2015). Validation and Extension of Our Context-Pattern Approach. In: Pattern and Security Requirements. Springer, Cham. https://doi.org/10.1007/978-3-319-16664-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-16664-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16663-6
Online ISBN: 978-3-319-16664-3
eBook Packages: Computer ScienceComputer Science (R0)