Validation and Extension of Our Context-Pattern Approach

Beckers, Kristian

doi:10.1007/978-3-319-16664-3_13

Kristian Beckers²

1330 Accesses

Abstract

The previous chapter introduced our PACTS methodology that supports the establishment of a cloud-specific information security management system (ISMS) compliant to the ISO 27001 standard. In this chapter, we present the results of our collaboration with the industrial partners of the ClouDAT project. The ClouDAT project develops a method including tool support to help small and medium enterprises active in the cloud computing domain to establish an ISO 27001 ISMS. The members of the ClouDAT project decided to base their method on our PACTS method and evaluated our approach. The results of their validation offered valuable insights, which we discuss in this chapter. In addition, the ClouDAT project members were missing a simpler way to formulate security requirements and our collaboration resulted in an extension of PACTS for this purpose. In particular, our joint work focused on the creation of a textual pattern for security requirements, which can be instantiated with elements such as stakeholders from our cloud system analysis pattern.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
ENISA: http://www.enisa.europa.eu.
2.
Cloud Security Alliance (CSA): https://cloudsecurityalliance.org.
3.
The ClouDAT project homepage: http://ti.uni-due.de/ti/clouddat/de/.
4.
Note that SM stands for security management.
5.
The NESSoS project: http://www.nessos-project.eu.
6.
The ClouDAT project: http://ti.uni-due.de/ti/clouddat/de/.
7.
The ClouDAT project: http://ti.uni-due.de/ti/clouddat/de/.

References

Beckers, K., Côté, I., Goeke, L., Güler, S., & Heisel, M. (2013). Structured pattern-based security requirements elicitation for clouds. In Proceedings of the international conference on availability, reliability and security (ARES)—7th international workshop on secure software engineering (SecSE 2013) (pp. 465–474). IEEE Computer Society.
Google Scholar
Beckers, K., Côté, I., & Goeke, L. (2014a). A catalog of security requirements patterns for the domain of cloud computing systems. In Proceedings of the 29th Symposium on Applied Computing (pp. 337–342). ACM.
Google Scholar
Beckers, K., Côté, I., Goeke, L., Güler, S., & Heisel, M. (2014b). A structured method for security requirements elicitation concerning the cloud computing domain. International Journal of Secure Software Engineering (IJSSE), 5(2), 20–43.
Google Scholar
BITKOM. (2009). Cloud-computing—Evolution in der technik, revolution im business.
Google Scholar
BSI. (2010). IT-Grundschutzkataloge. Bonn, Germany: Bundesamt für Sicherheit in der Informationstechnik (BSI)—Federal Office for Information Security Germany. (http://www.bsi.bund.de).
BSI. (2011, August). BSI Grundschutz Homepage. Bonn, Germany: Bundesamt für Sicherheit in der Informationstechnik (BSI)—Federal Office for Information Security Germany. (http://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutznode.html).
Cloud Security Alliance (CSA). (2010). Top threats to cloud computing v1.0. (https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf).
Eclipse Foundation. (2011a). Eclipse—An open development platform [Computer software manual]. (http://www.eclipse.org/).
Eclipse Foundation. (2011b). Eclipse graphical modeling framework (GMF). (http://www.eclipse.org/modeling/gmf/).
Eclipse Foundation. (2012a). Eclipse modeling framework project (EMF). (http://www.eclipse.org/modeling/emf/).
Eclipse Foundation. (2012b). Graphical editing framework project (GEF). (http://www.eclipse.org/gef/).
Essoh, A. D. (2010). Cloud computing und sicherheit–geht denn das? Bonn, Germany: Bundesamt für Sicherheit in der Informationstechnik (BSI)—Federal Office for Information Security Germany. (http://www.bsi.bund.de/cae/servlet/contentblob/808266/publicationFile/46724/07_essoh_bsi.pdf).
Eurocloud. (2010). Eurocloud prüfkatalog.
Google Scholar
European Network and Information Security Agency (ENISA). (2009). Cloud computing—Benefits, risks and recommendations for information security.
Google Scholar
Fabian, B., Gürses, S., Heisel, M., Santen, T., & Schmidt, H. (2010). A comparison of security requirements engineering methods. Requirements Engineering—Special Issue on Security Requirements Engineering, 15(1), 7–40.
Google Scholar
Gartner. (2008). Assessing the security risks of cloud computing. (http://www.gartner.com/id=685308).
ISO/IEC. (2005). Information technology—Security techniques—Information security management systems—Requirements (ISO/IEC 27001). Geneva, Switzerland: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
Google Scholar
ISO/IEC. (2013). Information technology—Security techniques—Information security management systems—Requirements (ISO/IEC 27001). Geneva, Switzerland: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
Google Scholar
Liu, W., He, K.-Q., Zhang, K., & Wang, J. (2008). Combining domain-driven approach with requirement assets for networked software requirements elicitation. In Proceedings of the 2008 IEEE International Conference on Semantic Computing (pp. 354–361). IEEE Computer Society.
Google Scholar
Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud security and privacy. O’Reilly.
Google Scholar
Mell, P., & Grance, T. (2009). Effectively and securely using the cloud-computing paradigm. NIST. (presentation at NIST).
Google Scholar
Palomares, C., Quer, C., Franch, X., Renault, S., & Guerlain, C. (2013). A catalogue of functional software requirement patterns for the domain of content management systems. In Proceedings of the 28th annual acm symposium on applied computing (pp. 1260–1265). ACM.
Google Scholar
Streitberger, W., & Ruppel, A. (2009). Cloud-Computing Sicherheit—Schutzziele. Taxonomie. Marktübersicht, Fraunhofer Institute for Secure Information Technology (SIT). Technical report. Darmstadt, Germany: Fraunhofer Institute for Secure Information Technology (SIT).
Google Scholar
Withall, S. (2007). Software requirement patterns. Microsoft Press.
Google Scholar

Download references

Author information

Authors and Affiliations

paluno-The Ruhr Institute for Software Technology, University of Duisburg-Essen, Duisburg, Germany
Kristian Beckers

Authors

Kristian Beckers
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kristian Beckers .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Beckers, K. (2015). Validation and Extension of Our Context-Pattern Approach. In: Pattern and Security Requirements. Springer, Cham. https://doi.org/10.1007/978-3-319-16664-3_13

Download citation

DOI: https://doi.org/10.1007/978-3-319-16664-3_13
Published: 16 April 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16663-6
Online ISBN: 978-3-319-16664-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics