Abstract
This paper presents a cloud modelling language for defining essential cloud properties, enabling the modelling and reasoning about security issues in cloud environments from a requirements engineering perspective. The relationship between cloud computing and security aspects are described through a meta-model, aligning concepts from cloud computing and security requirements engineering. The central concept of the proposed approach is built around cloud services, where the propagation of relationships from a social perspective, abstract software processes and the foundational infrastructure layer are captured. The proposed concepts are applied on a running example throughout the paper to demonstrate how developers are able to capture and model cloud concepts across multiple conceptual layers, facilitating the understanding of cloud security requirements and the design of security-embedded cloud systems to realise organisational needs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chen, Y., Paxson, V., Katz, R.H.: . Whats new about cloud computing security. University of California, Berkeley, Report No. UCB/EECS-2010-5, 20 January 2010
Vaquero, L.M., Rodero-Merino, L., Caceres, J., Lindner, M.: A break in the clouds: towards a cloud definition. ACM SIGCOMM Comput. Commun. Rev. 39(1), 50–55 (2008)
Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., Ghalsasi, A.: Cloud computing The business perspective. Decis. Support Syst. 51(1), 176–189 (2011)
Horwath, C., Chan, W., Leung, E., Pili, H.: Enterprise Risk Management for Cloud Computing. COSO, Hoboken (2012)
Merrill, T., Kang, T.: Cloud Computing: Is Your Company Weighing Both Benefits & Risks? Ace Group, New York (2014)
Jamshidi, P., Ahmad, A., Pahl, C.: Cloud migration research: a systematic review. IEEE Trans. Cloud Comput. 1(2), 142–157 (2013)
Sengupta, S., Kaulgud, V., Sharma, V.S.: Cloud computing security-trends and research directions. In: 2011 IEEE World Congress on Services (SERVICES), pp. 524–531. IEEE, July 2011
Takabi, H., Joshi, J.B.D., Ahn, G.J.: Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 6, 24–31 (2010)
Almorsy, M., Grundy, J., Müller, I.: An analysis of the cloud computing security problem. In: Proceedings of APSEC 2010 Cloud Workshop, Sydney, Australia, 30th November 2010
Armbrust, M., Fox, A., Grioffith, R., Joseph, A.D., Katz, R., Konwinski, A., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)
Ahuja, S.P., Mani, S., Zambrano, J.: A survey of the state of cloud computing in healthcare. Netw. Commun. Technol. 1(2), 12 (2012)
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007)
Mell, P., Grance, T.: The NIST definition of cloud computing (2011)
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)
Hashizume, K., Rosado, D.G., Fernández-Medina, E., Fernandez, E.B.: An analysis of security issues for cloud computing. J. Internet Serv. Appl. 4(1), 1–13 (2013)
Van Lamsweerde, A.: . Goal-oriented requirements engineering: a guided tour. In: Proceedings of the Fifth IEEE International Symposium on Requirements Engineering, pp. 249–262. IEEE (2001)
Yu, E.: Modelling strategic relationships for process reengineering. Soc. Model. Requir. Eng. 11, 2011 (2011)
Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agents Multi-Agent Syst. 8(3), 203–236 (2004)
Modi, C., Patel, D., Borisaniya, B., Patel, A., Rajarajan, M.: A survey on security issues and solutions at different layers of cloud computing. J. Supercomput. 63(2), 561–592 (2013)
Iankoulova, I., Daneva, M.: . Cloud computing security requirements: a systematic review. In: 2012 Sixth International Conference on Research Challenges in Information Science (RCIS), pp. 1–7. IEEE, May 2012
Li, T., Horkoff, J., Beckers, K., Paja, E., Mylopoulos, J.: . A holistic approach to security attack modeling and analysis. In: Proceedings of the Eighth International i* Workshop (2015)
Beckers, K., et al.: A structured method for security requirements elicitation concerning the cloud computing domain. Int. J. Secur. Softw. Eng. (IJSSE) 5(2), 20–43 (2014)
Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requir. Eng. 15(1), 7–40 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Shei, S., Kalloniatis, C., Mouratidis, H., Delaney, A. (2016). Modelling Secure Cloud Computing Systems from a Security Requirements Perspective. In: Katsikas, S., Lambrinoudakis, C., Furnell, S. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2016. Lecture Notes in Computer Science(), vol 9830. Springer, Cham. https://doi.org/10.1007/978-3-319-44341-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-44341-6_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44340-9
Online ISBN: 978-3-319-44341-6
eBook Packages: Computer ScienceComputer Science (R0)