Abstract
Bridging the gap between design and implementation stages has been a major concern that deplores designers, analysts and developers for quite a long time during the design and implementation of information systems in traditional environments. This issue grows to bigger dimension with the presence of cloud computing. Designing and modeling an Information System for the Cloud is a major and hard task that most of the traditional software engineering approaches fail to fulfill. In parallel, many respective organisations and respective researchers have highlighted a number of security and privacy challenges that are not present in traditional environments and need special attention when implementing or migrating information systems into a cloud environment. Thus, security and privacy are by themselves two areas that need special attention in the cloud era. This paper moves on to this direction. Specifically, it presents a number of privacy-oriented technical concepts that analysts need to consider when designing and modeling privacy-aware systems in a cloud environment. Also it suggest for every concept a number of implementation techniques that can assist developers in implementing the respective concepts.
Chapter PDF
Similar content being viewed by others
References
Cloud Security Alliance, Top Threats to Cloud Computing V1.0, https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf (retrieved September 22, 2012)
Heiser, J., Nicolett, M.: Assessing the Security Risks of Cloud Computing, white paper, Gartner group, ID Number: G00157782 (June 3, 2008)
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34(1), 1–11 (2010)
Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing V3.0, https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf (retrieved September 22, 2012)
Draft, EU Directive for Security issues in Cloud Computing (2012)
Kalloniatis, C., Kavakli, E., Gritzalis, S.: PriS Methodology: Incorporating Privacy Requirements into the System Design Process. In: Mylopoulos, J., Spafford, G. (eds.) Proceedings of the SREIS 2005 13th IEEE International Requirements Engineering Conference – Symposium on Requirements Engineering for Information Security. IEEE CPS, Paris (2005)
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: The PriS method. Requirements Engineering 13(3), 241–255 (2008)
Kalloniatis, C., Kavakli, E., Kontellis, E.: PRIS tool: A case tool for privacy-oriented Requirements Engineering. Journal of Information Systems Security 6(1), 3–19 (2010)
Kavakli, E., Kalloniatis, C., Loucopoulos, P., Gritzalis, S.: Incorporating Privacy Requirements into the System Design Process: The PriS Conceptual Framework. Internet Research, Special issue on Privacy and Anonymity in the Digital Era: Theory, Technologies and Practice 16(2), 140–158 (2006)
Kalloniats, C., Kavakli, E., Gritzalis, S.: Dealing with Privacy Issues during the System Design Process. In: 5th IEEE International Symposium on Signal Processing and Information Technology, Athens, Greece, December 18-21, pp. 18–21 (2005)
Mouratidis, H., Kalloniatis, C., Islam, S., Huget, M.P., Gritzalis, S.: Aligning Security and Privacy to support the development of Secure Information Systems. Journal of Universal Computer Science (2012)
Mouratidis, H., Giorgini, P.: Secure Tropos: A Security-Oriented Extension Of The Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering (2007)
Mouratidis, Giorgini, P.: Security Attack Testing (SAT) - testing the security of information systems at design time. Inf. Syst. 32(8), 1166–1183 (2007)
Wei, L., et al.: Managing Security of Virtual Machine Images in a Cloud Environment (2009)
Microsoft Technical report: Privacy in the cloud computing era, a Microsoft perspective, Microsoft Corp, Redmond, USA (November 2009)
Sonehara, N., et al.: Isolation in Cloud Computing and Privacy – Enhancing Technologies – Suitability of Privacy – Enchancing Technologies for Separating Data Usage in Business Processes, National Institute of Informatics, Chiyoda-Ku, Tokyo (2005)
Zhang, O.Q., et al.: How To Track Your Data: The Case for Cloud Computing Provenance, HP Laboratories, HPL-2012-11 (2012)
Viswanathan, A., Neuman, B.C.: A survey of isolation techniques. Draft Copy, University of Southern California
Singh, M.D., et al.: A cryptography based privacy preserving solution to mine cloud a data, Infosys Technologies Limited, Bangalore, India (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Manousakis, V., Kalloniatis, C., Kavakli, E., Gritzalis, S. (2013). Privacy in the Cloud: Bridging the Gap between Design and Implementation. In: Franch, X., Soffer, P. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2013. Lecture Notes in Business Information Processing, vol 148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38490-5_41
Download citation
DOI: https://doi.org/10.1007/978-3-642-38490-5_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38489-9
Online ISBN: 978-3-642-38490-5
eBook Packages: Computer ScienceComputer Science (R0)