Cloud computing security requirements: A systematic review

Proceedings - International Conference on Research Challenges in Information Science

Volumn , Issue , 2012, Pages

  Iankoulova, Iliana ^a   Daneva, Maya ^a  

^a UNIVERSITY OF TWENTE   (Netherlands)

Author keywords

cloud computing; empirical study; sequirity requirements engineering; Software as a Service; systematic literature review

Indexed keywords

COMPUTING SECURITY; EMPIRICAL STUDIES; NON-REPUDIATION; PHYSICAL PROTECTION; SECURITY REQUIREMENTS; SOFTWARE-AS-A-SERVICE; SUB-AREAS; SYSTEMATIC LITERATURE REVIEW; SYSTEMATIC REVIEW;

ACCESS CONTROL; CLOUD COMPUTING; INFORMATION SCIENCE; LAW ENFORCEMENT;

RESEARCH;

EID: 84865031080     PISSN: 21511349     EISSN: 21511357     Source Type: Conference Proceeding    
DOI: 10.1109/RCIS.2012.6240421     Document Type: Conference Paper

References (63)

1. W. Huang and J. Yang, "New network security based on cloud computing," in 2nd Int. Workshop on Education Technology and Computer Science, 2010, pp. 604-609.
2. K. Popović and Z. Hocenski, "Cloud computing security issues and challenges," 33rd Int. Convention on Information and Communication Technology, Electronics and Microelectronics, 2010, pp. 344-349.
3. D. Firesmith, "Specifying reusable security requirements," J of Object Technology, 3(1), 2004, pp. 61-75.
4. L. M. Vaquero, L. Rodero-Merino, and D. Morán, "Locking the sky: A survey on IaaS cloud security," Computing 91(1), 2011, pp. 93-118.
5. B. Hay, K. Nance, and M. Bishop, "Storm clouds rising: Security challenges for IaaS cloud computing," HICSS, 2011, pp. 1-7.
6. D. Mellado, C. Blanco, L. E. Sánchez, and E. Fernández- Medina, "A systematic review of security requirements engineering," Computer Standards & Interfaces, 32(4), 2010, pp. 153-165.
7. J. Webster and R. Watson, "Analyzing the Past to Prepare for the Future: Writing a Literature Review," MISQ, 26(2) 2002, pp. 13-23.
8. B. A. Kitchenham, "Procedures for undertaking systematic reviews," CS Dep. Keele University, 2004.
9. S.A. Almulla and C. Y. Yeun, "Cloud computing security management," ICESMA 2010, pp. 1-7.
10. H. Sato, A. Kanai, and S. Tanimoto, "Building a security aware cloud by extending internal control to cloud," ISADS 2011, pp. 323-326.
11. W. Zhou, M. Sherr, W. R. Marczak, Z. Zhang, T. Tao, B. T. Loo, and I. Lee, "Towards a data-centric view of cloud security," Int Conf on Information and Knowledge Management, 2010, pp. 25-32.
12. P. Prasad, B. Ojha, R. R. Shahi, R. Lal, A. Vaish, and U. Goel, "3 Dimensional security in cloud computing," ICCRD 2011 (3), pp. 198-201.
13. J. Xue and J. Zhang, "A brief survey on the security model of cloud computing," Int. Symp. on Distributed Computing and Applications to Business, Engineering and Science, 2010, pp. 475-478.
14. Y. Karabulut and I. Nassi, "Secure enterprise services consumption for SaaS technology platforms," ICDE 2009, pp. 1749-1756.
15. S.-H. Na, J.-Y. Park, and E.-N. Huh, "Personal cloud computing security framework," IEEE Asia-Pacific Services Computing Conference, 2010, pp. 671-675.
16. M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono, "On technical security issues in cloud computing," CLOUD 2009, pp. 109-116.
17. M. Townsend, "Managing a security program in a cloud computing environment," IInfoSecCD 2009, pp. 128-133.
18. H. Wu, Y. Ding, L. Yao, and C. Winer, "Network security for virtual machine in cloud computing," Int Conf on Computer Sciences and Convergence Information Technology, 2010, pp. 18-21.
19. D. Li, C. Liu, Q. Wei, Z. Liu, and B. Liu, "RBAC-based access control for SaaS systems," ICIECS 2010, pp. 1-4.
20. A. Celesti, F. Tusa, M. Villari, and A. Puliafito, "Security and cloud computing: Intercloud identity management infrastructure," WET ICE 2010, pp. 263-265.
21. Q. Liu, C. Weng, M. Li, and Y. Luo, "An In-VM measuring framework for increasing virtual machine security in clouds," IEEE Security & Privacy, 8(6), pp. 56-62, 2010.
22. L. Sumter, "Cloud computing: Security risk," Annual Southeast Conference, 2010.
23. N. Hawthorn, "Finding security in the cloud," Computer Fraud and Security, 2009(10), pp. 19-20, 2009.
24. T. Jia and X. Wang, "The construction and realization of the intelligent NIPS based on the cloud security," Int. Conf on Information Science and Engineering, 2009, pp. 1885-1888.
25. C. Zhong, J. Zhang, Y. Xia, and H. Yu, "Construction of a trusted SaaS platform," SOSE 2010, pp. 244-251.
26. B. R. Kandukuri, P. V. Ramakrishna, and A. Rakshit, "Cloud security issues," SCC 2009 pp. 517-520.
27. P. Schoo, V. Fusenig, V. Souza, M. Melo, P. Murray, H. Debar, H. Medhioub, and D. Zeghlache, "Challenges for cloud networking security," HP Laboratories Technical Report, no. 137, 2010, pp. 1-17.
28. G. Zhao, C. Rong, M. G. Jaatun, and F. E. Sandnes, "Deployment models: Towards eliminating security concerns from cloud computing," HPCS 2010, pp. 189-195.
29. A. Jasti, P. Shah, R. Nagaraj, and R. Pendse, "Security in multi-tenancy cloud," Int. Carnahan Conference on Security Technology, 2010, pp. 35-41.
30. M. Christodorescu, R. Sailer, D. L. Schales, D. Sgandurra, and D. Zamboni, "Cloud security is not (just) virtualization security: A short paper," ACM CCCS 2009, pp. 97-102.
31. S. Berger et al., "Security for the cloud infrastructure: Trusted virtual data center implementation," IBM Journal of Research and Development, 53(4), 2009.
32. F. Liu, W. Guo, Z. Q. Zhao, and W. Chou, "SaaS integration for software cloud," CLOUD 2010, pp. 402-409
33. J. Feng, Y. Chen, and P. Liu, "Bridging the missing link of cloud data storage security in AWS," Consumer Communications and Networking Conf, 2010 .
34. P. S. Kumar, R. Subramanian, and D. T. Selvam, "Ensuring data storage security in cloud computing using Sobol sequence," PDGC 2010, pp. 217-222.
35. H.-C. Li, P. Liang, J. Yang, and S. Chen, "Analysis on cloud-based security vulnerability assessment," ICEBE 2010, pp. 490-494.
36. F. Lombardi and R. Di Pietro, "Transparent security for cloud," ACM SAC 2010, pp. 414-415.
37. K. Wood and E. Pereira, "An investigation into cloud configuration and security," ICITST 2010, pp. 1-6.
38. S. Bleikertz, M. Schunter, C. W. Probst, D. Pendarakis, and K. Eriksson, "Security audits of multi-tier virtual infrastructures in public infrastructure clouds," ACM CCCS 2010, pp. 93-102.
39. R. Marty, "Cloud application logging for forensics," ACM SAC, 2011, pp. 178-184.
40. B. Gowrigolla, S. Sivaji, and M. R. Masillamani, "Design and auditing of Cloud computing security," ICIAfS 2010, pp. 292-297.
41. W. Dawoud, I. Takouna, and C. Meinel, "Infrastructure as a service security: Challenges and solutions," INFOS 2010, pp.1-8.
42. S. Bertram, M. Boniface, M. Surridge, N. Briscombe, and M. Hall-May, "On-demand dynamic security for risk-based secure collaboration in clouds," CLOUD 2010, pp. 518-525.
43. R. M. Savola, A. Juhola, and I. Uusitalo, "Towards wider cloud service applicability by security, privacy and trust measurements," AICT 2010.
44. I. Muttik and C. Barton, "Cloud security technologies," Information Security Technical Report, 14(1) 2009, pp. 1-6.
45. Y. Shi, K. Zhang, and Q. Li, "Meta-data driven data chunk based secure data storage for SaaS," IJ DCTA, 5(1), 2011pp. 173-185.
46. Z. Qiang and C. Dong, "Enhance the user data privacy for SAAS by separation of data," Int Conf on Information Management, Innovation Management and Industrial Engineering, ICIII 2009 (3), pp. 130-132.
47. Z. Shen and Q. Tong, "The security of cloud computing system enabled by trusted computing technology," ICSPS 2010 (2), p. V211-V215
48. J. Feng, Y. Chen, D. Summerville, W.-S. Ku, and Z. Su, "Enhancing cloud storage security against roll-back attacks with a new fair multi-party non-repudiation protocol," CNNC 2011, pp. 521-522.
49. X. Yu and Q. Wen, "A view about cloud data security from data life cycle," cycle," CiSE 2010.
50. J. Arshad, P. Townend, and J. Xu, "Quantification of security for compute intensive workloads in clouds," ICPADS, 2009, pp. 479-486.
51. G. Peterson, "Don't trust. and verify: A security architecture stack for the cloud," IEEE Security & Privacy, 8(5), 2010, pp. 83-86.
52. C.-L. Tsai and U.-C. Lin, "Information security of cloud computing for enterprises," Advances in ISSS 3(1), 2011, pp. 132-142.
53. S. Pearson and A. Benameur, "Privacy, security and trust issues arising from cloud computing," CloudCom 2010, pp. 693-702.
54. H. Takabi, J. B. D. Joshi, and G.-J. Ahn, "Security and privacy challenges in cloud computing environments," IEEE Security & Privacy, 8(6), 2010, pp. 24-31.
55. K. M. Khan, "Security dynamics of cloud computing," Cutter IT Journal, 22(6-7), 2009, pp. 38-43.
56. N. Oza, K. Karppinen, and R. Savola, "User experience and security in the cloud - An empirical study in the Finnish Cloud Consortium," CloudCom 2010, pp. 621-628.
57. X. Jing, J. Tang, D. He, and Y. Zhang, "Security scheme for sensitive data in management-type SaaS," Int Conf on Information Management, Innovation Management and Industrial Engineering, ICIII 2009 (4), pp. 47-50
58. S. Ramgovind, M. M. Eloff, and E. Smith, "The management of security in cloud computing," ISSA 2010, pp. 1-7.
59. Z. He and Y. He, "Analysis on the security of cloud computing," SPIE - The International Society for Optical Engineering, 2011, vol. 7752.
60. W. A. Jansen, "Cloud hooks: Security and privacy issues in cloud computing," in HICSS 2011, pp.1-10.
61. C. Bǎsescu, C. Leordeanu, A. Costan, A. Carpen-Amarie, and G. Antoniu, "Managing data access on clouds: A generic framework for enforcing security policies," AINA, 2011, pp. 459-466.
62. P. Wainewright, "Lightning strike zaps EC2 Ireland | ZDNET," 2011. [Online]. Available: http://www.zdnet.com/blog/saas/lightning-strike-zaps- ec2-ireland/1382?tag=search-results-rivers;item0. [Accessed: 24-Sep-2011].
63. L. Chung, B.A. Nixon, E. Yu, and J. Mylopoulos, Non-functional Requirements in Software Engineering, Springer, 2000.