A framework to support selection of cloud providers based on security and privacy requirements

Journal of Systems and Software

Volumn 86, Issue 9, 2013, Pages 2276-2293

  Mouratidis, Haralambos ^a   Islam, Shareeful ^a   Kalloniatis, Christos ^b   Gritzalis, Stefanos ^b  

^a UNIVERSITY OF EAST LONDON   (United Kingdom)

^b UNIVERSITY OF THE AEGEAN   (Greece)

Author keywords

Cloud computing; Privacy; Secure; software engineering

Indexed keywords

CLOUD SERVICE PROVIDERS; ENGINEERING TECHNIQUES; ON-DEMAND SERVICES; REGULATORY VIOLATIONS; SECURE; SECURITY AND PRIVACY; STRUCTURED APPROACH; STRUCTURED PROCESS;

CLOUD COMPUTING; DATA PRIVACY; SOFTWARE ENGINEERING;

ELECTRONIC DOCUMENT EXCHANGE;

EID: 84881474672     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2013.03.011     Document Type: Article

References (53)

1. M. Armbrust, A. Fox, R. Grifïth, A.D. Joseph, R. Katz, A. Konwinsk, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia Above the clouds: a berkeley view of cloud computing Communications of the ACM 53 4 2010 50 58
2. V. Bellotti, and A. Sellen Design for privacy in ubiquitous computing environments G. Michelis, C. Simone, Schmidt Kjeld Proceedings of the Third European Conference on Computer Supported Cooperative Work (ECSCW) 930 1993 93 108
3. Bruening, P.J.; Treacy, B.C.; 2009. Cloud computing: privacy, security challenges, Bureau of Nat'l Affairs, www.hunton.com.
4. T.D. Breaux, and A.I. Antón Analyzing regulator rules for privacy and security requirements IEEE Transactions on Software Engineering 34 1 (Jan-Feb) 2008
5. C. Cachin, and M. Schunter A cloud you can trust - how to ensure that cloud computing's problems - data breaches, leaks, service outages - don't obscure its virtues IEEE Spektrum 2011 December 2011 28 51
6. Chen, Y.; Paxson, V.; Katz, R.H.; 2010. What's new about cloud computing security, technical report, Dept.; Univ. of California, www.eecs.berkeley.edu/ Pubs/TechRpts/2010/EECS-2010-5.html.
7. K.R. Choo Cloud computing: challenges and future directions, trends & issues in crime and criminal justice Australian Institute of Criminology 400 2010
8. L. Chung Dealing with security requirements during the development of information systems 5th International Conference of Advanced Information Systems Engineering (CAiSe) Paris, France 1993 234 251
9. M. Deng, K. Wuyts, R. Scandariato, B. Preneel, and W. Joosen A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements Requirements Engineering Journal 16 1 2011 3 32
10. W. Dawoud, I. Takouna, and C. Meinel Infrastructure as a service security: challenges and Solutions Proceeding of the 7th International Conference on Informatics and Systems (INFOS). IEEE Computer Society 2010
11. H. Erdogmus Cloud computing: does nirvana hide behind the nebula? IEEE Software 26 2 2009 4 6
12. S. Ferretti, V. Ghini, F. Panzieri, M. Pellegrini, and E. Turrini QoS-aware Clouds Proceeding of 3rd IEEE International Conference on Cloud Computing 2010
13. Gellman, R.; 2009. Privacy in the clouds: risks to privacy and confidentiality from cloud computing. http://www.worldprivacyforum.org/pdf/ WPFCloud-Privacy-Report.pdf.
14. P. Giorgini, J. Mylopoulos, E. Nicchiarelli, and R. Sebastiani Reasoning with goal models Proceedings of the 21st International Conference on Conceptual Modeling (ER) Tampere, Finland, October 2002
15. C. Gong, J. Liu, Q. Zhang, H. Chen, and Z. Gong The characteristics of cloud computing Proceedings of the 2010 39th International Conference on Parallel Processing Workshops, IEEE Computer Society Washington, DC, USA 2010
16. B. Grobauer, T. Walloschek, and E. Stocker Understanding cloud computing vulnerabilities IEEE Security & Privacy Magazine 9 2 2011 50 57
17. P. Giorgini, F. Massacci, and J. Mylopoulos Requirement engineering meets security: a case study on modelling secure electronic transactions by VISA and Mastercard 22nd International Conference On Conceptual Modeling (ER 2003) vol. 2813 of Lecture Notes in Computer Science, Springer 2003 263 276
18. L. Gillam, B. Li, and J. O'Loughlin Adding cloud performance to service level agreements 2nd International Conference on Cloud Computing and Services Science (CLOSER) 2012 SciTePress Portugal
19. J.I. Hong, D. Ng, S. J Lederer, and J.A. Landay Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems 2004 Designing Interactive Systems Boston, MA
20. Q. He, and A.I. Antón A framework for modelling privacy requirements in role engineering Proceedings of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03) Austria, 2003 2003
21. S.H. Houmb, S. Islam, E. Knauss, J. Jürjens, and K. Schneider Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec Requirements Engineering Journal 15 1 (Mar) 2010 63 93
22. S. Islam, and W. Dong Human factors in software security risk management Proceedings of the First International Workshop on Leadership and Management in Software Architecture (LMSA) 2008 ACM New York, NY, USA 13 16
23. S. Islam, H. Mouratidis, and S. Wagner Toward a framework to elicit and manage security and privacy requirements from laws and regulation Proceeding of Requirements Engineering: Foundation for Software Quality (REFSQ) Lecture Notes in Computer Science, vol. 6182/2010 2010 255 261
24. S. Islam, H. Mouratidis, and J. Jürjens A framework to support alignment of secure software engineering with legal regulations Journal of Software and Systems Modelling (SoSyM) 10 3 2011 369 394
25. S. Islam, H. Mouratidis, C. Kalloniatis, A. Hudic, and L. Zechner Model based process to support security and privacy requirements engineering International Journal of Secure Software Engineering (IJSSE) 3 3 2012
26. S. Islam, H. Mouratidis, and E. Weippl A goal-driven risk management approach to support security and privacy analysis of cloud-based system Security Engineering for Cloud Computing: Approaches and Tools 2012 IGI Global Publication United States of America by (an imprint of IGI Global) 701 E. Chocolate Avenue, Hershey, PA 17033
27. A. Khajeh-Hosseini, I. Sommerville, J. Bogaerts, and P. Teregowda Decision support tools for cloud migration in the enterprise Proceeding of IEEE 4th International Conference on Cloud Computing IEEE Computer Society 2011
28. A. Khajeh-Hosseini, D. Greenwood, and I. Sommerville Cloud migration: a case study of migrating an enterprise IT system to IaaS Proceeding of IEEE 3rd International Conference on Cloud Computing IEEE Computer Society 2010
29. C. Kalloniatis, E. Kavakli, and S. Gritzalis Addressing privacy requirements in system design: the PriS method Requirements Engineering Journal 13 3 2008 241 255
30. M. Kolp, P. Giorgini, and J. Mylopoulos A goal-based organizational perspective on multi-agent architectures Proceedings of the 8th International Workshop on Agent Theories, Architectures, and Languages (ATAL-2001) Seattle, USA 2001
31. Kitchenham, B.; Charters, S.; 2007. Guidelines for Performing Systematic Literature Reviews in Software Engineering, Version 2.3. EBSE Technical Report. University of Keele and Durham University.
32. A.K. Massey, P.N. Otto, L.J. Hayward, and A.I. Antón Evaluating existing security and privacy requirements for legal compliance Requirements Engineering Journal 15 1 2010
33. Mouratidis, H.; 2004. A security oriented approach in the development of multiagent systems: applied to the management of the health and social care needs of older people in England. PhD Thesis, University of Sheffield.
34. H. Mouratidis, and P. Giorgini Secure tropos: a security-oriented extension of the tropos methodology International Journal of Software Engineering and Knowledge Engineering 17 2 2007 285 309
35. M.J. May, C.A. Gunter, and I. Lee Privacy APIs: access control techniques to analyse and verify legal privacy policies Proceedings of the 19th Computer Security Foundations Workshop July 2006
36. N.R. Mead, and T. Steheny Security quality requirements engineering (SQUARE) methodology SIGSOFT Software Engineering Notes 30 4 2005 1 7
37. D. Mellado, E. Fernández-Medina, and M. Piattini A common criterion based security requirements engineering process for the development of secure information system Computer Standard and Interfaces 29 2007 244 253
38. M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, and E. Weippl Dark clouds on the horizon: using cloud storage as attack vector and online slack space Proceedings of Usenix Security 2011
39. OMG Software & Systems Process Engineering Meta-Model Specification v.2.0. 2008. http://www.omg.org/spec/SPEM.
40. M. Pavlidis, H. Mouratidis, and S. Islam Modelling security using trust based concepts International Journal of Secure Software Engineering 3 2 2012
41. S. Pearson, and A. Benameur Privacy, Security and Trust Issues Arising from Cloud Computing 2nd IEEE International Conference on Cloud Computing Technology and Science IEEE Computer Society 2010 PRISM UK 693 702 http://www.prismworld.org/en/what-is-prism/what-does-it-deliver
42. D.G. Rosado, E. Fernández-Medina, J. López, and M. Piattini Analysis of secure mobile grid systems: a systematic approach Information & Software Technology 52 5 2010 517 536
43. D.G. Rosado, R. Gomez, D. Mellado, and E. Fernández-Medina Security analysis in the migration to cloud environments Future Internet 4 2 2012
44. J. Rosenberg, and A. Mateos The Cloud at Your Service 2011 Manning Publication Shelter Island, NY
45. S. Subashini, and V. Kavitha A survey on security issues in service delivery models of cloud computing Journal of Network and Computer Applications 34 1 2011
46. G. Sindre, and A.L. Opdahl Eliciting security requirements with misuse cases Requirements Engineering Journal 10 1 2005 34 44
47. Sriram, I.; Khajeh-Hosseini, A.; 2010. Research Agenda in Cloud Technologies, CoRR, CoRR abs/1001.3259:(2010).
48. H. Takabi, J. Joshi, and G. Ahn Security and privacy challenges in cloud computing environments IEEE Computer And Reliability Societies November/December, IEEE Computer Society 2010
49. Cloud Threat. 2010. Top Threats to Cloud Computing Vr. 1.0, Cloud Security Alliance, https://cloudsecurityalliance.org/research/top-threats/.
50. A. Van Lamsweerde, and E. Letier Handling obstacles in goal-oriented requirements engineering IEEE Transactions on Software Engineering 26 2000 978 1005
51. S. Wenzel, C. Wessel, T. Humberg, and J. Jürjens Securing processes for outsourcing into the cloud 2nd International Conference on Cloud Computing and Services Science 2012 SciTePress
52. Yu, E.; 1995. Modelling strategic relationships for process reengineering. Ph.D. thesis, Department of Computer Science, University of Toronto, Canada.
53. S. Zardari, and R. Bahsoon Cloud adoption: a goal-oriented requirements engineering approach Proceedings of the 2nd International Workshop on Software Engineering for Cloud Computing (SECLOUD 2011) 2011 ACM New York, NY, USA 29 35