A goal-driven risk management approach to support security and privacy analysis of cloud-based system

Security Engineering for Cloud Computing: Approaches and Tools

Volumn , Issue , 2012, Pages 97-122

  Islam, Shareeful ^a   Mouratidis, Haralambos ^a   Weippl, Edgar R ^b,c  

^a UNIVERSITY OF EAST LONDON   (United Kingdom)

^b Secure Business Austria ^*  (Austria)

^c VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84881476966     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-4666-2125-1.ch006     Document Type: Chapter

References (35)

1. Bannerman, P. L. (2008). Risk and risk management in software projects: A reassessment. Journal of Systems and Software, 81(12), 2118-2133. doi:10.1016/j.jss.2008.03.059
2. Barry, B. W. (1991). Software risk management: Principles and practices. IEEE Software, 8(1), 32-41. doi:10.1109/52.62930
3. Bruening, P. J., & Treacy, B. C. (2009). Cloud computing: Privacy, security challenges. Bureau of Nat'l Affairs. Retrieved from www.hunton.com
4. Charette, R. N. (1999). The competitive edge of risk entrepreneurs. IT Professional, 1(4), 69-73. doi:10.1109/6294.781627
5. Chen, Y., Paxson, V., & Katz, R. H. (2010). What's new about cloud computing security? (Technical report UCB/EECS-2010-5). EECS Dept., University of California. Retrieved from www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html
6. Choo, K. R. (2010). Cloud computing: Challenges and future directions, Trends & issues in crime and criminal justice. Australian Institute of Criminology, No. 400.
7. Ciriani, V., Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2010). Combining fragmentation and encryption to protect privacy in data storage. ACM Transactions on Information and System Security, 13(3). doi:10.1145/1805974.1805978
8. Cloud Survey. (2008). IT cloud services user survey (2008), pt. 2: Top benefits & challenges. Retrieved from www.blogs.idc.com
9. Dropbox. (2011). Retrieved June 16, 2011, from https://www.dropbox.com
10. Gellman, R. (2009). Privacy in the clouds: Risks to privacy and confidentiality from cloud computing. Retrieved from http://www.worldprivacyforum.org/pdf/WPFCloud_Privacy_Report.pdf.
11. Gong, C., Liu, J., Zhang, Q., Chen, H., & Gong, Z. (2010). The characteristics of cloud computing. Proceedings of the 2010 39th International Conference on Parallel Processing Workshops. Washington, DC: IEEE Computer Society, USA.
12. Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing vulnerabilities. IEEE Security & Privacy Magazine, 9(2), 50-57. doi:10.1109/MSP.2010.115
13. Hardesty, L. (2009). Secure computers aren't so secure. MIT Press. Retrieved from www.physorg.com/news176107396.html
14. Houmb, S. H. (2007). Decision support for choice of security solution- The aspect-oriented risk driven development (AORDD) framework. PhD thesis, Department of Computer and Information Science, Norwegian University of Science and Technology.
15. Islam, S. (2009). Software development risk management model: A goal driven approach. In Proceedings of the Doctoral Symposium for ESEC/ FSE on Doctoral Symposium, The Netherlands.
16. Islam, S. (2011c). Software development risk management model - A goal-driven approach. PhD thesis, Technische Universität München, 2011. Retrieved from http://mediatum.ub.tum.de/
17. Islam, S., & Dong, W. (2008). Human factors in software security risk management. In LMSA '08: Proceedings of the First International Workshop on Leadership and Management in Software Architecture, (pp. 13-16). New York, NY: ACM.
18. Islam, S., & Houmb, S. H. (2010). Integrating risk management activities into requirements engineering. In Proceedings of the 4th IEEE Research International Conference on Research Challenges in IS, Nice, France.
19. Islam, S., & Houmb, S. H. (2011a). Towards a framework for offshore outsource software development risk management model. Journal of Software, 6(1), 38-47. doi:10.4304/jsw.6.1.38-47
20. Islam, S., Mouratidis, H., & Jürjens, J. (2011b). A framework to support alignment of secure software engineering with legal regulations. Journal of Software and Systems Modelling (SoSyM) Theme Section on Non-Functional System Properties in Domain-Specific Modelling Languages, 10(3), 369-394.
21. Karolak, D. (1996). Software engineering risk management. CA, USA: IEEE Computer Society Press.
22. Kontio, J. (2001). Software engineering risk management: A Method, improvement framework and empirical evaluation. PhD thesis, Helsinki University of Technology.
23. Lamsweerde, van A. (2009). Requirements engineering: From system goals to UML models to software specifications. Wiley.
24. Mayer, N., Heymans, P., & Matulevicius, R. (2007). Design of a modelling language for information system security risk management. In Proceedings of the 1st InternationalConference on Research Challenges in Information Science (RCIS 2007), (pp. 121-131).
25. Mouratidis, H. (2004). A security oriented approach in the development of multiagent systems: Applied to the management of the health and social care needs of older people in England. PhD thesis, University of Sheffield, U.K., 2004.
26. Mouratidis, H., & Giorgini, P. (2007)Security attack testing (SAT) - Testing the security of information systems at design time. Information Systems, 32(8), 1166-1183. doi:10.1016/j.is.2007.03.002
27. Mouratidis, H., & Giorgini, P. (2009). Secure Tropos: A security-oriented extension of the Tropos methodology. International Journal of Software Engineering and Knowledge Engineering, 17(2).
28. Mulazzani, M., Schrittwieser, S., Leithner, M., Huber, M., & Weippl, E. (2011). Dark clouds on the horizon: Using cloud storage as attack vector and online slack space. Proceedings of Usenix Security.
29. Proofpoint. (2009). Outbound email and data loss prevention in today's enterprise. Sunnyvale.
30. Roy, G. (2004). A risk management framework for software engineering practice. In Proceedings of the 2004 Australian Software Engineering Conference, IEEE Computer Society.
31. SBA. (2011). Secure Business Austria. Retrieved November 15, 2011, from http://www.sbaresearch.org/research/
32. Stolen, K., den Braber, F., Fredriksen, R., Gran, B. A., & Houmb, S. H., Stama-tiou Y. C., & Aagedal, J. Â. (2007). Model-based risk assessment in a component-based software engineering process -Using the CORAS approach to identify security risks. In F. Barbier (Ed.), Business componentbased software engineering. Kluwer Academic Publishers.
33. Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1). doi:10.1016/j.jnca.2010.07.006
34. Takabi, H., Joshi, J. B. D., & Ahn, G. (2010). Security and privacy challenges in cloud computing environments. IEEE Computer And Reliability Societies. November/December.
35. Viega, J. (2009). Cloud computing and the common man. Computer, 42(8), 106-108. doi:10.1109/MC.2009.252