Evaluating cloud deployment scenarios based on security and privacy requirements

Requirements Engineering

Volumn 18, Issue 4, 2013, Pages 299-319

  Kalloniatis, Christos ^a   Mouratidis, Haralambos ^b   Islam, Shareeful ^b  

^a UNIVERSITY OF THE AEGEAN   (Greece)

^b UNIVERSITY OF EAST LONDON   (United Kingdom)

Author keywords

Cloud; Cloud deployment model; Cloud migration; Privacy requirements; Security requirements

Indexed keywords

CLOUD COMPUTING SECURITIES; CLOUD DEPLOYMENTS; CLOUD ENGINEERINGS; CLOUD MIGRATIONS; PRIVACY REQUIREMENTS; SECURITY AND PRIVACY; SECURITY REQUIREMENTS; STRATEGIC DECISIONS;

CLOUD COMPUTING; CLOUDS;

DATA PRIVACY;

EID: 84886639116     PISSN: 09473602     EISSN: 1432010X     Source Type: Journal    
DOI: 10.1007/s00766-013-0166-7     Document Type: Article

References (25)

1. Microsoft Technical Report (2009) Privacy in the cloud computing era, a Microsoft perspective. Microsoft Corp, Redmond.
2. Islam S, Mouratidis H, Weippl E (2012) A goal-driven risk management approach to support security and privacy analysis of cloud-based system. In: Rosado DG, Mellado D, Fernández-Medina E, Piattini M (eds) Security engineering for cloud computing: approaches and tools. IGI Global Publication, Hershey.
3. Version one survey results: cloud confusion amongst IT professionals. http://www. versionone. co. uk/news/cloud-of-confusion-amongst-it-professionals. php. 24 June 2009.
4. Pearson S, Benameur A (2010) Privacy, security and trust issues arising from cloud computing. In: 2nd IEEE International conference on cloud computing technology and science, IEEE Computer Society, UK, pp 693-702.
5. Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. IEEE Security Priv Mag 9(2): 50-57.
6. Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3): 241-255.
7. Houmb SH, Islam S, Knauss E, Jürjens J, Schneider K (2010) Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec. Requir Eng J 15(1): 63-93.
8. Islam S, Mouratidis H, Kalloniatis C., Hudic A, Zechner L, (2012a). Model based process to support security and privacy requirements engineering. Int J Secur Softw Eng 3(3): 1-22, IGI Global Publication.
9. Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng J 10(1): 34-44.
10. Khajeh-Hosseini A, Sommerville I, Bogaerts J, Teregowda P (2011) Decision support tools for cloud migration in the enterprise. In: proceeding of IEEE 4th international conference on cloud computing. IEEE Computer Society.
11. Baburajan R The rising cloud storage market opportunity strengthens vendors. infoTECH, August 24, 2011 It. tmcnet. com. Retrieved 2011-12-02.
12. Kerravala Z, Yankee Group Migrating to the cloud is dependent infrastructure, Tech Target. Convergedinfrastructure. com. Retrieved 2011-12-02.
13. Voorsluys W, Broberg J, Buyya R (2011) Introduction to cloud computing. In: Buyya R, Broberg J, Goscinski A (eds) A cloud computing: principles and paradigms. Wiley, New York, pp 1-44 ISBN 978-0-470-88799-8.
14. Bruening PJ, Treacy BC (2009) Privacy & security law report: privacy, security issues raised by cloud computing. The Bureau of National Affairs, Virginia.
15. Yu E (1995) Modelling strategic relationships for process reengineering, PhD thesis, Department of computer science, University of Toronto, Canada.
16. Mouratidis H, Giorgini P (2006) Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng 17(2): 285-309 © World Scientific Publishing Company.
17. Kavakli E, Gritzalis S, Kalloniatis C (2007) Protecting privacy in system design: the electronic voting case. Transform Gov People Process Policy 1(4): 307-332.
18. Gong C, Liu J, Zhang Q, Chen H Gong Z (2010) The Characteristics of Cloud Computing. In: proceedings of the 2010 39th International Conference on Parallel Processing Workshops, IEEE Computer Society Washington.
19. Mouratidis H, Kalloniatis C, Islam S, Huget MP, Gritzalis S (2012) Aligning security and privacy to support the development of secure information systems. J of Univers Comput Sci 18(12): 1608-1627.
20. Kalloniatis C, Kavakli E, Gritzalis S (2005) Dealing with privacy issues during the system design process In: Serpanos D et al. (eds), Proceedings of the ISSPIT'05 5th IEEE International symposium on signal processing and information technology. Dec 2005, Athens, Greece, IEEE CPS Conference Publishing Services pp 546-551.
21. Kalloniatis C, Kavakli E, Gritzalis S, Methods for designing privacy aware information systems: a review, In: Chrysikopoulos V, Alexandris N, Douligeris C, Sioutas S (eds), Proceedings of the PCI 2009 13th Pan-Hellenic conference on informatics, Sept 2009, Corfu, Greece, IEEE CPS Conference Publishing Services pp. 185-194.
22. Islam S, Mouratidis H, Wagner S (2010) Toward a framework to elicit and manage security and privacy requirements from laws and regulation, In: Proceeding of requirements engineering: foundation for software quality(REFSQ), Lecture notes in computer science, Vol 6182/2010, pp 255-261.
23. Massey AK, Otto PN, Hayward LJ, Antón AI (2010) Evaluating existing security and privacy requirements for legal compliance. Requir Eng J 15(1): 119-137.
24. Mulazzani M, Schrittwieser S, Leithner M, Huber M, Weippl E (2011). Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In: Proceedings of Usenix Security.
25. Vivas JL, Agudo I, Lopez J (2011) A methodology for security assurance-driven system development. Requir Eng 16(1): 55-73. doi: 10. 1007/s00766-010-0114-8.