Structured pattern-based security requirements elicitation for clouds

Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Volumn , Issue , 2013, Pages 465-474

  Beckers, Kristian ^a   Heisel, Maritta ^a   Côté, Isabelle ^b   Goeke, Ludger ^b   Güler, Selim ^b  

^a UNIVERSITY OF DUISBURG ESSEN   (Germany)

^b ITESYS Institute for Technical Systems GmbH   (Germany)

Author keywords

Cloud computing; ISO 27001; Requirements patterns; Security requirements engineering; Security standards

Indexed keywords

CLOUD COMPUTING SERVICES; CLOUD ENVIRONMENTS; ECONOMIC BENEFITS; ISO 27001; REQUIREMENTS PATTERNS; SECURITY REQUIREMENTS; SECURITY REQUIREMENTS ENGINEERING; SECURITY STANDARDS;

CLOUD COMPUTING; REQUIREMENTS ENGINEERING; SYSTEMS ANALYSIS; TOOLS;

COMPUTER SYSTEMS;

EID: 84892399229     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2013.61     Document Type: Conference Paper

References (19)

1. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, "Above the clouds: A berkeley view of cloud computing," Berkeley, Tech. Rep., 2009.
2. P. Mell and T. Grance, "The NIST definition of cloud computing," Special Publication 800-145 of the National Institute of Standards and Technology (NIST), 2011.
3. L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, "A break in the clouds: Towards a cloud definition," SIGCOMM Computer Communication Review, vol. 39, no. 1, pp. 50-55, 2008.
4. K. Beckers, J.-C. Kuster, S. Faßbender, and H. Schmidt, "Pattern-based support for context establishment and asset identification of the ISO 27000 in the field of cloud computing," in ARES. IEEE Computer Society, 2011, pp. 327-333.
5. UML Revision Task Force, OMG Unified Modeling Language: Superstructure, Object Management Group (OMG), May 2010.
6. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), "Information technology-Security techniques-Information security management systems-Requirements," 2005.
7. B. Fabian, S. Gurses, M. Heisel, T. Santen, and H. Schmidt, "A comparison of security requirements engineering methods," Requirements Engineering-Special Issue on Security Requirements Engineering, vol. 15, no. 1, pp. 7-40, 2010.
8. S. Withall, Software Requirement Patterns. MICROSOFT PRESS, 2007.
9. Cloud Security Alliance, "Security Guidance for Critical Areas of Focus in Cloud Computing," December 2009.
10. C. S. Alliance, "Top threats to cloud computing," March 2010.
11. J. Heiser and M. Nicolett, "Assessing the security risks of cloud computing," June 2008.
12. European Network and Information Security Agency, "Cloud computing-benefits, risks and recommendations for information security," 2009.
13. Eclipse Foundation, Eclipse-An Open Development Platform, 2011, http://www.eclipse.org/.
14. -, "Eclipse Modeling Framework Project (EMF)," June 2012, http://www.eclipse.org/modeling/emf/.
15. -, "Graphical Editing Framework Project (GEF)," June 2012, http://www.eclipse.org/gef/.
16. -, "Eclipse Graphical Modeling Framework (GMF)," 2011, http://www.eclipse.org/modeling/gmf/.
17. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns: Integrating Security and Systems Engineering. Wiley, 2006.
18. E. B. Fernandez, J. C. Pelaez, and M. M. Larrondo-Petrie, "Security patterns for voice over ip networks," in ICCGI. Washington, DC, USA: IEEE Computer Society, 2007, pp. 19-29.
19. M. Hafiz, "A collection of privacy design patterns," in PLoP, ser. PLoP '06. ACM, 2006, pp. 7:1-7:13.