Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts

Computer Standards and Interfaces

Volumn 36, Issue 4, 2014, Pages 759-775

  Kalloniatis, Christos ^a   Mouratidis, Haralambos ^b   Vassilis, Manousakis ^a   Islam, Shareeful ^b   Gritzalis, Stefanos ^a   Kavakli, Evangelia ^a  

^a UNIVERSITY OF THE AEGEAN   (Greece)

^b UNIVERSITY OF EAST LONDON   (United Kingdom)

Author keywords

Cloud computing; Concepts; Privacy; Requirements; Security; Security and privacy issues

Indexed keywords

EID: 84894259408     PISSN: 09205489     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.csi.2013.12.010     Document Type: Article

References (53)

1. Microsoft technical report: privacy in the cloud computing era, a Microsoft perspective November 2009 Microsoft Corp. Redmond, USA (Last access 12/08/2012)
2. Version one survey results: cloud confusion amongst IT professionals http://www.versionone.co.uk/news/cloud-of-confusion-amongst-it-professionals. php June 24 2009 (Last access 08/09/2012)
3. Cloud Security Alliance Top threats to cloud computing V1.0 https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf (Retrieved 2012-09-22 Last access 09/01/2013)
4. S. Subashini, and V. Kavitha A survey on security issues in service delivery models of cloud computing J. Netw. Comput. Appl. 34 1 2011 1 11
5. S. Islam, H. Mouratidis, and E. Weippl A goal-driven risk management approach to support security and privacy analysis of cloud-based system Book chapter Security Engineering for Cloud Computing: Approaches and Tools 2012 IGI Global Publication
6. S. Pearson, and A. Benameur Privacy, security and trust issues arising from cloud computing 2nd IEEE International Conference on Cloud Computing Technology and Science 2010 IEEE Computer Society UK 693 702
7. C. Gong, J. Liu, Q. Zhang, H. Chen, and Z. Gong The characteristics of cloud computing Proceedings of the 2010 39th International Conference on Parallel Processing Workshops 2010 IEEE Computer Society Washington, DC, USA
8. H. Mouratidis, C. Kalloniatis, S. Islam, M.P. Huget, and S. Gritzalis Aligning security and privacy to support the development of secure information systems J. Univ. Comput. Sci. 18 12 2012 1608 1627
9. C. Kalloniatis, E. Kavakli, and S. Gritzalis Security requirements engineering for egovernment applications: analysis of current frameworks Proceedings of the 3rd International Conference on Electronic Government (EGOV'04) Lecture Notes in Computer Science. 2004 Springer 66 71
10. G. Sindre, and A.L. Opdahl Eliciting security requirements with misuse cases Requir. Eng. J. 10 1 2005 34 44
11. S. Islam, H. Mouratidis, C. Kalloniatis, A. Hudic, and L. Zechner Model based process to support security and privacy requirements engineering International Journal of Secure Software Engineering (IJSSE) vol. 3, No 3 September, 2012 IGI Global Publication
12. Cloud Computing Academic Room 2011 (last access 16/06/2012)
13. Cloud Security Alliance Security guidance for critical areas of focus in cloud computing V3.0 https://cloudsecurityalliance.org/guidance/csaguide.v3.0. pdf 2012 (Last access 09/01/2013)
14. EU opinion 05/2012 on cloud computing 2012 (Last access 09/09/2012)
15. J. Heiser, and M. Nicolett Assessing the Security Risks of Cloud Computing white paper 2008 Gartner Group (ID Number: G00157782 Last access 09/01/2013)
16. R. Baburajan The Rising Cloud Storage Market Opportunity Strengthens Vendors 2011 infoTECH (It.tmcnet.com last access 02/12/2012)
17. Z. Kerravala Yankee Group, Migrating to the cloud is dependent infrastructure 2011 Tech Target. Convergedinfrastructure.com. (last access 2011-12-02).
18. W. Voorsluys, J. Broberg, and R. Buyya Introduction to cloud computing Cloud Computing: Principles and Paradigms 2011 Wiley Press New York, USA 978-0-470-88799-8 1 44
19. Defining cloud services and http://www.cloudreviews.com/blog/what-is-hot- in-cloud-computing cloud computing 09-23-2008 IDC (Last access 09/01/2013)
20. "Jeff Bezos' Risky Bet", Business Week, http://www. businessweek.com/stories/2006-11-12/jeff-bezos-risky-bet, (Last access 09/01/2013).
21. King, Rachael, Cloud computing: small companies take flight, http://www.businessweek.com/stories/2008-08-04/cloud-computing-small-companies- take-flightbusinessweek-business-news-stock-market-and-financial-advice Businessweek. (Last access 09/12/2012).
22. Defining and Measuring Cloud Elasticity, KIT Software Quality Departement. http://digbib.ubka.uni-karlsruhe.de/volltexte/1000023476. (Last access 13/08/2012).
23. Economies of Cloud Scale Infrastructure 2011 Cloud Slam (Last access 13/05/2012)
24. Farber, Dan. The new geek chic: data centers. http://news.cnet.com/8301- 13953-3-9977049-80.html CNET News. (Last access 22/08/2012).
25. B. Kitchenham, and S. Charters Guidelines for performing systematic literature reviews in software engineering, version 2.3 EBSE Technical Report 2007 University of Keele and Durham University
26. M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou Security and privacy in cloud computing: a survey Proceeding of 6th IEEE International Conference on Semantics, Knowledge and Grids 2010
27. J. Szefer, and R.B. Lee A case for hardware protection of guest VMs from compromised hypervisors in cloud computing ICDCS Workshops 2011 248 252
28. X. Yu, and Q. Wen A view about cloud data security from data life cycle International Conference on Computational Intelligence and Software Engineering (CiSE) 2010 IEEE 1 4
29. F. Sabahi Cloud computing threats and responses Proceeding of 3rd IEEE International Conference on Communication Software and Networks (ICCSN) 2011
30. B. Grobauer, and T. Schreck Towards incident handling in the cloud: challenges and approaches Proceedings of the ACM workshop on Cloud computing security workshop (CCSW 2010) 2010 ACM New York 978-1-4503-0089-6 77 86
31. J. Wei, X. Zhang, G. Ammons, V. Bala, and P. Ning Managing security of virtual machine images in a cloud environment Proceedings of the ACM workshop on Cloud computing security 2009 ACM New York, NY, USA 978-1-60558-784-4 91 96
32. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage Hey, You, get off of my cloud: exploring information leakage in third-party compute clouds Proceedings of the 16th ACM conference on Computer and communications security (CCS 2009) 2009 ACM New York 978-1-60558-894-0 199 212
33. T. Grance, and W. Jansen Guidelines on Security and Privacy in Public Cloud Computing 2011 National Institute of Standards and Technology (last access 18/01/2013)
34. C. Kalloniatis, E. Kavakli, and S. Gritzalis PriS methodology: incorporating privacy requirements into the system design process J. Mylopoulos, G. Spafford, Proceedings of the SREIS 2005 13th IEEE International Requirements Engineering Conference - Symposium on Requirements Engineering for Information Security August 2005 IEEE CPS Paris, France
35. C. Kalloniatis, E. Kavakli, and S. Gritzalis Addressing privacy requirements in system design: the PriS method Requir. Eng. J. 13 3 2008 241 255
36. C. Kalloniatis, E. Kavakli, and E. Kontellis PRIS tool: a case tool for privacy-oriented Requirements Engineering Journal of Information Systems Security vol. 6, No. 1 2010 AIS SIGSEC 3 19 (University of the Aegean, E-Vote: An Internet-based electronic voting system. University of the Aegean, Project Deliverable D 7.6, IST Programme 2000#29518, 21/11/2003, Samos)
37. E. Kavakli, C. Kalloniatis, P. Loucopoulos, and S. Gritzalis Incorporating privacy requirements into the system design process: the PriS conceptual framework Internet Research, Special issue on Privacy and Anonymity in the Digital Era: Theory, Technologies and Practice vol. 16, No 2 2006 140 158
38. C. Kalloniats, E. Kavakli, and S. Gritzalis Dealing with privacy issues during the system design process 5th IEEE International Symposium on Signal Processing and Information Technology December 18-21, 2005 IEEE CPS Athens, Greece
39. S.H. Houmb, S. Islam, E. Knauss, J. Jürjens, and K. Schneider Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec Requirements Engineering Journal 15(1) March 2010 Springer-Verlag 63 93
40. "Cloud security and privacy: what is the data life cycle?" Programming 4 Us 2010 http://mscerts.programming4.us/ (Last access 29/10/2012)
41. European Parliament and the Council: Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and of the free movement of such data October 1995
42. J.C. Cannon Privacy, What Developers and IT Professionals Should Know 2004 Addison-Wesley
43. S. Fischer-Hübner IT-security and privacy, design and use of privacy enhancing security mechanisms Lecture Notes in Computer Science vol. 1958 2001 Springer-Verlag Berlin Heidelberg New York
44. B. Pfitzmann, M. Waidner, and A. Pfitzmann Rechsicherheit trotz Anonymität in offenen digitalen Systemen Datenschutz Datensicherheit (DuD) 6 1990 243 253 (Part 1, No. 7 305-315 Part 2)
45. A. Pfitzmann Diensteinte-grierende Kommunika-tionsmnetze mit teilnehmerüberprüfbaren Datenschutz Informatik-Fachberichte 234 1990 Springer-Verlag Berlin Heidelberg New York
46. H. Mouratidis, and P. Giorgini Secure Tropos: a security-oriented extension of the Tropos methodology International Journal of Software Engineering and Knowledge Engineering 2006 © World Scientific Publishing Company
47. E. Kavakli, S. Gritzalis, and C. Kalloniatis Protecting privacy in system design: the electronic voting case Transform. Gov. People Process Policy 1 4 2007 307 332
48. C. Kalloniatis, E. Kavakli, and S. Gritzalis Methods for designing privacy aware information systems: a review V. Chrysikopoulos, N. Alexandris, C. Douligeris, S. Sioutas, Proceedings of the PCI 2009 13th Pan-Hellenic Conference on Informatics September 2009 IEEE CPS Conference Publishing Services Corfu, Greece 185 194
49. S. Islam, H. Mouratidis, and S. Wagner Toward a framework to elicit and manage security and privacy requirements from laws and regulation Proceeding of Requirements Engineering: Foundation for Software Quality (REFSQ) Lecture Notes in Computer Science vol. 6182/2010 2010 255 261
50. A.K. Massey, P.N. Otto, L.J. Hayward, and A.I. Antón Evaluating existing security and privacy requirements for legal compliance Requirements Engineering Journal vol. 15, No1 2010 Springer-Verlag
51. M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, and E. Weippl Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space Proceedings of Usenix Security 2011
52. A. Khajeh-Hosseini, I. Sommerville, J. Bogaerts, and P. Teregowda Decision support tools for cloud migration in the enterprise proceeding of IEEE 4th International Conference on Cloud Computing 2011 IEEE Computer Society
53. B. Grobauer, T. Walloschek, and E. Stocker Understanding cloud computing vulnerabilities IEEE Secur. Priv. Mag. 9 2 2011 50 57