A catalog of security requirements patterns for the domain of cloud computing systems

Proceedings of the ACM Symposium on Applied Computing

Volumn , Issue , 2014, Pages 337-342

  Beckers, Kristian ^a   Côté, Isabelle ^b   Goeke, Ludger ^b  

^a PALUNO   (Germany)

^b ITESYS GmbH Dortmund   (Germany)

Author keywords

Cloud computing; ISO 27001; Requirements elicitation; Requirements patterns; Security requirements; Security standards

Indexed keywords

COMPUTATION THEORY;

ISO 27001; REQUIREMENTS ELICITATION; REQUIREMENTS PATTERNS; SECURITY REQUIREMENTS; SECURITY STANDARDS;

CLOUD COMPUTING;

EID: 84905648505     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2554850.2554921     Document Type: Conference Paper

References (19)

1. K. Beckers, I. Côté, S. Faßbender, M. Heisel, and S. Hofbauer. A pattern-based method for establishing a cloud-specific information security management system. Requirements Engineering, pages 1-53, 2013.
2. K. Beckers, I. Côté, L. Goeke, S. Güler, and M. Heisel. Structured pattern-based security requirements elicitation for clouds. In Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 7th International Workshop on Secure Software Engineering (SecSE 2013), pages 465-474. IEEE Computer Society, 2013.
3. K. Beckers, S. Faßbender, and M. Heisel. A meta-model approach to the fundamentals for a pattern language for context elicitation. In Proceedings of the 18th European Conference on Pattern Languages of Programs (Europlop), pages -. ACM, 2013. Accepted for Publication.
4. K. Beckers, J.-C. Küster, S. Faßbender, and H. Schmidt. Pattern-based support for context establishment and asset identification of the ISO 27000 in the field of cloud computing. In Proceedings of the International Conference on Availability, Reliability and Security (ARES), pages 327-333. IEEE Computer Society, 2011.
5. BITKOM. Cloud-computing - evolution in der technik, revolution im business, 2009.
6. BSI. It-grundschutzkataloge, 2010. http://www.bsi.bund.de.
7. Cloud Security Alliance (CSA). Top threats to cloud computing, March 2010.
8. A. D. Essoh. Cloud computing und sicherheit - geht denn das?, 2010. https://www.bsi.bund.de/cae/servlet/contentblob/808266/publicationFile/46724/ 07-essoh-bsi.pdf.
9. Eurocloud. Eurocloud prüfkatalog, 2010.
10. European Network and Information Security Agency (ENISA). Cloud computing - benefits, risks and recommendations for information security, 2009.
11. B. Fabian, S. Gürses, M. Heisel, T. Santen, and H. Schmidt. A comparison of security requirements engineering methods Requirements Engineering, 15(1):7-40, 2010.
12. J. Heiser and M. Nicolett. Assessing the security risks of cloud computing, June 2008.
13. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Information technology - Security techniques - Information security management systems - Requirements, 2005.
14. W. Liu, K.-Q. He, K. Zhang, and J. Wang. Combining domain-driven approach with requirement assets for networked software requirements elicitation. In Proceedings of the 2008 IEEE International Conference on Semantic Computing, ICSC '08, pages 354-361, Washington, DC, USA, 2008. IEEE Computer Society.
15. T. Mather, S. Kumaraswamy, and S. Latif. Cloud Security and Privacy. O'Reilly, 2009.
16. P. Mell and T. Grance. Effectively and Securely Using the Cloud-Computing Paradigm. NIST, 2009. presentation at NIST.
17. C. Palomares, C. Quer, X. Franch, S. Renault, and C. Guerlain. A catalogue of functional software requirement patterns for the domain of content management systems. In Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC '13, pages 1260-1265. ACM, 2013.
18. W. Streitberger and A. Ruppel. Cloud-computing sicherheit-schutzziele. taxonomie. marktübersicht, fraunhofer institute for secure information technology (sit). Technical report, Fraunhofer Institute for Secure Information Technology (SIT), 2009.
19. S. Withall. Software Requirement Patterns. MICROSOFT PRESS, 2007.