A catalog of security requirements patterns for the domain of cloud computing systems

Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI:10.1145/2554850.2554921

Kristian Beckers, Isabelle Côté, Ludger Goeke

{"title":"A catalog of security requirements patterns for the domain of cloud computing systems","authors":"Kristian Beckers, Isabelle Côté, Ludger Goeke","doi":"10.1145/2554850.2554921","DOIUrl":null,"url":null,"abstract":"Security and privacy concerns are essential in cloud computing scenarios, because cloud customers and end customers have to trust the cloud provider with their critical business data and even their IT infrastructure. In projects these are often addressed late in the software development life-cycle, because these are difficult to elicit in cloud scenarios, due to the large amount of stakeholders and technologies involved. We contribute a catalog of security and privacy requirement patterns that support software engineers in eliciting these requirements. As requirements patterns provide artifacts for re-using requirements. This paper shows how these requirements can be classified according to cloud security and privacy goals. Furthermore, we provide a structured method on how to elicit the right requirements for a given scenario. We mined these requirements patterns from existing security analysis of public organizations such as ENISA and the Cloud Security Alliance, from our practical experience in the cloud domain, and from our previous research in cloud security. We validate our requirements patterns in co-operation with industrial partners of the ClouDAT project.","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2554850.2554921","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 28

Abstract

Security and privacy concerns are essential in cloud computing scenarios, because cloud customers and end customers have to trust the cloud provider with their critical business data and even their IT infrastructure. In projects these are often addressed late in the software development life-cycle, because these are difficult to elicit in cloud scenarios, due to the large amount of stakeholders and technologies involved. We contribute a catalog of security and privacy requirement patterns that support software engineers in eliciting these requirements. As requirements patterns provide artifacts for re-using requirements. This paper shows how these requirements can be classified according to cloud security and privacy goals. Furthermore, we provide a structured method on how to elicit the right requirements for a given scenario. We mined these requirements patterns from existing security analysis of public organizations such as ENISA and the Cloud Security Alliance, from our practical experience in the cloud domain, and from our previous research in cloud security. We validate our requirements patterns in co-operation with industrial partners of the ClouDAT project.

查看原文本刊更多论文

云计算系统领域的安全要求模式目录

安全和隐私问题在云计算场景中至关重要，因为云客户和最终客户必须将其关键业务数据甚至 IT 基础设施托付给云提供商。在项目中，这些问题往往在软件开发生命周期的后期才得到解决，因为在云计算场景中，由于涉及大量利益相关者和技术，这些问题很难得到解决。我们提供了一个安全和隐私需求模式目录，可帮助软件工程师激发这些需求。需求模式提供了重用需求的工件。本文展示了如何根据云安全和隐私目标对这些需求进行分类。此外，我们还提供了一种结构化方法，说明如何针对给定场景诱导正确的需求。我们从 ENISA 和云安全联盟等公共组织的现有安全分析、我们在云领域的实践经验以及我们以前的云安全研究中挖掘出了这些需求模式。我们与 ClouDAT 项目的行业合作伙伴合作验证了我们的需求模式。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 29th Annual ACM Symposium on Applied Computing

自引率

0.00%

发文量