Kristian Beckers, M. Heisel, Isabelle Côté, Ludger Goeke, Selim Güler
{"title":"基于结构化模式的云安全需求引出","authors":"Kristian Beckers, M. Heisel, Isabelle Côté, Ludger Goeke, Selim Güler","doi":"10.1109/ARES.2013.61","DOIUrl":null,"url":null,"abstract":"Economic benefits make cloud computing systems a very attractive alternative to traditional IT-systems. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. That is why we propose a structured, pattern-based method supporting eliciting security requirements. The method guides a potential cloud customer to model a cloud system via our cloud system analysis pattern. The instantiated pattern establishes the context of a cloud scenario. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transferes the information from the instance to the security requirements patterns. In addition, we have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. We illustrate our method using an online-banking system as running example.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":"{\"title\":\"Structured Pattern-Based Security Requirements Elicitation for Clouds\",\"authors\":\"Kristian Beckers, M. Heisel, Isabelle Côté, Ludger Goeke, Selim Güler\",\"doi\":\"10.1109/ARES.2013.61\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Economic benefits make cloud computing systems a very attractive alternative to traditional IT-systems. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. That is why we propose a structured, pattern-based method supporting eliciting security requirements. The method guides a potential cloud customer to model a cloud system via our cloud system analysis pattern. The instantiated pattern establishes the context of a cloud scenario. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transferes the information from the instance to the security requirements patterns. In addition, we have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. We illustrate our method using an online-banking system as running example.\",\"PeriodicalId\":302747,\"journal\":{\"name\":\"2013 International Conference on Availability, Reliability and Security\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-09-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"17\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2013.61\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2013.61","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Structured Pattern-Based Security Requirements Elicitation for Clouds
Economic benefits make cloud computing systems a very attractive alternative to traditional IT-systems. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. That is why we propose a structured, pattern-based method supporting eliciting security requirements. The method guides a potential cloud customer to model a cloud system via our cloud system analysis pattern. The instantiated pattern establishes the context of a cloud scenario. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transferes the information from the instance to the security requirements patterns. In addition, we have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. We illustrate our method using an online-banking system as running example.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
