A security requirements modelling language to secure cloud computing environments

Shaun Shei; Haralambos Mouratidis; Aidan Delaney

doi:10.1007/978-3-319-59466-8_21

A security requirements modelling language to secure cloud computing environments

Shaun Shei, Haralambos Mouratidis, Aidan Delaney

Centre for Secure, Intelligent and Usable Systems

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

This paper presents a cloud-enhanced modelling language for capturing and describing cloud computing environments, enabling developers to model and reason about security issues in cloud systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cloud computing concepts, relationships and properties in order to carry out analysis and produce cloud security requirements. We illustrate our concepts through a case study of a cloud-based career office system from the University of the Aegean. Finally we discuss how our cloud modelling language enriches cloud models with security concepts, guiding developers of cloud systems in understanding cloud vulnerabilities and mitigation strategies through semi-automated security analysis.

Original language	English
Title of host publication	Enterprise, Business-Process and Information Systems Modeling - 18th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017 Held at CAiSE 2017, Proceedings
Publisher	Springer-Verlag
Pages	337-345
Number of pages	9
ISBN (Print)	9783319594651
DOIs	https://doi.org/10.1007/978-3-319-59466-8_21
Publication status	Published - 17 May 2017
Event	18th International Conference on Business Process Modeling, Development and Support, BPMDS 2017 and 22nd International Conference on Evaluation and Modeling Methods for Systems Analysis and Development, EMMSAD 2017 held at Conference on Advanced Information Systems Engineering, CAiSE 2017 - Essen, Germany Duration: 12 Jun 2017 → 13 Jun 2017

Publication series

Name	Lecture Notes in Business Information Processing
Volume	287
ISSN (Print)	1865-1348

Conference

Conference	18th International Conference on Business Process Modeling, Development and Support, BPMDS 2017 and 22nd International Conference on Evaluation and Modeling Methods for Systems Analysis and Development, EMMSAD 2017 held at Conference on Advanced Information Systems Engineering, CAiSE 2017
Country/Territory	Germany
City	Essen
Period	12/06/17 → 13/06/17

Bibliographical note

The final authenticated version is
available online at https://doi.org/10.1007/978-3-319-59466-8_21

Keywords

Cloud
Cloud security requirements
Meta-model
modelling language
Security requirements engineering

Access to Document

10.1007/978-3-319-59466-8_21

A Security Requirements Modelling Language to Secure Cloud Computing EnvironmentsAccepted author manuscript, 197 KB

Cite this

Shei, S., Mouratidis, H., & Delaney, A. (2017). A security requirements modelling language to secure cloud computing environments. In Enterprise, Business-Process and Information Systems Modeling - 18th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017 Held at CAiSE 2017, Proceedings (pp. 337-345). (Lecture Notes in Business Information Processing; Vol. 287). Springer-Verlag. https://doi.org/10.1007/978-3-319-59466-8_21

Shei, Shaun ; Mouratidis, Haralambos ; Delaney, Aidan. / A security requirements modelling language to secure cloud computing environments. Enterprise, Business-Process and Information Systems Modeling - 18th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017 Held at CAiSE 2017, Proceedings. Springer-Verlag, 2017. pp. 337-345 (Lecture Notes in Business Information Processing).

@inproceedings{d1351538fa914932b7bcf724944f9e9c,

title = "A security requirements modelling language to secure cloud computing environments",

abstract = "This paper presents a cloud-enhanced modelling language for capturing and describing cloud computing environments, enabling developers to model and reason about security issues in cloud systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cloud computing concepts, relationships and properties in order to carry out analysis and produce cloud security requirements. We illustrate our concepts through a case study of a cloud-based career office system from the University of the Aegean. Finally we discuss how our cloud modelling language enriches cloud models with security concepts, guiding developers of cloud systems in understanding cloud vulnerabilities and mitigation strategies through semi-automated security analysis.",

keywords = "Cloud, Cloud security requirements, Meta-model, modelling language, Security requirements engineering",

author = "Shaun Shei and Haralambos Mouratidis and Aidan Delaney",

note = "The final authenticated version is available online at https://doi.org/10.1007/978-3-319-59466-8_21; 18th International Conference on Business Process Modeling, Development and Support, BPMDS 2017 and 22nd International Conference on Evaluation and Modeling Methods for Systems Analysis and Development, EMMSAD 2017 held at Conference on Advanced Information Systems Engineering, CAiSE 2017 ; Conference date: 12-06-2017 Through 13-06-2017",

year = "2017",

month = may,

day = "17",

doi = "10.1007/978-3-319-59466-8_21",

language = "English",

isbn = "9783319594651",

series = "Lecture Notes in Business Information Processing",

publisher = "Springer-Verlag",

pages = "337--345",

booktitle = "Enterprise, Business-Process and Information Systems Modeling - 18th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017 Held at CAiSE 2017, Proceedings",

}

Shei, S, Mouratidis, H & Delaney, A 2017, A security requirements modelling language to secure cloud computing environments. in Enterprise, Business-Process and Information Systems Modeling - 18th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017 Held at CAiSE 2017, Proceedings. Lecture Notes in Business Information Processing, vol. 287, Springer-Verlag, pp. 337-345, 18th International Conference on Business Process Modeling, Development and Support, BPMDS 2017 and 22nd International Conference on Evaluation and Modeling Methods for Systems Analysis and Development, EMMSAD 2017 held at Conference on Advanced Information Systems Engineering, CAiSE 2017, Essen, Germany, 12/06/17. https://doi.org/10.1007/978-3-319-59466-8_21

A security requirements modelling language to secure cloud computing environments. / Shei, Shaun; Mouratidis, Haralambos; Delaney, Aidan.

Enterprise, Business-Process and Information Systems Modeling - 18th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017 Held at CAiSE 2017, Proceedings. Springer-Verlag, 2017. p. 337-345 (Lecture Notes in Business Information Processing; Vol. 287).

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

TY - GEN

T1 - A security requirements modelling language to secure cloud computing environments

AU - Shei, Shaun

AU - Mouratidis, Haralambos

AU - Delaney, Aidan

N1 - The final authenticated version is available online at https://doi.org/10.1007/978-3-319-59466-8_21

PY - 2017/5/17

Y1 - 2017/5/17

N2 - This paper presents a cloud-enhanced modelling language for capturing and describing cloud computing environments, enabling developers to model and reason about security issues in cloud systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cloud computing concepts, relationships and properties in order to carry out analysis and produce cloud security requirements. We illustrate our concepts through a case study of a cloud-based career office system from the University of the Aegean. Finally we discuss how our cloud modelling language enriches cloud models with security concepts, guiding developers of cloud systems in understanding cloud vulnerabilities and mitigation strategies through semi-automated security analysis.

AB - This paper presents a cloud-enhanced modelling language for capturing and describing cloud computing environments, enabling developers to model and reason about security issues in cloud systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cloud computing concepts, relationships and properties in order to carry out analysis and produce cloud security requirements. We illustrate our concepts through a case study of a cloud-based career office system from the University of the Aegean. Finally we discuss how our cloud modelling language enriches cloud models with security concepts, guiding developers of cloud systems in understanding cloud vulnerabilities and mitigation strategies through semi-automated security analysis.

KW - Cloud

KW - Cloud security requirements

KW - Meta-model

KW - modelling language

KW - Security requirements engineering

UR - http://www.scopus.com/inward/record.url?scp=85021205264&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-59466-8_21

DO - 10.1007/978-3-319-59466-8_21

M3 - Conference contribution with ISSN or ISBN

AN - SCOPUS:85021205264

SN - 9783319594651

T3 - Lecture Notes in Business Information Processing

SP - 337

EP - 345

BT - Enterprise, Business-Process and Information Systems Modeling - 18th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017 Held at CAiSE 2017, Proceedings

PB - Springer-Verlag

T2 - 18th International Conference on Business Process Modeling, Development and Support, BPMDS 2017 and 22nd International Conference on Evaluation and Modeling Methods for Systems Analysis and Development, EMMSAD 2017 held at Conference on Advanced Information Systems Engineering, CAiSE 2017

Y2 - 12 June 2017 through 13 June 2017

ER -

Shei S, Mouratidis H, Delaney A. A security requirements modelling language to secure cloud computing environments. In Enterprise, Business-Process and Information Systems Modeling - 18th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017 Held at CAiSE 2017, Proceedings. Springer-Verlag. 2017. p. 337-345. (Lecture Notes in Business Information Processing). https://doi.org/10.1007/978-3-319-59466-8_21

A security requirements modelling language to secure cloud computing environments

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this