Assurance of Security and Privacy Requirements for Cloud Deployment Models

Shareeful Islam; Moussa Ouedraogo; Christos Kalloniatis; Haralambos Mouratidis; Stefanos Gritzalis

doi:10.1109/TCC.2015.2511719

Assurance of Security and Privacy Requirements for Cloud Deployment Models

Shareeful Islam, Moussa Ouedraogo, Christos Kalloniatis, Haralambos Mouratidis, Stefanos Gritzalis

Centre for Secure, Intelligent and Usable Systems

Research output: Contribution to journal › Article › peer-review

Abstract

Despite of the several benefits of migrating enterprise critical assets to the cloud, there are challenges specifically related to security and privacy. It is important that cloud users understand their security and privacy needs, based on their specific context and select cloud model best fit to support these needs. The literature provides works that focus on discussing security and privacy issues for cloud systems but such works do not provide a detailed methodological approach to elicit security and privacy requirements neither methods to select cloud deployment models based on satisfaction of these requirements by cloud service providers. This work advances the current state of the art towards this direction. In particular, we consider requirements engineering concepts to elicit and analyze security and privacy requirements and their associated mechanisms using a conceptual framework and a systematic process. The work introduces assurance as evidence for satisfying the security and privacy requirements in terms of completeness and reportable of security incident through audit. This allows perspective cloud users to define their assurance requirements so that appropriate cloud models can be selected for a given context. To demonstrate our work, we present results from a real case study based on the Greek National Gazette.

Original language	English
Pages (from-to)	387-400
Number of pages	14
Journal	IEEE Transactions on Cloud Computing
Volume	6
Issue number	2
DOIs	https://doi.org/10.1109/TCC.2015.2511719
Publication status	Published - 23 Dec 2015

Bibliographical note

© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including
reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Keywords

assurance
Cloud deployment
migration
privacy
security

Access to Document

10.1109/TCC.2015.2511719

Assurance of Security and Privacy Requirements for Cloud Deployment ModelsAccepted author manuscript, 1.37 MB

Cite this

@article{4a2e823fbcb046f597aa3efbaed18c09,

title = "Assurance of Security and Privacy Requirements for Cloud Deployment Models",

abstract = "Despite of the several benefits of migrating enterprise critical assets to the cloud, there are challenges specifically related to security and privacy. It is important that cloud users understand their security and privacy needs, based on their specific context and select cloud model best fit to support these needs. The literature provides works that focus on discussing security and privacy issues for cloud systems but such works do not provide a detailed methodological approach to elicit security and privacy requirements neither methods to select cloud deployment models based on satisfaction of these requirements by cloud service providers. This work advances the current state of the art towards this direction. In particular, we consider requirements engineering concepts to elicit and analyze security and privacy requirements and their associated mechanisms using a conceptual framework and a systematic process. The work introduces assurance as evidence for satisfying the security and privacy requirements in terms of completeness and reportable of security incident through audit. This allows perspective cloud users to define their assurance requirements so that appropriate cloud models can be selected for a given context. To demonstrate our work, we present results from a real case study based on the Greek National Gazette.",

keywords = "assurance, Cloud deployment, migration, privacy, security",

author = "Shareeful Islam and Moussa Ouedraogo and Christos Kalloniatis and Haralambos Mouratidis and Stefanos Gritzalis",

note = "{\textcopyright} 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. ",

year = "2015",

month = dec,

day = "23",

doi = "10.1109/TCC.2015.2511719",

language = "English",

volume = "6",

pages = "387--400",

journal = "IEEE Transactions on Cloud Computing",

issn = "2168-7161",

number = "2",

}

TY - JOUR

T1 - Assurance of Security and Privacy Requirements for Cloud Deployment Models

AU - Islam, Shareeful

AU - Ouedraogo, Moussa

AU - Kalloniatis, Christos

AU - Mouratidis, Haralambos

AU - Gritzalis, Stefanos

N1 - © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

PY - 2015/12/23

Y1 - 2015/12/23

N2 - Despite of the several benefits of migrating enterprise critical assets to the cloud, there are challenges specifically related to security and privacy. It is important that cloud users understand their security and privacy needs, based on their specific context and select cloud model best fit to support these needs. The literature provides works that focus on discussing security and privacy issues for cloud systems but such works do not provide a detailed methodological approach to elicit security and privacy requirements neither methods to select cloud deployment models based on satisfaction of these requirements by cloud service providers. This work advances the current state of the art towards this direction. In particular, we consider requirements engineering concepts to elicit and analyze security and privacy requirements and their associated mechanisms using a conceptual framework and a systematic process. The work introduces assurance as evidence for satisfying the security and privacy requirements in terms of completeness and reportable of security incident through audit. This allows perspective cloud users to define their assurance requirements so that appropriate cloud models can be selected for a given context. To demonstrate our work, we present results from a real case study based on the Greek National Gazette.

AB - Despite of the several benefits of migrating enterprise critical assets to the cloud, there are challenges specifically related to security and privacy. It is important that cloud users understand their security and privacy needs, based on their specific context and select cloud model best fit to support these needs. The literature provides works that focus on discussing security and privacy issues for cloud systems but such works do not provide a detailed methodological approach to elicit security and privacy requirements neither methods to select cloud deployment models based on satisfaction of these requirements by cloud service providers. This work advances the current state of the art towards this direction. In particular, we consider requirements engineering concepts to elicit and analyze security and privacy requirements and their associated mechanisms using a conceptual framework and a systematic process. The work introduces assurance as evidence for satisfying the security and privacy requirements in terms of completeness and reportable of security incident through audit. This allows perspective cloud users to define their assurance requirements so that appropriate cloud models can be selected for a given context. To demonstrate our work, we present results from a real case study based on the Greek National Gazette.

KW - assurance

KW - Cloud deployment

KW - migration

KW - privacy

KW - security

UR - http://www.scopus.com/inward/record.url?scp=85048212432&partnerID=8YFLogxK

U2 - 10.1109/TCC.2015.2511719

DO - 10.1109/TCC.2015.2511719

M3 - Article

AN - SCOPUS:85048212432

VL - 6

SP - 387

EP - 400

JO - IEEE Transactions on Cloud Computing

JF - IEEE Transactions on Cloud Computing

SN - 2168-7161

IS - 2

ER -

Assurance of Security and Privacy Requirements for Cloud Deployment Models

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this