A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain

A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain

Kristian Beckers (Univeristy of Duisburg-Essen, Essen, Germany), Isabelle Côté (ITESYS Institute for Technical Systems GmbH, Dortmund, Germany), Ludger Goeke (ITESYS Institute for Technical Systems GmbH, Dortmund, Germany), Selim Güler (EASY SOFTWARE AG, Mülheim an der Ruhr, Germany) and Maritta Heisel (University of Duisburg-Essen, Essen, Germany)
Copyright: © 2014 |Pages: 24
DOI: 10.4018/ijsse.2014040102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.
Article Preview

2. Running Example

To illustrate our approach, we consider an online-banking system as running example. The bank institute, as potential cloud customer, wants to expand its business by a structured scenario in form of an online-banking service. To operate economically, the bank is inclined to use a cloud computing service for this task.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017): 2 Released, 2 Forthcoming
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing