A Structured Method for Security Requirements Elicitation Concerning the Cloud Computing Domain

2017 ◽  
pp. 782-805
Author(s):  
Kristian Beckers ◽  
Isabelle Côté ◽  
Ludger Goeke ◽  
Selim Güler ◽  
Maritta Heisel
Keyword(s):  
Cloud Computing ◽  
System Analysis ◽  
Business Case ◽  
Security Requirements ◽  
Cloud System ◽  
Security Requirement ◽  
Security Measures ◽  
Analysis Pattern ◽  
It Resources ◽  
Requirements Patterns

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.

A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain

2015 ◽  
pp. 875-896
Author(s):  
Kristian Beckers ◽  
Isabelle Côté ◽  
Ludger Goeke ◽  
Selim Güler ◽  
Maritta Heisel
Keyword(s):  
Cloud Computing ◽  
System Analysis ◽  
Business Case ◽  
Security Requirements ◽  
Cloud System ◽  
Security Requirement ◽  
Security Measures ◽  
Analysis Pattern ◽  
It Resources ◽  
Requirements Patterns

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.

A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain

2014 ◽  
Vol 5 (2) ◽  
pp. 20-43 ◽  
Author(s):  
Kristian Beckers ◽  
Isabelle Côté ◽  
Ludger Goeke ◽  
Selim Güler ◽  
Maritta Heisel
Keyword(s):  
Cloud Computing ◽  
System Analysis ◽  
Economic Benefits ◽  
Cloud Services ◽  
Security Requirements ◽  
Cloud System ◽  
Security Requirement ◽  
Analysis Pattern ◽  
It Resources ◽  
Requirements Patterns

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.

Bringing Security to The Smallest Embedded Systems

2017 ◽  
Author(s):  
JOSEPH YIU
Keyword(s):  
Internet Of Things ◽  
Embedded Systems ◽  
Low Cost ◽  
Security Requirements ◽  
The Internet ◽  
Security Measures ◽  
Significant Challenge ◽  
Iot Devices

The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:

SECURITY IN CLOUD COMPUTING IN INDIAN GOVERNMENT

2021 ◽  
Vol 12 (3) ◽  
Author(s):  
Nitin Vishnu Choudhari ◽  
Dr. Ashish B Sasankar
Keyword(s):  
Cloud Computing ◽  
Service Delivery ◽  
Service Providers ◽  
Cloud Service ◽  
Cloud Security ◽  
End Users ◽  
Security Architecture ◽  
Security Measures ◽  
End User ◽  
Cloud Service Providers

Abstract –Today Security issue is the topmost problem in the cloud computing environment. It leads to serious discomfort to the Governance and end-users. Numerous security solutions and policies are available however practically ineffective in use. Most of the security solutions are centered towards cloud technology and cloud service providers only and no consideration has been given to the Network, accessing, and device securities at the end-user level. The discomfort at the end-user level was left untreated. The security of the various public, private networks, variety of devices used by end-users, accessibility, and capacity of end-users is left untreated. This leads towards the strong need for the possible modification of the security architecture for data security at all levels and secured service delivery. This leads towards the strong need for the possible adaption of modified security measures and provisions, which shall provide secured hosting and service delivery at all levels and reduce the security gap between the cloud service providers and end-users. This paper investigates the study and analyze the security architecture in the Cloud environment of Govt. of India and suggest the modifications in the security architecture as per the changing scenario and to fulfill the future needs for the secured service delivery from central up to the end-user level. Keywords: Cloud Security, Security in GI Cloud, Cloud Security measures, Security Assessment in GI Cloud, Proposed Security for GI cloud

Sign in / Sign up

Export Citation Format

Share Document