Abstract
With ever increasing demand for cloud computing services, the rate for the security threats has amplified drastically and this cannot be overlooked. Cloud-based systems can be used for storing and processing highly confidential data. These threats create a chaotic situation that is restricting the adoption rate of cloud-based services. In this paper, we anticipate giving a proposal that identifies and handle the security issues present in the system. Our proposal would first find the potential threats to the cloud system, and then algorithms implemented by the existing systems are evaluated by calculating the security index to check if they can protect the system from identified threats. Security index is the metric representing the risk measure of live threats in the system.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Arkin B, Stender S, McGraw G (2005) Software penetration testing. Secur Priv 3(1):84–87
Basin D, Doser J, Lodderstedt T (2006) Model drive security: from UML models to access control infrastructures. ACM Trans Softw Eng Methodol (TOSEM) 15(1):39–91
Chatterjee K, Gupta D, De A (2013) A framework for development of secure software. CSI Trans ICT 1(2):143–157
Che J, Duan Y, Zhang T, Fan J (2011) Study on the security models and strategies of cloud computing. In: International conference on power electronic and engineering application. Proc Eng 23: 586–593
Cloud Security Alliance (2010) Top Threats to Cloud Computing. Version 1.0. http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
Cloud Security Alliance (2013) The notorious nine: Cloud computing threats in 2013. http://www.cloudsecurityalliance.org/topthreats/
CRAMM (2005) United Kingdom Central Computer and Telecommunication Agency (CCTA) Risk analysis and management method, CRAMM user guide, Issue 5.1. United Kingdom
den Braber F, Hogganvik I, Lund MS, Stølen K, Vraalsen F (2007) Model-based security analysis in seven steps—a guided tour to the CORAS method. BT Technol J 25(1):101–117
DropBox storage service (2016) Consulté le March 2016, sur https://www.dropbox.com/
Dropbox: Yes, We Were Hacked (2012) Consulté le december 2015, sur http://gigaom.com/cloud/dropbox-yes-we-were-hacked/
ENISA (2009) Cloud Computing Benefits, risks and recommendations for information security http://www.enisa.europa.eu/
Felderer M, Zech P, Breu R, Buchler M, Pretschner A (2014) Model-based security testing: a taxonomy and systematic classification. Softw Test Verif Reliab 26:1–29
Ficco M, Palmieri F, Castiglione A (2015) Modeling security requirements for cloud-based system development. Concurr Comput 27(8):2107–2124
Firesmith DG (2003) Security use cases. J Obj Technol 2(3):53–64
Honer, P. (2013). Cloud computing security requirements and solutions: A systematic literature review. In: 19th twenty student conference on IT
Islam S, Mouratidis H, Edgar RW (2011) A goal-driven risk management approach to support security and privacy analysis of cloud- based system. In: Mario Piattini EF-M (ed) Security engineering for cloud computing. IGI Global, Hershey
Jaiswal S, Gupta D (2009) Security requirements prioritiztion. Softw Eng Res Pract 673–679
Ko R, Lee SS (2013) Cloud computing vulnerability incidents: A statistical overview. Retrieved from cloudsecurityalliance.org: https://cloudsecurityalliance.org/download/cloud-computing-vulnerability-incidents-a-statistical-overview/
Kuppuswamy P, Al-Khalidi S (2014) Analysis of security threats and prevention in cloud storage: review report. Int J Adv Res Eng Appl Sci 3:1–10
Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, Leaf D (2011) NIST cloud computing reference architecture: recommendations of the national institute of standards and technology. NIST Special Publication, Gaithersburg, pp 500–592
Mouratidis H, Giorgini P (2007) Security Attack Testing (SAT)—testing the security of information systems at design time. J Inform Syst 32:1166–1183
Naveed R, Abbas H (2014) Security requirements specification framework for cloud users. In: Future information technology, Lecture Notes in Electrical Engineering, vol 276, pp 297–305
Newton D (2011) Dropbox authentication: insecure by design. Récupéré sur dereknewton.com: http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
Rong C, Nguyen S, Jaatun M (2013) Beyond lighting: a survey on security challenges in cloud computing. Comput Elect Eng 39(1):47–54
Schieferdecker I, Grossmann J, Schneider M (2012) Model-based security testing. Workshop on model-bsed testing 2012 (MBT 2012), pp 1–12
Sun D, Chang G, Sun L, Wang X (2011) Surveying and analyzing security, privacy and trust issues in cloud computing environments. Advances in control engineering and information science. Proc Eng 15:2852–2856
Sun Y, Zhang J, Xiong Y, Zhu G (2014) Data security and privacy in cloud computing. Int J Distrib Sens Netw 10(7):1–9
Wang L, Wong E, Xu D (2007) A threat model driven approach for security testing. In: Third international workshop on software engineering for secure systems (SESS 2007). IEEE Computer Society
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jaiswal, S., Gupta, D. Engineering and validating security to make cloud secure. Int J Syst Assur Eng Manag 8 (Suppl 2), 1419–1441 (2017). https://doi.org/10.1007/s13198-017-0612-x
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13198-017-0612-x