Skip to main content
SpringerLink
Log in

Evaluating cloud deployment scenarios based on security and privacy requirements

  • Req. Engineering for Security, Privacy & Services in Cloud Environments
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

Migrating organisational services, data and application on the Cloud is an important strategic decision for organisations due to the large number of benefits introduced by the usage of cloud computing, such as cost reduction and on-demand resources. Despite, however, many benefits, there are challenges and risks for cloud adaption related to (amongst others) data leakage, insecure APIs and shared technology vulnerabilities. These challenges need to be understood and analysed in the context of an organisation’s security and privacy goals and relevant cloud computing deployment models. Although the literature provides a large number of references to works that consider cloud computing security issues, no work has been provided, to our knowledge, which supports the elicitation of security and privacy requirements and the selection of an appropriate cloud deployment model based on such requirements. This work contributes towards this gap. In particular, we propose a requirements engineering framework to support the elicitation of security and privacy requirements and the selection of an appropriate deployment model based on the elicited requirements. Our framework provides a modelling language that builds on concepts from requirements, security, privacy and cloud engineering, and a systematic process. We use a real case study, based on the Greek National Gazette, to demonstrate the applicability of our work.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Microsoft Technical Report (2009) Privacy in the cloud computing era, a Microsoft perspective. Microsoft Corp, Redmond

    Google Scholar 

  2. Islam S, Mouratidis H, Weippl E (2012) A goal-driven risk management approach to support security and privacy analysis of cloud-based system. In: Rosado DG, Mellado D, Fernández-Medina E, Piattini M (eds) Security engineering for cloud computing: approaches and tools. IGI Global Publication, Hershey

  3. Version one survey results: cloud confusion amongst IT professionals. http://www.versionone.co.uk/news/cloud-of-confusion-amongst-it-professionals.php. 24 June 2009

  4. Pearson S, Benameur A (2010) Privacy, security and trust issues arising from cloud computing. In: 2nd IEEE International conference on cloud computing technology and science, IEEE Computer Society, UK, pp 693–702

  5. Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. IEEE Security Priv Mag 9(2):50–57

    Article  Google Scholar 

  6. Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3):241–255

    Article  Google Scholar 

  7. Houmb SH, Islam S, Knauss E, Jürjens J, Schneider K (2010) Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec. Requir Eng J 15(1):63–93

    Article  Google Scholar 

  8. Islam S, Mouratidis H, Kalloniatis C., Hudic A, Zechner L, (2012a). Model based process to support security and privacy requirements engineering. Int J Secur Softw Eng 3(3):1–22, IGI Global Publication

    Google Scholar 

  9. Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng J 10(1):34–44

    Article  Google Scholar 

  10. Khajeh-Hosseini A, Sommerville I, Bogaerts J, Teregowda P (2011) Decision support tools for cloud migration in the enterprise. In: proceeding of IEEE 4th international conference on cloud computing. IEEE Computer Society

  11. Baburajan R The rising cloud storage market opportunity strengthens vendors. infoTECH, August 24, 2011 It.tmcnet.com. Retrieved 2011-12-02

  12. Kerravala Z, Yankee Group Migrating to the cloud is dependent infrastructure, Tech Target. Convergedinfrastructure.com. Retrieved 2011-12-02

  13. Voorsluys W, Broberg J, Buyya R (2011) Introduction to cloud computing. In: Buyya R, Broberg J, Goscinski A (eds) A cloud computing: principles and paradigms. Wiley, New York, pp 1–44 ISBN 978-0-470-88799-8

    Chapter  Google Scholar 

  14. Bruening PJ, Treacy BC (2009) Privacy & security law report: privacy, security issues raised by cloud computing. The Bureau of National Affairs, Virginia

    Google Scholar 

  15. Yu E (1995) Modelling strategic relationships for process reengineering, PhD thesis, Department of computer science, University of Toronto, Canada

  16. Mouratidis H, Giorgini P (2006) Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng 17(2):285–309 © World Scientific Publishing Company

    Article  Google Scholar 

  17. Kavakli E, Gritzalis S, Kalloniatis C (2007) Protecting privacy in system design: the electronic voting case. Transform Gov People Process Policy 1(4):307–332

    Article  Google Scholar 

  18. Gong C, Liu J, Zhang Q, Chen H Gong Z (2010) The Characteristics of Cloud Computing. In: proceedings of the 2010 39th International Conference on Parallel Processing Workshops, IEEE Computer Society Washington

  19. Mouratidis H, Kalloniatis C, Islam S,Huget MP, Gritzalis S (2012) Aligning security and privacy to support the development of secure information systems. J of Univers Comput Sci 18(12):1608–1627

    Google Scholar 

  20. Kalloniatis C, Kavakli E, Gritzalis S (2005) Dealing with privacy issues during the system design process In: Serpanos D et al. (eds), Proceedings of the ISSPIT’05 5th IEEE International symposium on signal processing and information technology. Dec 2005, Athens, Greece, IEEE CPS Conference Publishing Services pp 546–551

  21. Kalloniatis C, Kavakli E, Gritzalis S, Methods for designing privacy aware information systems: a review, In: Chrysikopoulos V, Alexandris N, Douligeris C, Sioutas S (eds), Proceedings of the PCI 2009 13th Pan-Hellenic conference on informatics, Sept 2009, Corfu, Greece, IEEE CPS Conference Publishing Services pp.185–194

  22. Islam S, Mouratidis H, Wagner S (2010) Toward a framework to elicit and manage security and privacy requirements from laws and regulation, In: Proceeding of requirements engineering: foundation for software quality(REFSQ), Lecture notes in computer science, Vol 6182/2010, pp 255–261

  23. Massey AK, Otto PN, Hayward LJ, Antón AI (2010) Evaluating existing security and privacy requirements for legal compliance. Requir Eng J 15(1):119–137

    Article  Google Scholar 

  24. Mulazzani M, Schrittwieser S, Leithner M, Huber M, Weippl E (2011). Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In: Proceedings of Usenix Security

  25. Vivas JL, Agudo I, Lopez J (2011) A methodology for security assurance-driven system development. Requir Eng 16(1):55–73. doi:10.1007/s00766-010-0114-8

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Cultural Technology and Communication, University of the Aegean, University Hill, 81100, Mytilene, Greece

    Christos Kalloniatis

  2. School of Architecture, Computing and Engineering, University of East London, London, UK

    Haralambos Mouratidis & Shareeful Islam

Authors
  1. Christos Kalloniatis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shareeful Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christos Kalloniatis.

Appendices

Appendix 1: Cloud deployment scenario template

Appendix 2: Public cloud deployment scenario for GNG

Appendix 3: Private cloud deployment scenario for GNG

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kalloniatis, C., Mouratidis, H. & Islam, S. Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Eng 18, 299–319 (2013). https://doi.org/10.1007/s00766-013-0166-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-013-0166-7

Keywords

Search

Navigation