Privacy-Aware Cloud Deployment Scenario Selection
Nowadays, IT-resources are often out-sourced to clouds to reduce administration and hardware costs of the own IT infrastructure. There are different deployment scenarios for clouds that heavily differ in the costs for deployment and maintenance, but also in the number of stakeholders involved in the cloud and the control over the data in the cloud. These additional stakeholders can introduce new privacy threats into a system. Hence, there is a trade-off between the reduction of costs and addressing privacy concerns introduced by clouds. Our contribution is a structured method that assists decision makers in selecting an appropriate cloud deployment scenario. Our method is based on the privacy requirements of the system-to-be. These are analyzed on basis of the functional requirements using the problem-based privacy threat analysis (ProPAn). The concept of clouds is integrated into the requirements model, which is used by ProPAn to automatically generate privacy threat graphs.
KeywordsCloud Provider Public Cloud Private Cloud Problem Frame Privacy Requirement
Unable to display preview. Download preview PDF.
- 1.National Institute of Standards and Technology: The NIST definition of cloud computing (2011)Google Scholar
- 3.Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley (2001)Google Scholar
- 4.Côté, I., Hatebur, D., Heisel, M., Schmidt, H.: UML4PF – a tool for problem-oriented requirements analysis. In: Proceedings of RE, pp. 349–350. IEEE Computer Society (2011)Google Scholar
- 6.UML Revision Task Force: OMG Unified Modeling Language: Superstructure (May 2012)Google Scholar
- 8.Beckers, K., Côté, I., Faßbender, S., Heisel, M., Hofbauer, S.: A pattern-based method for establishing a cloud-specific information security management system - establishing information security management systems for clouds considering security, privacy, and legal compliance. Requir. Eng. 18(4), 343–395 (2013)CrossRefGoogle Scholar
- 11.Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements. In: RE (2011)Google Scholar
- 12.Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press, Redmond (2006)Google Scholar
- 13.Khajeh-Hosseini, A., Sommerville, I., Bogaerts, J., Teregowda, P.: Decision support tools for cloud migration in the enterprise. In: IEEE Int. Conf. on Cloud Computing (CLOUD), pp. 541–548. IEEE Computer Society (July 2011)Google Scholar
- 14.Hajjat, M., Sun, X., Sung, Y.E., Maltz, D., Rao, S., Sripanidkulchai, K., Tawarmalani, M.: Cloudward bound: Planning for beneficial migration of enterprise applications to the cloud. In: Proc. of the ACM SIGCOMM Conf., pp. 243–254. ACM, New York (2010)Google Scholar