Privacy-Aware Cloud Deployment Scenario Selection

  • Kristian Beckers
  • Stephan Faßbender
  • Stefanos Gritzalis
  • Maritta Heisel
  • Christos Kalloniatis
  • Rene Meis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8647)


Nowadays, IT-resources are often out-sourced to clouds to reduce administration and hardware costs of the own IT infrastructure. There are different deployment scenarios for clouds that heavily differ in the costs for deployment and maintenance, but also in the number of stakeholders involved in the cloud and the control over the data in the cloud. These additional stakeholders can introduce new privacy threats into a system. Hence, there is a trade-off between the reduction of costs and addressing privacy concerns introduced by clouds. Our contribution is a structured method that assists decision makers in selecting an appropriate cloud deployment scenario. Our method is based on the privacy requirements of the system-to-be. These are analyzed on basis of the functional requirements using the problem-based privacy threat analysis (ProPAn). The concept of clouds is integrated into the requirements model, which is used by ProPAn to automatically generate privacy threat graphs.


Cloud Provider Public Cloud Private Cloud Problem Frame Privacy Requirement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    National Institute of Standards and Technology: The NIST definition of cloud computing (2011)Google Scholar
  2. 2.
    Beckers, K., Faßbender, S., Heisel, M., Meis, R.: A problem-based approach for computer aided privacy threat identification. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 1–16. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  3. 3.
    Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley (2001)Google Scholar
  4. 4.
    Côté, I., Hatebur, D., Heisel, M., Schmidt, H.: UML4PF – a tool for problem-oriented requirements analysis. In: Proceedings of RE, pp. 349–350. IEEE Computer Society (2011)Google Scholar
  5. 5.
    Meis, R.: Problem-Based Consideration of Privacy-Relevant Domain Knowledge. In: Hansen, M., Hoepman, J.-H., Leenes, R., Whitehouse, D. (eds.) Privacy and Identity 2013. IFIP AICT, vol. 421, pp. 150–164. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  6. 6.
    UML Revision Task Force: OMG Unified Modeling Language: Superstructure (May 2012)Google Scholar
  7. 7.
    Kalloniatis, C., Mouratidis, H., Islam, S.: Evaluating cloud deployment scenarios based on security and privacy requirements. Requir. Eng. 18(4), 299–319 (2013)CrossRefGoogle Scholar
  8. 8.
    Beckers, K., Côté, I., Faßbender, S., Heisel, M., Hofbauer, S.: A pattern-based method for establishing a cloud-specific information security management system - establishing information security management systems for clouds considering security, privacy, and legal compliance. Requir. Eng. 18(4), 343–395 (2013)CrossRefGoogle Scholar
  9. 9.
    Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: The PriS method. Requir. Eng. 13, 241–255 (2008)CrossRefGoogle Scholar
  10. 10.
    Mouratidis, H., Giorgini, P.: Secure tropos: A security-oriented extension of the tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)CrossRefGoogle Scholar
  11. 11.
    Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements. In: RE (2011)Google Scholar
  12. 12.
    Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press, Redmond (2006)Google Scholar
  13. 13.
    Khajeh-Hosseini, A., Sommerville, I., Bogaerts, J., Teregowda, P.: Decision support tools for cloud migration in the enterprise. In: IEEE Int. Conf. on Cloud Computing (CLOUD), pp. 541–548. IEEE Computer Society (July 2011)Google Scholar
  14. 14.
    Hajjat, M., Sun, X., Sung, Y.E., Maltz, D., Rao, S., Sripanidkulchai, K., Tawarmalani, M.: Cloudward bound: Planning for beneficial migration of enterprise applications to the cloud. In: Proc. of the ACM SIGCOMM Conf., pp. 243–254. ACM, New York (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Kristian Beckers
    • 1
  • Stephan Faßbender
    • 1
  • Stefanos Gritzalis
    • 2
  • Maritta Heisel
    • 1
  • Christos Kalloniatis
    • 3
  • Rene Meis
    • 1
  1. 1.paluno - The Ruhr Institute for Software TechnologyUniversity of Duisburg-EssenGermany
  2. 2.Department of Information and Communications Systems EngineeringUniversity of the AegeanGreece
  3. 3.Department of Cultural Technology and CommunicationUniversity of the AegeanGreece

Personalised recommendations