A Conceptual Framework of Security Requirements in Multi-cloud Environment

  • Hamad WittiEmail author
  • Chirine Ghedira Guegan
  • Elhadj Benkhelifa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10975)


Nowadays, organizations are increasingly attracted by the benefit of multi-cloud offerings. However, they have to adapt their business processes for multi-cloud collaboration and especially to deal with a major security problem. Indeed, the complexity of security due to multiple cloud policies and a variety of security requirements does not guarantee compliance with the security requirements of their business processes. We present our initial research that aims to develop an effective security governance framework for a multi-cloud environment. Our approach is to shed light on the need to integrate security requirements into business processes and to provide a conceptual framework of security requirements including steps and processes for a multi-cloud environment.


  1. 1.
    Alzain, M.A., Pardede, E., Soh, B., Thom, J.A.: Cloud computing security: from single to multi-clouds. In: HICSS, pp. 5490–5499. IEEE Computer Society (2012)Google Scholar
  2. 2.
    Alzain, M.A., Soh, B., Pardede, E.: A survey on data security issues in cloud computing: from single to multi-clouds. JSW 8(5), 1068–1078 (2013)CrossRefGoogle Scholar
  3. 3.
    Shei, S., Kalloniatis, C., Mouratidis, H., Delaney, A.: Modelling secure cloud computing systems from a security requirements perspective. In: Trust, Privacy and Security in Digital Business - 13th International Conference, TrustBus 2016, Porto, Portugal, 7–8 September 2016, Proceedings, pp. 48–62 (2016)CrossRefGoogle Scholar
  4. 4.
    Damasceno, J.C., Lins, F.A.A., Medeiros, R.W.A., Silva, B.L.B., Souza, A.R.R., Aragão, D., Maciel, P.R.M., Rosa, N.S., Stephenson, B., Li, J.: Modeling and executing business processes with annotated security requirements in the cloud. In: ICWS, pp. 137–144. IEEE Computer Society (2011)Google Scholar
  5. 5.
    Ficco, M., Palmieri, F., Castiglione, A.: Modeling security requirements for cloud-based system development. Concurrency Comput. Pract. Experience 27(8), 2107–2124 (2015)CrossRefGoogle Scholar
  6. 6.
    Goettelmann, E., Mayer, N., Godart, C.: Integrating security risk management into business process management for the cloud. In: CBI (1), pp. 86–93. IEEE Computer Society (2014)Google Scholar
  7. 7.
    Lins, F.A.A., Medeiros, R.W.A., Silva, B.L.B., Souza, A.R.R., Aragão, D., Damasceno, J.C., Maciel, P.R.M., Rosa, N.S., Stephenson, B., Li, J.: Ssc4cloud tooling: an integrated environment for the development of business processes with security requirements in the cloud. In: SERVICES, pp. 53–60. IEEE Computer Society (2011)Google Scholar
  8. 8.
    Oberle, K., Fisher, M.: ETSI CLOUD – initial standardization requirements for cloud services. In: Altmann, J., Rana, O.F. (eds.) GECON 2010. LNCS, vol. 6296, pp. 105–115. Springer, Heidelberg (2010). Scholar
  9. 9.
    Fan, W., Perros, H.: A novel trust management framework for multi-cloud environments based on trust service providers. Knowl. Based Syst. 70, 392–406 (2014)CrossRefGoogle Scholar
  10. 10.
    Labda, W., Mehandjiev, N., Sampaio, P.: Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1399–1405. ACM (2014)Google Scholar
  11. 11.
    Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R., Krishnan, R., Ahn, G.J., Bertino, E.: Collaboration in multicloud computing environments: framework and security issues. Computer 46(2), 76–84 (2013)CrossRefGoogle Scholar
  12. 12.
    Sandkuhl, K., Matulevicius, R., Kirikova, M., Ahmed, N.: Integration of it-security aspects into information demand analysis and patterns. In: BIR 2015, vol. 1420, pp. 36–47 (2015)Google Scholar
  13. 13.
    Firesmith, D.: Specifying reusable security requirements. J. Object Technol. 3(1), 61–75 (2004)CrossRefGoogle Scholar
  14. 14.
    Maines, C.L., Llewellyn-Jones, D., Tang, S., Zhou, B.: A cyber security ontology for BPMN-security extensions. In: 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), pp. 1756–1763. IEEE (2015)Google Scholar
  15. 15.
    Hoener, P.: Cloud computing security requirements and solutions: a systematic literature review. B.S. thesis, University of Twente (2013)Google Scholar
  16. 16.
    Iankoulova, I., Daneva, M.: Cloud computing security requirements: a systematic review. In: 2012 Sixth International Conference on Research Challenges in Information Science (RCIS), pp. 1–7. IEEE (2012)Google Scholar
  17. 17.
    Bernsmed, K., Meland, P.H., Jaatun, M.G.: Cloud security requirements-a checklist with security and privacy requirements for public cloud services (2015)Google Scholar
  18. 18.
    Rodríguez, A., Fernández-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. 90-D(4), 745–752 (2007)CrossRefGoogle Scholar
  19. 19.
    Naveed, R., Abbas, H.: Security requirements specification framework for cloud users. In: Park, J., Stojmenovic, I., Choi, M., Xhafa, F. (eds.) Future Information Technology, pp. 297–305. Springer, Heidelberg (2014). Scholar
  20. 20.
    Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN: modeling and enforcing access control requirements in business processes. In: 17th ACM Symposium on Access Control Models and Technologies, SACMAT 2012, Newark, NJ, USA, 20–22 June 2012, pp. 123–126 (2012)Google Scholar
  21. 21.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Cherdantseva, Y.: Secure*BPMN: a graphical extension for BPMN 2.0 based on a reference model of information assurance & security. Ph.D. thesis, Cardiff University, UK (2014)Google Scholar
  23. 23.
    Cherdantseva, Y., Hilton, J.: A reference model of information assurance & security. In: 2013 Eighth International Conference on Availability, Reliability and Security (ARES), pp. 546–555. IEEE (2013)Google Scholar
  24. 24.
    Salnitri, M., Dalpiaz, F., Giorgini, P.: Modeling and verifying security policies in business processes. In: Bider, I., Gaaloul, K., Krogstie, J., Nurcan, S., Proper, H.A., Schmidt, R., Soffer, P. (eds.) BPMDS/EMMSAD -2014. LNBIP, vol. 175, pp. 200–214. Springer, Heidelberg (2014)Google Scholar
  25. 25.
    Goettelmann, E., Dahman, K., Gateau, B., Godart, C.: A formal broker framework for secure and cost-effective business process deployment on multiple clouds. In: Nurcan, S., Pimenidis, E. (eds.) CAiSE Forum 2014. LNBIP, vol. 204, pp. 3–19. Springer, Cham (2015). Scholar
  26. 26.
    Nacer, A.A., Goettelmann, E., Youcef, S., Tari, A., Godart, C.: Obfuscating a business process by splitting its logic with fake fragments for securing a multi-cloud deployment. In: 2016 IEEE World Congress on Services (SERVICES), pp. 18–25. IEEE (2016)Google Scholar
  27. 27.
    Firesmith, D.: Engineering security requirements. J. Object Technol. 2(1), 53–68 (2003)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Hamad Witti
    • 1
    Email author
  • Chirine Ghedira Guegan
    • 2
  • Elhadj Benkhelifa
    • 3
  1. 1.University of Lyon, University Jean Moulin Lyon 3, IAE Lyon School of Management, MagellanLyonFrance
  2. 2.University of Lyon, University Jean Moulin Lyon 3, IAE Lyon School of Management, LIRIS, UMR 5205LyonFrance
  3. 3.Staffordshire UniversityStaffordUK

Personalised recommendations