Abstract
Cloud computing is a new paradigm with a promising potential. However, issues of security, privacy, and trust raise concerns and discourage its adoption. In previous work we presented a framework for the selection of appropriate cloud provider based on security and privacy requirements criteria. However, the adoption of cloud includes release of control over valuable assets, which constitutes trust in the cloud provider of paramount importance. In this paper we extend the framework by incorporating trust and control concepts in its language and adding a new activity to properly identify and reason about trust assumptions during the selection of appropriate cloud provider. Also, the CASE tool was extended to support the new activity. A case study is used to illustrate the usefulness of our approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kalloniatis, C., Mouratidis, H., Islam, S.: Evaluating Cloud Deployment Scenarios Based on Security and Privacy Requirements. Requirements Engineering Journal, REJ (2013), http://dx.doi.org/10.1007/s00766-013-0166-7
Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. To appear in Journal of Systems and Software (2013)
Mouratidis, H., Giorgini, P.: Secure Tropos: a Security-Oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: The PriS method. Requirements Engineering Journal 13(3), 241–255 (2008)
Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Reasoning with Goal Models. In: Spaccapietra, S., March, S.T., Kambayashi, Y. (eds.) ER 2002. LNCS, vol. 2503, pp. 167–181. Springer, Heidelberg (2002)
Castelfranchi, C., Falcone, R.: Trust Is Much More than Subjective Probability: Mental Components and Sources of Trust. In: 33rd International Conference on System Sciences, Hawaii (2000)
Pavlidis, M., Islam, S., Mouratidis, H., Kearney, P.: Modeling Trust Relationships for Developing Trustworthy Information Systems. International Journal of Information Systems Modelling and Design 5(1) (2014)
Pavlidis, M., Mouratidis, H., Islam, S.: Dealing with Trust and Control: A Meta-Model for Trustworthy Information Systems Development. In: Sixth IEEE International Conference on Research Challenges in Information Science, Valencia, Spain (2012)
Mollering, G.: The Trust/Control Duality: An Integrative Perspective on Positive Expectations of Others. International Sociology 20(3), 283–305 (2005)
Schneider, K., Knauss, E., Houmb, S.H., Islam, S., Jürjens, J.: Enhancing Security Requirements Engineering by Organisational Learning. Requirements Engineering Journal (REJ) 17(1), 35–36 (2012)
Mead, N.R., Steheny, T.: Security Quality Requirements Engineering (SQUARE) methodology. SIGSOFT Software Engineering Notes 30(4), 1–7 (2005)
Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. Requirements Engineering Journal 15(1), 63–93 (2010)
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering Journal 16(1), 3–32 (2011)
Smith Gillam, L., Li, B., O’Loughlin, J.: Adding Cloud Performance To Service Level Agreements. In: 2nd International Conference on Cloud Computing and Services Science (CLOSER), Portugal (2012)
Islam, S., Mouratidis, H., Weippl, E.: A Goal-driven Risk Management Approach to Support Security and Privacy Analysis of Cloud-based System. In: Security Engineering for Cloud Computing: Approaches and Tools. IGI Global Publication (2012)
Wenzel, S., Wessel, C., Humberg, T., Jürjens, J.: Securing Processes for Outsourcing into the Cloud. In: 2nd International Conference on Cloud Computing and Services Science. SciTe Press (2012)
Khajeh-Hosseini, A., Sommerville, I., Bogaerts, J., Teregowda, P.: Decision Support Tools for Cloud Migration in the Enterprise. In: 4th International Conference on Cloud Computing. IEEE Computer Society (2011)
Ko, R., Jagadprama, P.: TrustCloud: A Framework for Accountability and Trust in Cloud Computing. In: World Congress on Services (2011)
Peterson, G.: Don’t Trust. And Verify: Security Architecture Stack for the Cloud. IEEE Security and Privacy (September/October 2010)
Pearson, S., Benameur, A.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: 2nd IEEE International Conference on Cloud Computing Technology and Science (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pavlidis, M., Mouratidis, H., Kalloniatis, C., Islam, S., Gritzalis, S. (2013). Trustworthy Selection of Cloud Providers Based on Security and Privacy Requirements: Justifying Trust Assumptions. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2013. Lecture Notes in Computer Science, vol 8058. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40343-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-40343-9_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40342-2
Online ISBN: 978-3-642-40343-9
eBook Packages: Computer ScienceComputer Science (R0)