Abstract
Cloud computing has gained significance due to its accessibility and highly scalable computing resources in today’s emerging IT technologies. These cloud resources are shared among all cloud entities at different levels of operation. And due to its complex architecture it is prone to a number of security threats. These security and privacy challenges must be taken into consideration by organizations when they have to outsource their data, infrastructure and applications into a cloud environment. The objective of this paper is twofold i.e. it highlights critical security challenges introduced in cloud environment, specific security requirements are analyzed for cloud users and a framework for engineering these security requirements is also presented. The paper proposes a cloud security assurance framework that helps users by providing a methodology for identifying security requirements of their assets at early stages of the cloud deployment process. It also provides mechanism to specify cloud system’s deployment requirements.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andrei, T.: Cloud Computing Challenges and Related Security Issues, http://www.cse.wustl.edu/~jain/cse571-09/ftp/cloud/index.html (last accessed on September 23, 2012)
Waqar, A., Raza, A., Abbas, H., Khan, M.K.: A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata. Journal of Network and Computer Applications 36(1), 235–248 (2013), http://dx.doi.org/10.1016/j.jnca.2012.09.001
Dubois, E., Mouratidis, H.: Guest editorial: security requirements engi-neering: past, present and future. Requir. Eng. 15(1), 1–5 (2010)
Ren, K., Wang, C., Wang, Q.: Security Challenges for the Public Cloud. Internet Comput. IEEE 16(1), 69–73 (2012)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)
Venters, W., Whitley, E.A.: A critical review of cloud computing: researching desires and realities. J. Inf. Technol. 27(3), 179–197 (2012)
Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: On Technical Security Issues in Cloud Computing. In: IEEE Int. Conf. on Cloud Computing (CLOUD 2009), pp. 109–116 (2009)
Chen, Y., Paxson, V., Katz, R.H.: What’s New About Cloud Computing Secu-rity? EECS Department, University of California, Berkeley, USA, UCB/EECS-2010-5 (2010)
Yu, H., Powell, N., Stembridge, D., Yuan, X.: Cloud computing and security challenges. In: Proceedings of the 50th Annual Southeast Regional Conference, New York, NY, USA, pp. 298–302 (2012)
Iankoulova, I., Daneva, M.: Cloud computing security requirements: A systematic review. In: RCIS 2012, pp. 1–7 (2012)
NIST, Cloud Computing Security Working Group, Challenging Security Requirements for US Government Cloud Computing Adoption (Draft) (November 2011)
Badger, L., Grance, T., Patt-Corner, R., Voas, J.: Draft-NIST-SP800-146-NIST Draft Cloud Computing Synopsis and Recommendations. Recommendations of the National Institute of Standards and Technology, http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf (accessed on September 12, 2012)
Huth, A., Cebula, J.: The Basics of Cloud Computing. USCERT http://www.us-cert.gov/sites/default/files/publications/CloudComputingHuthCebula.pdf (accessed on December 12, 2012)
Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering 34(1), 133–153 (2008)
Dubois, E., Mouratidis, H.: Guest editorial: security requirements engi-neering: past, present and future. Requir. Eng. 15(1), 1–5 (2010)
Cloud Security Alliance, Top Threats to Cloud Computing, V1.0 by Cloud Security Alliance (March 2010)
Rosado, D.G., Mellado, D.: Security Engineering for Cloud Computing: Approaches and Tools. IGI Global Snippet (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naveed, R., Abbas, H. (2014). Security Requirements Specification Framework for Cloud Users. In: Park, J., Stojmenovic, I., Choi, M., Xhafa, F. (eds) Future Information Technology. Lecture Notes in Electrical Engineering, vol 276. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40861-8_43
Download citation
DOI: https://doi.org/10.1007/978-3-642-40861-8_43
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40860-1
Online ISBN: 978-3-642-40861-8
eBook Packages: EngineeringEngineering (R0)