Skip to main content
SpringerLink
Log in

Security Requirements Specification Framework for Cloud Users

  • Conference paper
Future Information Technology

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 276))

Abstract

Cloud computing has gained significance due to its accessibility and highly scalable computing resources in today’s emerging IT technologies. These cloud resources are shared among all cloud entities at different levels of operation. And due to its complex architecture it is prone to a number of security threats. These security and privacy challenges must be taken into consideration by organizations when they have to outsource their data, infrastructure and applications into a cloud environment. The objective of this paper is twofold i.e. it highlights critical security challenges introduced in cloud environment, specific security requirements are analyzed for cloud users and a framework for engineering these security requirements is also presented. The paper proposes a cloud security assurance framework that helps users by providing a methodology for identifying security requirements of their assets at early stages of the cloud deployment process. It also provides mechanism to specify cloud system’s deployment requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andrei, T.: Cloud Computing Challenges and Related Security Issues, http://www.cse.wustl.edu/~jain/cse571-09/ftp/cloud/index.html (last accessed on September 23, 2012)

  2. Waqar, A., Raza, A., Abbas, H., Khan, M.K.: A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata. Journal of Network and Computer Applications 36(1), 235–248 (2013), http://dx.doi.org/10.1016/j.jnca.2012.09.001

    Article  Google Scholar 

  3. Dubois, E., Mouratidis, H.: Guest editorial: security requirements engi-neering: past, present and future. Requir. Eng. 15(1), 1–5 (2010)

    Article  Google Scholar 

  4. Ren, K., Wang, C., Wang, Q.: Security Challenges for the Public Cloud. Internet Comput. IEEE 16(1), 69–73 (2012)

    Article  Google Scholar 

  5. Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)

    Article  Google Scholar 

  6. Venters, W., Whitley, E.A.: A critical review of cloud computing: researching desires and realities. J. Inf. Technol. 27(3), 179–197 (2012)

    Article  Google Scholar 

  7. Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: On Technical Security Issues in Cloud Computing. In: IEEE Int. Conf. on Cloud Computing (CLOUD 2009), pp. 109–116 (2009)

    Google Scholar 

  8. Chen, Y., Paxson, V., Katz, R.H.: What’s New About Cloud Computing Secu-rity? EECS Department, University of California, Berkeley, USA, UCB/EECS-2010-5 (2010)

    Google Scholar 

  9. Yu, H., Powell, N., Stembridge, D., Yuan, X.: Cloud computing and security challenges. In: Proceedings of the 50th Annual Southeast Regional Conference, New York, NY, USA, pp. 298–302 (2012)

    Google Scholar 

  10. Iankoulova, I., Daneva, M.: Cloud computing security requirements: A systematic review. In: RCIS 2012, pp. 1–7 (2012)

    Google Scholar 

  11. NIST, Cloud Computing Security Working Group, Challenging Security Requirements for US Government Cloud Computing Adoption (Draft) (November 2011)

    Google Scholar 

  12. Badger, L., Grance, T., Patt-Corner, R., Voas, J.: Draft-NIST-SP800-146-NIST Draft Cloud Computing Synopsis and Recommendations. Recommendations of the National Institute of Standards and Technology, http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf (accessed on September 12, 2012)

  13. Huth, A., Cebula, J.: The Basics of Cloud Computing. USCERT http://www.us-cert.gov/sites/default/files/publications/CloudComputingHuthCebula.pdf (accessed on December 12, 2012)

  14. Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering 34(1), 133–153 (2008)

    Article  Google Scholar 

  15. Dubois, E., Mouratidis, H.: Guest editorial: security requirements engi-neering: past, present and future. Requir. Eng. 15(1), 1–5 (2010)

    Article  Google Scholar 

  16. Cloud Security Alliance, Top Threats to Cloud Computing, V1.0 by Cloud Security Alliance (March 2010)

    Google Scholar 

  17. Rosado, D.G., Mellado, D.: Security Engineering for Cloud Computing: Approaches and Tools. IGI Global Snippet (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Security, Military College of Signals, National University of Sciences & Technology (NUST), Islamabad, Pakistan

    Rida Naveed & Haider Abbas

  2. Centre of Excellence in Information Assurance (COEIA), King Saud University, Riyadh, Saudi Arabia

    Haider Abbas

Authors
  1. Rida Naveed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haider Abbas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rida Naveed .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul University of Science & and Technology (SeoulTech), Seoul, Korea, Republic of (South Korea)

    James J. (Jong Hyuk) Park

  2. SEECS, University of Ottawa, Ottawa, Ontario, Canada

    Ivan Stojmenovic

  3. School of Information and Communication Engineering, Chungbuk National University, Chungbuk, Korea, Republic of (South Korea)

    Min Choi

  4. Department of Languages and Informatics Systems, Polytechnic University of Catalonia, Barcelona, Spain

    Fatos Xhafa

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Naveed, R., Abbas, H. (2014). Security Requirements Specification Framework for Cloud Users. In: Park, J., Stojmenovic, I., Choi, M., Xhafa, F. (eds) Future Information Technology. Lecture Notes in Electrical Engineering, vol 276. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40861-8_43

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40861-8_43

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40860-1

  • Online ISBN: 978-3-642-40861-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation