Welcome to the InfoSci Platform
Reference Hub7
A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain

A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain

Kristian Beckers, Isabelle Côté, Ludger Goeke, Selim Güler, Maritta Heisel
Copyright: © 2014 |Volume: 5 |Issue: 2 |Pages: 24
ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466656857|DOI: 10.4018/ijsse.2014040102
Cite Article Cite Article

MLA

Beckers, Kristian, et al. "A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain." IJSSE vol.5, no.2 2014: pp.20-43. http://doi.org/10.4018/ijsse.2014040102

APA

Beckers, K., Côté, I., Goeke, L., Güler, S., & Heisel, M. (2014). A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain. International Journal of Secure Software Engineering (IJSSE), 5(2), 20-43. http://doi.org/10.4018/ijsse.2014040102

Chicago

Beckers, Kristian, et al. "A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain," International Journal of Secure Software Engineering (IJSSE) 5, no.2: 20-43. http://doi.org/10.4018/ijsse.2014040102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.