Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts

One of the major research challenges for the successful deployment of cloud services is a clear understanding of security and privacy issues on a cloud environment, since cloud architecture has dissimilarities compared to traditional distributed systems. Such differences might introduce new threats and require a different treatment of security and privacy issues. It is therefore important to understand security and privacy within the context of cloud computing and identify relevant security and privacy properties and threats that will support techniques and methodologies aimed to analyze and design secure cloud based systems.

[1]  Evangelia Kavakli,et al.  Pris Tool: A Case Tool For Privacy-Oriented Requirements Engineering , 2009, MCIS.

[2]  Farzad Sabahi,et al.  Cloud computing security threats and responses , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[3]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[4]  Ruby B. Lee,et al.  A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems Workshops.

[5]  Stefanos Gritzalis,et al.  Incorporating privacy requirements into the system design process: The PriS conceptual framework , 2006, Internet Res..

[6]  Brian Hayes,et al.  What Is Cloud Computing? , 2019, Cloud Technologies.

[7]  S. Fischer-h bner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[8]  Ian Sommerville,et al.  Decision Support Tools for Cloud Migration in the Enterprise , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[9]  Haralambos Mouratidis,et al.  Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations , 2010, REFSQ.

[10]  Stefanos Gritzalis,et al.  Methods for Designing Privacy Aware Information Systems: A Review , 2009, 2009 13th Panhellenic Conference on Informatics.

[11]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.

[12]  Birgit Pfitzmann,et al.  Rechtssicherheit trotz Anonymität in offenen digitalen Systemen , 1990 .

[13]  E. Weippl,et al.  A Goal-Driven Risk Management Approach to Support Security and Privacy Analysis of Cloud-Based System , 2013 .

[14]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[15]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[16]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[17]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[18]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[19]  Stefanos Gritzalis,et al.  Protecting privacy in system design: the electronic voting case , 2007 .

[20]  Stefanos Gritzalis,et al.  PriS Methodology: Incorporating Privacy Requirements into the System Design Process , 2005 .

[21]  Qiaoyan Wen,et al.  A View about Cloud Data Security from Data Life Cycle , 2010, 2010 International Conference on Computational Intelligence and Software Engineering.

[22]  J. C. Cannon Privacy: What Developers and IT Professionals Should Know , 2004 .

[23]  Haralambos Mouratidis,et al.  Model Based Process to Support Security and Privacy Requirements Engineering , 2012, Int. J. Secur. Softw. Eng..

[24]  Peng Ning,et al.  Managing security of virtual machine images in a cloud environment , 2009, CCSW '09.

[25]  S. Gritzalis,et al.  Dealing with privacy issues during the system design process , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[26]  Stefanos Gritzalis,et al.  Security Requirements Engineering for e-Government Applications: Analysis of Current Frameworks , 2004, EGOV.

[27]  Qiang Zhang,et al.  The Characteristics of Cloud Computing , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[28]  S. Fischer-Hübner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[29]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[30]  Jan Jürjens,et al.  Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec , 2010, Requirements Engineering.

[31]  Rajkumar Buyya,et al.  Introduction to Cloud Computing , 2011, CloudCom 2011.

[32]  Bernd Grobauer,et al.  Towards incident handling in the cloud: challenges and approaches , 2010, CCSW '10.

[33]  Annie I. Antón,et al.  Evaluating existing security and privacy requirements for legal compliance , 2009, Requirements Engineering.

[34]  Haralambos Mouratidis,et al.  Aligning Security and Privacy to Support the Development of Secure Information Systems , 2012, J. Univers. Comput. Sci..

[35]  S. K. Dubey,et al.  Security and Privacy in Cloud Computing: A Survey , 2013 .

[36]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.