Cloud Security and Privacy Metamodel - Metamodel for Security and Privacy Knowledge in Cloud Services

Security and privacy are important in cloud services. Numerous security and privacy patterns as well as nonpattern-based knowledge such as practices and principles exist in cloud services. Selecting and combining the appropriate knowledge is difficult due to numerous options and the nature of the layered cloud stack. Herein we propose a metamodel called the Cloud Security and Privacy Metamodel (CSPM) to handle security and privacy in cloud service development and operations. CSPM can classify and support existing cloud security and privacy patterns and practices in a consistent and uniform manner. Moreover, we propose a security and privacy aware process to develop cloud system utilizing CSPM. Several case studies verify the effectiveness and usability of our approach. As a result, we confirmed effectiveness and usability of CSPM, as well as some possible future work.

[1]  Atsuo Hazeyama,et al.  Survey on Body of Knowledge Regarding Software Security , 2012, 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[2]  Dirk Riehle,et al.  Understanding and Using Patterns in Software Development , 1996, Theory Pract. Object Syst..

[3]  Eduardo B. Fernández,et al.  Misuse patterns for cloud computing , 2011, AsianPLoP '11.

[4]  Eduardo B. Fernández,et al.  Patterns to Support the Development of Privacy Policies , 2009, 2009 International Conference on Availability, Reliability and Security.

[5]  Walid G. Aref,et al.  A Distributed Access Control Architecture for Cloud Computing , 2012, IEEE Software.

[6]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[7]  Eduardo B. Fernandez,et al.  Three Misuse Patterns for Cloud Computing , 2013 .

[8]  Eduardo B. Fernández,et al.  Building a security reference architecture for cloud systems , 2016, Requirements Engineering.

[9]  Jan Jürjens,et al.  Using Security Patterns to Develop Secure Systems , 2011 .

[10]  Atsuo Hazeyama,et al.  A Metamodel for Security and Privacy Knowledge in Cloud Services , 2016, 2016 IEEE World Congress on Services (SERVICES).

[11]  Kevin Lano,et al.  Towards a Meta-model of the Cloud Computing Resource Landscape , 2013, MODELSWARD.

[12]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.