CSPM: Metamodel for Handling Security and Privacy Knowledge in Cloud Service Development

Security and privacy in cloud systems are critical. To address security and privacy concerns, many security patterns, privacy patterns, and non-pattern-based knowledge have been reported. However, knowing which pattern or combination of patterns to use in a specific scenario is challenging due to the sheer volume of options and the layered cloud stack. To deal with security and privacy in cloud services, this study proposes the cloud security and privacy metamodel (CSPM). CSPM uses a consistent approach to classify and handle existing security and privacy patterns. In addition, CSPM is used to develop a security and privacy awareness process to develop cloud systems. The effectiveness and practicality of CSPM is demonstrated via several case studies. KeywoRDS Cloud Computing, Privacy Patterns, Security Patterns, Software and System Architecture, Software Patterns

[1]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[2]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[3]  José M. del Álamo,et al.  Towards Organizing the Growing Knowledge on Privacy Engineering , 2017, Privacy and Identity Management.

[4]  Atsuo Hazeyama,et al.  Taxonomy and Literature Survey of Security Pattern Research , 2018, 2018 IEEE Conference on Application, Information and Network Security (AINS).

[5]  Eduardo B. Fernández,et al.  Building a security reference architecture for cloud systems , 2016, Requirements Engineering.

[6]  Hironori Washizaki Security patterns: Research direction, metamodel, application and verification , 2017, 2017 International Workshop on Big Data and Information Security (IWBIS).

[7]  Dirk Riehle,et al.  Understanding and Using Patterns in Software Development , 1996, Theory Pract. Object Syst..

[8]  Eduardo B. Fernández,et al.  Cloud Security and Privacy Metamodel - Metamodel for Security and Privacy Knowledge in Cloud Services , 2018, MODELSWARD.

[9]  Atsuo Hazeyama,et al.  A Metamodel for Security and Privacy Knowledge in Cloud Services , 2016, 2016 IEEE World Congress on Services (SERVICES).

[10]  Bojan Spasic,et al.  Security Pattern for Cloud SaaS: from system and data security to privacy , 2018, 2018 4th International Conference on Cloud Computing Technologies and Applications (Cloudtech).

[11]  Eduardo B. Fernández,et al.  Misuse patterns for cloud computing , 2011, AsianPLoP '11.

[12]  Eduardo B. Fernández,et al.  Modeling and Security in Cloud Ecosystems , 2016, Future Internet.

[13]  José M. del Álamo,et al.  A Metamodel for Privacy Engineering Methods , 2017, IWPE@SP.

[14]  Eduardo B. Fernandez,et al.  Three Misuse Patterns for Cloud Computing , 2013 .

[15]  Eduardo B. Fernández,et al.  Abstract security patterns for requirements and analysis of secure systems , 2014, CIbSE.

[16]  Shareeful Islam,et al.  A unified framework for cloud security transparency and audit , 2020, J. Inf. Secur. Appl..

[17]  Eduardo B. Fernández,et al.  Patterns for security and privacy in cloud ecosystems , 2015, 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE).

[18]  Haralambos Mouratidis,et al.  A security requirements modelling language for cloud computing environments , 2019, Software and Systems Modeling.

[19]  Sebastian Herold,et al.  A Literature Study on Privacy Patterns Research , 2017, 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA).

[20]  Hironori Washizaki,et al.  Using Security Patterns to Develop Secure Systems—Ten Years Later , 2018 .

[21]  Atsuo Hazeyama,et al.  Survey on Body of Knowledge Regarding Software Security , 2012, 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[22]  Imre Lendak,et al.  STRIDE to a Secure Smart Grid in a Hybrid Cloud , 2017, CyberICPS/SECPRE@ESORICS.

[23]  Qing Tan,et al.  Federated Identity Access Broker Pattern for Cloud Computing , 2013, 2013 16th International Conference on Network-Based Information Systems.

[24]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[25]  Thomas Barth,et al.  Model-Driven Privacy and Security in Multi-modal Social Media UIs , 2011, MSM/MUSE.

[26]  Bashar Nuseibeh,et al.  Security patterns: comparing modeling approaches , 2010 .

[27]  Walid G. Aref,et al.  A Distributed Access Control Architecture for Cloud Computing , 2012, IEEE Software.

[28]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[29]  Jan Jürjens,et al.  Using Security Patterns to Develop Secure Systems , 2011 .

[30]  Haralambos Mouratidis,et al.  A Metamodel for GDPR-based Privacy Level Agreements , 2017, ER Forum/Demos.

[31]  Haralambos Mouratidis,et al.  Assurance of Security and Privacy Requirements for Cloud Deployment Models , 2018, IEEE Transactions on Cloud Computing.

[32]  Hironori Washizaki,et al.  Abstract security patterns , 2008 .

[33]  Kevin Lano,et al.  Towards a Meta-model of the Cloud Computing Resource Landscape , 2013, MODELSWARD.