论文信息 - A systems-of-systems security framework for requirements definition in cloud environment

A systems-of-systems security framework for requirements definition in cloud environment

There are many aspects that involve the development of secure software. Regardless of the development model, the verification and validation of security must always be present, in all environments and stages. Systems-of-Systems (SoS) refer to a complex system that comprises other systems (the constituent systems), which have operational and managerial independence, geographical distribution, emergent behavior, and evolutionary development processes. By integrating cloud computing applications and services into a complex existing system, many challenges arise, especially those related to security issues. In this paper, it is proposed a security framework to guide the planning and definition phases of security requirements for SoS considering agile methods for application development and a DevSecOps approach. By using a checklist and some questions to identify which security aspects should be included, security drivers were obtained to integrate cloud computing in a SoS context, taking into account the perspectives of existing IT Governance Model, IT Operational Model, and IT Processes. Additionally, it is emphasized the need for a human resources management that aims at the positive acceptance of organizational change by all involved.

Denise Hideko Goya | Sara B. O. Gennari Carturan | D. Goya | S. B. O. G. Carturan

[1] Jessica Schulze,et al. Understanding Human Values Individual And Societal , 2016 .

[2] Johannes Fottner,et al. Deploying microservices for a cloud-based design of system-of-systems in intralogistics , 2017, 2017 IEEE 15th International Conference on Industrial Informatics (INDIN).

[3] Ronald S. Ross,et al. Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems | NIST , 2016 .

[4] Erica Smith,et al. Strategy and human resource management , 2013 .

[5] Peter Boxall,et al. Human resource management: what and why? , 2016 .

[6] Raymond A. Noe,et al. Human Resource Management : Gaining a Competitive Advantage , 1994 .

[7] Tomi Männistö,et al. DevOps Adoption Benefits and Challenges in Practice: A Case Study , 2016, PROFES.

[8] Carl B Traylor. Project Management: A Systems Approach to Planning, Scheduling, and Controlling , 2014 .

[9] S. Schwartz. An Overview of the Schwartz Theory of Basic Values , 2012 .

[10] M. Rokeach. The Nature Of Human Values , 1974 .

[11] S. Schwartz. Universals in the Content and Structure of Values: Theoretical Advances and Empirical Tests in 20 Countries , 1992 .