A Metamodel for Security and Privacy Knowledge in Cloud Services

We propose a metamodel for handling security and privacy in cloud service development and operation. The metamodel is expected to be utilized for building a knowledge base to accumulate, classify and reuse existing cloud security and privacy patterns and practices in a consistent and uniform way. Moreover the metamodel and knowledge base are expected to be utilized for designing and maintaining architectures for cloud service systems incorporating security and privacy.

[1]  Eduardo B. Fernández,et al.  Building a security reference architecture for cloud systems , 2016, Requirements Engineering.

[2]  Eduardo B. Fernández,et al.  Patterns for security and privacy in cloud ecosystems , 2015, 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE).

[3]  Atsuo Hazeyama,et al.  A Metamodel for Handling Security and Privacy in Cloud Service Developments and Operations , 2015 .

[4]  Wouter Joosen,et al.  Do Security Patterns Really Help Designers? , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[5]  K. Supaporn,et al.  An Approach : Constructing the Grammar from Security Pattern , 2007 .

[6]  Jan Jürjens,et al.  Using Security Patterns to Develop Secure Systems , 2011 .

[7]  Mario Piattini,et al.  Security Engineering for Cloud Computing: Approaches and Tools , 2012 .

[8]  Rania Fahim El-Gazzar,et al.  A Literature Review on Cloud Computing Adoption Issues in Enterprises , 2014, TDIT.

[9]  Dirk Riehle,et al.  Understanding and Using Patterns in Software Development , 1996, Theory Pract. Object Syst..

[10]  Eduardo B. Fernández,et al.  Patterns to Support the Development of Privacy Policies , 2009, 2009 International Conference on Availability, Reliability and Security.

[11]  Thomas Barth,et al.  Model-Driven Privacy and Security in Multi-modal Social Media UIs , 2011, MSM/MUSE.

[12]  Eduardo B. Fernández,et al.  Misuse patterns for cloud computing , 2011, AsianPLoP '11.

[13]  Atsuo Hazeyama,et al.  Survey on Body of Knowledge Regarding Software Security , 2012, 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[14]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[15]  Eduardo B. Fernandez,et al.  Three Misuse Patterns for Cloud Computing , 2013 .

[16]  Qing Tan,et al.  Federated Identity Access Broker Pattern for Cloud Computing , 2013, 2013 16th International Conference on Network-Based Information Systems.

[17]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[18]  Ahmed Patel,et al.  A partial equilibrium view on security and privacy , 2008, Inf. Manag. Comput. Secur..

[19]  Walid G. Aref,et al.  A Distributed Access Control Architecture for Cloud Computing , 2012, IEEE Software.

[20]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..