Premium
Modeling security requirements for cloud‐based system development
Author(s) -
Ficco Massimo,
Palmieri Francesco,
Castiglione Aniello
Publication year - 2014
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.3402
Subject(s) - cloud computing , computer science , cloud computing security , flexibility (engineering) , computer security , outsourcing , computer security model , software engineering , statistics , mathematics , political science , law , operating system
Summary The Cloud Computing paradigm provides a new model for the more flexible utilization of computing and storage services. However, such enhanced flexibility, which implies outsourcing the data and business applications to a third party, may introduce critical security issues. Therefore, there is a clear necessity of new security paradigms able to face all the problems introduced by the cloud approach. Although, in the last years, several solutions have been proposed, the implementation of secure cloud applications and services is still a complex and far from consolidated task. Starting from these considerations, this work fosters the development of a methodology that considers security concerns as an integral part of cloud‐based applications design and implementation. Accordingly, we present a set of stereotypes that defines a vocabulary for annotating Unified Modeling Language based models with information relevant for integrating the specification of security requirements into cloud architectures. This approach can be used to significantly improve productivity and overall success in the development of secure distributed cloud applications and systems. Copyright © 2014 John Wiley & Sons, Ltd.