Cloud Computing is an evolving paradigm that is radically changing the way humans store, share and access their digital files. Despite the many benefits, such as the introduction of a rapid elastic resource pool, and on-demand service, the paradigm also creates challenges for both users and providers. In particular, there are issues related to security and privacy, such as unauthorized access, loss of privacy, data replication and regulatory violation that require adequate attention. Nevertheless, and despite the recent research interest in developing software engineering techniques to support systems based on the cloud, the literature fails to provide a systematic and structured approach that enables software engineers to identify security and privacy requirements and select a suitable cloud service provider based on such requirements. This paper presents a novel framework that fills this gap. Our framework incorporates a modelling language and it provides a structured process that supports elicitation of security and privacy requirements and the selection of a cloud provider based on the satisfiability of the service provider to the relevant security and privacy requirements. To illustrate our work, we present results from a real case study.
Cyber security in a supply chain (SC) provides an organization the secure network facilities to meet its overall business objectives. The integration of technologies has improved business processes, increased production speed, and reduced distribution costs. However, the increased interdependencies among various supply chain stakeholders have brought many challenges including lack of third party audit mechanisms and cascading cyber threats. This has led to attacks such as the manipulation of the design specifications, alterations, and manipulation during distribution. The aim of this paper is to investigate and understand supply chain threats. In particular, the paper contributes towards modeling and analyzing CSC attacks and cyber threat reporting among supply chain stakeholders. We consider concepts such as goal, actor, attack, TTP, and threat actor relevant to the supply chain, threat model, and requirements domain, and modeled the attack using the widely known STIX threat model. The proposed model was analyzed using a running example of a smart grid case study and an algorithm to model the attack. A discrete probability method for calculating the conditional probabilities was used to determine the attack propagation and cascading effects, and the results showed that our approach effectively analyzed the threats. We have recommended a list of CSC controls to improve the overall security of the studied organization.
A cyber-physical system (CPS) is a combination of physical system components with cyber capabilities that have a very tight interconnectivity. CPS is a widely used technology in many applications, including electric power systems, communications, and transportation, and healthcare systems. These are critical national infrastructures. Cybersecurity attack is one of the major threats for a CPS because of many reasons, including complexity and interdependencies among various system components, integration of communication, computing, and control technology. Cybersecurity attacks may lead to various risks affecting the critical infrastructure business continuity, including degradation of production and performance, unavailability of critical services, and violation of the regulation. Managing cybersecurity risks is very important to protect CPS. However, risk management is challenging due to the inherent complex and evolving nature of the CPS system and recent attack trends. This paper presents an integrated cybersecurity risk management framework to assess and manage the risks in a proactive manner. Our work follows the existing risk management practice and standard and considers risks from the stakeholder model, cyber, and physical system components along with their dependencies. The approach enables identification of critical CPS assets and assesses the impact of vulnerabilities that affect the assets. It also presents a cybersecurity attack scenario that incorporates a cascading effect of threats and vulnerabilities to the assets. The attack model helps to determine the appropriate risk levels and their corresponding mitigation process. We present a power grid system to illustrate the applicability of our work. The result suggests that risk in a CPS of a critical infrastructure depends mainly on cyber-physical attack scenarios and the context of the organization. The involved risks in the studied context are both from the technical and nontechnical aspects of the CPS.
Electric government (e-government) projects in developing countries are facing many challenges to deliver sustainable e-government services. From the existing literature, we found that most of the studies considered lack of technology, and limitations in budgets and human resources as the main hurdles in effective implementation of e-government services. Along with these limitations, we found that the e-government maturity models adopted by developing countries are failing to provide an appropriate strategic plan to deploy sustainable e-government services. While assessing the existing e-government maturity model, we made several observations on the lack of detail, the technology-centric nature, the emphasis on implementation, and the lack of an adoption strategy. This work contributes toward the proposition of a new e-government maturity model that would address the limitations of exiting e-government maturity models, and would support governments in developing countries to achieve sustainable e-government services. To achieve this goal, we considered five determinants-a detailed process, streamlined services, agile accessibility, use of state-of-the-art technology, and trust and awareness. The proposed model was validated by employing an empirical investigation through case-study and survey methods. We found that both the implementers (government) and adopters (users) of the e-government services benefited from the proposed model, resulting in an increased sustainability of e-government services.
Cloud computing is without a doubt one of the most significant innovations presented in the global technological map. This new generation of technology has the potential to positively change our lives since on the one hand it provides capabilities that make our digital lives much easier, than before, while on the other hand it assists developers in creating services that can be disseminated easier and faster, than before, and with significantly less cost.However, one of the major research challenges for the successful deployment of cloud services is a clear understanding of security and privacy issues on a cloud environment, since the cloud architecture has dissimilarities comparing to the traditional distributed systems.Such differences might introduce new threats and require different treatment of security and privacy issues. Nevertheless, current security and privacy requirements engineering techniques and methodologies have not been developed with cloud computing in mind and fail to capture the unique characteristics of such domain. It is therefore important to understand security and privacy within the context of cloud computing and identify relevant security and privacy properties and threats that will support techniques and methodologies aimed to analyze and design secure cloud based systems. The contribution of this paper to the literature is two-fold. Firstly, it provides a clear linkage between a set of critical cloud computing areas with security and privacy threats and properties. Secondly, it introduces a number of requirements for analysis and design methodologies to consider for security and privacy concerns in the cloud.3
Abstract:Managing risks is of paramount importance for enabling a widespread adoption of cloud computing. Users need to understand the risks associated with the process of migrating applications and data, so that appropriate mechanisms can be taken into consideration. However, risk management in cloud computing differs from risk management in a traditional computing environment due to the unique characteristics of the cloud and the users' dependency on the cloud service provider for risk control. This paper presents a risk management framework to support users with cloud migration decisions. In particular, the framework enables users to identify risks, based on the relative importance of the migration goals and analyzed the risks with a semi-quantitative approach. This allows users to make accurate cloud migration decisions, based on specific migration scenarios. Our framework follows basic risk management principles and proposes a novel and structured process and a well-defined method for managing risks and making migration decisions. A practical migration use case about collaborative application such as e-mail and document migration is considered to demonstrate the applicability of our work. The results from the studied context show that risks in cloud computing mainly depend on the specific migration scenario and organization context. A cloud service provider is not alone responsible for mitigating all the risks; hence, depending on the type of risk, the cloud user is also responsible for risk mitigation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.