Security is considered as an important aspect of software systems, especially in the context of cloud computing. Nevertheless current practises towards securing software systems fail to take into account security issues during the early development stages and also cannot properly address the unique characteristics and needs of the cloud environment. To address such issues, Secure Tropos has been developed as a securityoriented requirements engineering approach, o ering a modelling language and sets of diagrams which facilitate the elicitation and elaboration of security features for software systems. In this work we introduce Secure Tropos by discussing its main concepts, their relations and the main diagrams used to capture the di erent aspects of a software system. SecTro, a CASE tool developed speci cally for the creation and analysis of Secure Tropos diagrams, is used to model a case study as an illustrative example. Finally, future work on expanding the functionalities o ered by Secure Tropos are discussed
Abstract-Cloud computing provides a wide range of services to organisations in a flexible and cost efficient manner. Nevertheless, inherent cloud security issues make organisations hesitant towards the migration of their services to cloud. In parallel, the cloud service-oriented nature requires a specific and more demanding description of the business functional requirements intended for migration. Organisations need to transform their functional requirements based on a specific language, taking into account the respective non-functional requirements of the migrating services. Thus, the need for an approach that will holistically capture organisations' security and privacy requirements and transform them to cloud service requirements is immense. To this end, this paper presents an approach that takes as input abstract security and privacy requirements and produces through a semi-automatic process various alternative implementation options for cloud services. To achieve that a series of model transformations are utilised in order to create a mapping between the organisational and the operational level of the system's analysis.
We extend an existing visual language for requirements modelling to model the requirements of cloud services. To achieve this we demonstrate how candidate cloud services can be identified from existing visual requirements models. We further extend the meta-model of the visual language to include cloud requirements in order to migrate our candidate service to a cloud provider.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.