Modelling secure cloud systems based on system requirements

Shei, Shaun; Alcañiz, Luis Márquez; Mouratidis, Haralambos; Delaney, Aidan; Rosado, David G.; Fernandez-Medina, E.

doi:10.1109/espre.2015.7330163

Cited by 6 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Despite the emphasis in business processes extracted from legacy source code, the transformation algorithms introduced by this approach can be utilised for the introduction of security to any available process model, newly designed or already existing. This approach will also be integrated in the extraction activity of a migration process of legacy systems to the cloud (SMILE2Cloud) in which we are currently working [37,38].…”

Section: Resultsmentioning

confidence: 99%

Eliciting Security Requirements for Business Processes of Legacy Systems

Argyropoulos

Alcañiz²,

Mouratidis

et al. 2015

Lecture Notes in Business Information Processing

Self Cite

View full text Add to dashboard Cite

Part 3: Securing EnterprisesInternational audienceThe modernisation of enterprise legacy systems, without compromises in their functionality, is a demanding and time consuming endeavour. To retain the underlying business behaviour during their modernisation, the MARBLETM framework has been developed for the extraction of business process models from their source code. Building on top of that work, in this paper we propose an integrated approach for transforming the extracted legacy process models into Secure Tropos goal models. Such models facilitate the elicitation of security requirements in a high level of abstraction, which are then incorporated back into the process models of the modernised systems as security features. Therefore high level models can be derived from legacy source code with minimal manual intervention, where security can be elaborated by nontechnical stakeholders in alignment with organisational objectives

show abstract

Section: Resultsmentioning

confidence: 99%

Eliciting Security Requirements for Business Processes of Legacy Systems

Argyropoulos

Alcañiz²,

Mouratidis

et al. 2015

Lecture Notes in Business Information Processing

Self Cite

View full text Add to dashboard Cite

show abstract

“…Ecosystems can also be seen as systems of systems and work on that topic may apply to them. Work on software product line architectures is also relevant [28], as well as work on cloud security requirements [29], but these works do not attempt to model a complete ecosystem.…”

Section: Related Workmentioning

confidence: 99%

Modeling and Security in Cloud Ecosystems

et al. 2016

View full text Add to dashboard Cite

Clouds do not work in isolation but interact with other clouds and with a variety of systems either developed by the same provider or by external entities with the purpose to interact with them; forming then an ecosystem. A software ecosystem is a collection of software systems that have been developed to coexist and evolve together. The stakeholders of such a system need a variety of models to give them a perspective of the possibilities of the system, to evaluate specific quality attributes, and to extend the system. A powerful representation when building or using software ecosystems is the use of architectural models, which describe the structural aspects of such a system. These models have value for security and compliance, are useful to build new systems, can be used to define service contracts, find where quality factors can be monitored, and to plan further expansion. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. A pattern is an encapsulated solution to a recurrent problem. We have recently expanded these models to cover fog systems and containers. Fog Computing is a highly-virtualized platform that provides compute, storage, and networking services between end devices and Cloud Computing Data Centers; a Software Container provides an execution environment for applications sharing a host operating system, binaries, and libraries with other containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components. We defined a metamodel to relate security concepts which is being expanded.

show abstract

“…Thus we need to capture the users security and privacy requirements within the context of their organisational environment. There are many methodologies that can be applied to capture and represent these concepts, but we will focus on adapting a modeldriven security approach for eliciting security and privacy requirements and representing, reasoning and addressing the security and privacy issues and impacts on the users software system in a cloud computing environment [21].…”

Section: Introductionmentioning

confidence: 99%

A Semi-Automatic Approach for Eliciting Cloud Security and Privacy Requirements

Argyropoulos¹,

Shei²,

Kalloniatis³

et al. 2017

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

Abstract-Cloud computing provides a wide range of services to organisations in a flexible and cost efficient manner. Nevertheless, inherent cloud security issues make organisations hesitant towards the migration of their services to cloud. In parallel, the cloud service-oriented nature requires a specific and more demanding description of the business functional requirements intended for migration. Organisations need to transform their functional requirements based on a specific language, taking into account the respective non-functional requirements of the migrating services. Thus, the need for an approach that will holistically capture organisations' security and privacy requirements and transform them to cloud service requirements is immense. To this end, this paper presents an approach that takes as input abstract security and privacy requirements and produces through a semi-automatic process various alternative implementation options for cloud services. To achieve that a series of model transformations are utilised in order to create a mapping between the organisational and the operational level of the system's analysis.

show abstract

Modelling secure cloud systems based on system requirements

Cited by 6 publications

References 13 publications

Eliciting Security Requirements for Business Processes of Legacy Systems

Eliciting Security Requirements for Business Processes of Legacy Systems

Modeling and Security in Cloud Ecosystems

A Semi-Automatic Approach for Eliciting Cloud Security and Privacy Requirements

Contact Info

Product

Resources

About