Published in

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

DOI: 10.24251/hicss.2017.587

Links

Tools

Export citation

Search in Google Scholar

A Semi-Automatic Approach for Eliciting Cloud Security and Privacy Requirements

This paper is made freely available by the publisher.
This paper is made freely available by the publisher.

Full text: Download

Question mark in circle
Preprint: policy unknown
Question mark in circle
Postprint: policy unknown
Question mark in circle
Published version: policy unknown

Abstract

Cloud computing provides a wide range of services to organisations in a flexible and cost efficient manner. Nevertheless, inherent cloud security issues make organisations hesitant towards the migration of their services to cloud. In parallel, the cloud service-oriented nature requires a specific and more demanding description of the business functional requirements intended for migration. Organisations need to transform their functional requirements based on a specific language, taking into account the respective non-functional requirements of the migrating services. Thus, the need for an approach that will holistically capture organisations' security and privacy requirements and transform them to cloud service requirements is immense. To this end, this paper presents an approach that takes as input abstract security and privacy requirements and produces through a semi-automatic process various alternative implementation options for cloud services. To achieve that a series of model transformations are utilised in order to create a mapping between the organisational and the operational level of the system's analysis.