Building a security reference architecture for cloud systems. Issue 2 (June 2016)
- Record Type:
- Journal Article
- Title:
- Building a security reference architecture for cloud systems. Issue 2 (June 2016)
- Main Title:
- Building a security reference architecture for cloud systems
- Authors:
- Fernandez, Eduardo
Monge, Raul
Hashizume, Keiko - Abstract:
- Abstract Reference architectures (RAs) are useful tools to understand and build complex systems, and many cloud providers and software product vendors have developed versions of them. RAs describe at an abstract level (no implementation details) the main features of their cloud systems. Security is a fundamental concern in clouds and several cloud vendors provide security reference architectures (SRAs) to describe the security features of their services. A SRA is an abstract architecture describing a conceptual model of security for a cloud system and provides a way to specify security requirements for a wide range of concrete architectures. We propose here a method to build a SRA for clouds defined using UML models and patterns, which goes beyond existing models in providing a global view and a more precise description. We present a metamodel as well as security and misuse patterns for this purpose. We validate our approach by showing that it can describe more precisely existing models and that it has a variety of uses. We describe in detail one of these uses, a way of evaluating the security level of a SRA.
- Is Part Of:
- Requirements engineering. Volume 21:Issue 2(2016)
- Journal:
- Requirements engineering
- Issue:
- Volume 21:Issue 2(2016)
- Issue Display:
- Volume 21, Issue 2 (2016)
- Year:
- 2016
- Volume:
- 21
- Issue:
- 2
- Issue Sort Value:
- 2016-0021-0002-0000
- Page Start:
- 225
- Page End:
- 249
- Publication Date:
- 2016-06
- Subjects:
- Security reference architecture -- Security patterns -- Reference architecture -- Security requirements -- Secure software development -- Cloud computing -- IaaS security
Requirements engineering -- Periodicals
Software engineering -- Periodicals
Computer software -- Development -- Periodicals
Logiciels -- Développement -- Périodiques
Génie logiciel -- Périodiques
005.12 - Journal URLs:
- http://firstsearch.oclc.org ↗
http://firstsearch.oclc.org/journal=0947-3602;screen=info;ECOIP ↗
http://link.springer-ny.com/link/service/journals/00766/index.htm ↗
http://www.springerlink.com/content/0947-3602/ ↗
http://www.springer.com/gb/ ↗ - DOI:
- 10.1007/s00766-014-0218-7 ↗
- Languages:
- English
- ISSNs:
- 0947-3602
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 7713.844000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 10044.xml