Cloud Security Requirements Analysis and Security Policy Development using HOOMT
Abstract
Security continues to be a major challenge for cloud computing, and it is one that must be addressed if cloud computing is to be fully accepted. Most technological means of securing non-cloud computing systems can be either applied directly or modified to secure a cloud; however, no integrated modelbased methodology is yet available to analyze cloud security requirements and develop policies to deal with both internal and external security challenges. This work proposes just such a methodology and demonstrates its application with cases of use. Cloud assets are represented by high-order object models, and misuse cases together with mal-activity swimlane diagrams are developed to assess security threats hierarchically. Cloud security requirements are then specified, and policies are developed to meet them. Examples show how the methodology can be used to elicit, identify, analyze, and develop cloud security requirements and policies using a structured approach, and a case study evaluates its application. Finally, the work shows how the prevention and mitigation security policies presented here can be conveniently incorporated into the normal functionality of a cloud computing system.
Recommended Citation
K. K. Fletcher and X. F. Liu, "Cloud Security Requirements Analysis and Security Policy Development using HOOMT," Cloud Computing: Methodology, Systems, and Applications, pp. 553 - 582, Taylor and Francis Group; Taylor and Francis, Jan 2017.
The definitive version is available at https://doi.org/10.1201/b11149
Department(s)
Computer Science
International Standard Book Number (ISBN)
978-143985642-0;978-143985641-3
Document Type
Article - Journal
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2024 Taylor and Francis Group; Taylor and Francis, All rights reserved.
Publication Date
01 Jan 2017
