Inicio  /  Future Internet  /  Vol: 10 Núm: 8 Par: August (2018)  /  Artículo
ARTÍCULO
TITULO

Context Analysis of Cloud Computing Systems Using a Pattern-Based Approach

Ludger Goeke    
Nazila Gol Mohammadi and Maritta Heisel    

Resumen

Cloud computing services bring new capabilities for hosting and offering complex collaborative business operations. However, these advances might bring undesirable side-effects, e.g., introducing new vulnerabilities and threats caused by collaboration and data exchange over the Internet. Hence, users have become more concerned about security and privacy aspects. For secure provisioning of a cloud computing service, security and privacy issues must be addressed by using a risk assessment method. To perform a risk assessment, it is necessary to obtain all relevant information about the context of the considered cloud computing service. The context analysis of a cloud computing service and its underlying system is a difficult task because of the variety of different types of information that have to be considered. This context information includes (i) legal, regulatory and/or contractual requirements that are relevant for a cloud computing service (indirect stakeholders); (ii) relations to other involved cloud computing services; (iii) high-level cloud system components that support the involved cloud computing services; (iv) data that is processed by the cloud computing services; and (v) stakeholders that interact directly with the cloud computing services and/or the underlying cloud system components. We present a pattern for the contextual analysis of cloud computing services and demonstrate the instantiation of our proposed pattern with real-life application examples. Our pattern contains elements that represent the above-mentioned types of contextual information. The elements of our pattern conform to the General Data Protection Regulation. Besides the context analysis, our pattern supports the identification of high-level assets. Additionally, our proposed pattern supports the documentation of the scope and boundaries of a cloud computing service conforming to the requirements of the ISO 27005 standard (information security risk management). The results of our context analysis contribute to the transparency of the achieved security and privacy level of a cloud computing service. This transparency can increase the trust of users in a cloud computing service. We present results of the RestAssured project related to the context analysis regarding cloud computing services and their underlying cloud computing systems. The context analysis is the prerequisite to threat and control identification that are performed later in the risk management process. The focus of this paper is the use of a pattern at the time of design systematic context analysis and scope definition for risk management methods.

 Artículos similares

       
 
Mohammad Barooni and Deniz Velioglu Sogut    
The design and optimization of floating offshore wind turbines (FOWTs) pose significant challenges, stemming from the complex interplay among aerodynamics, hydrodynamics, structural dynamics, and control systems. In this context, this study introduces an... ver más

 
Yuchen Wang, Adeela Gulzari and Victor Prybutok    
This study investigates the understudied area of motivational factors influencing the rental intention of electric vehicles (EVs) within the context of their integration into urban transportation to combat air pollution and reduce carbon footprints and e... ver más

 
Julián Pulecio-Díaz, Miguel Sol-Sánchez and Fernando Moreno-Navarro    
Roller-compacted concrete (RCC) pavements have been the subject of studies focused on their increasing deterioration over time due to the influence of vehicular loading and ambient factors in humidity and temperature conditions ranging from medium to low... ver más
Revista: Infrastructures

 
Tamim Mahmud Al-Hasan, Aya Nabil Sayed, Faycal Bensaali, Yassine Himeur, Iraklis Varlamis and George Dimitrakopoulos    
Recommender systems are a key technology for many applications, such as e-commerce, streaming media, and social media. Traditional recommender systems rely on collaborative filtering or content-based filtering to make recommendations. However, these appr... ver más

 
Chen Zhang, Celimuge Wu, Min Lin, Yangfei Lin and William Liu    
In the advanced 5G and beyond networks, multi-access edge computing (MEC) is increasingly recognized as a promising technology, offering the dual advantages of reducing energy utilization in cloud data centers while catering to the demands for reliabilit... ver más
Revista: Future Internet