IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v10y2018i8p72-d160984.html
   My bibliography  Save this article

Context Analysis of Cloud Computing Systems Using a Pattern-Based Approach

Author

Listed:
  • Ludger Goeke

    (paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen, 47157 Duisburg, Germany
    These authors are ordered alphabetically and contributed equally to this work.)

  • Nazila Gol Mohammadi

    (paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen, 47157 Duisburg, Germany
    These authors are ordered alphabetically and contributed equally to this work.)

  • Maritta Heisel

    (paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen, 47157 Duisburg, Germany)

Abstract

Cloud computing services bring new capabilities for hosting and offering complex collaborative business operations. However, these advances might bring undesirable side-effects, e.g., introducing new vulnerabilities and threats caused by collaboration and data exchange over the Internet. Hence, users have become more concerned about security and privacy aspects. For secure provisioning of a cloud computing service, security and privacy issues must be addressed by using a risk assessment method. To perform a risk assessment, it is necessary to obtain all relevant information about the context of the considered cloud computing service. The context analysis of a cloud computing service and its underlying system is a difficult task because of the variety of different types of information that have to be considered. This context information includes (i) legal, regulatory and/or contractual requirements that are relevant for a cloud computing service (indirect stakeholders); (ii) relations to other involved cloud computing services; (iii) high-level cloud system components that support the involved cloud computing services; (iv) data that is processed by the cloud computing services; and (v) stakeholders that interact directly with the cloud computing services and/or the underlying cloud system components. We present a pattern for the contextual analysis of cloud computing services and demonstrate the instantiation of our proposed pattern with real-life application examples. Our pattern contains elements that represent the above-mentioned types of contextual information. The elements of our pattern conform to the General Data Protection Regulation. Besides the context analysis, our pattern supports the identification of high-level assets. Additionally, our proposed pattern supports the documentation of the scope and boundaries of a cloud computing service conforming to the requirements of the ISO 27005 standard (information security risk management). The results of our context analysis contribute to the transparency of the achieved security and privacy level of a cloud computing service. This transparency can increase the trust of users in a cloud computing service. We present results of the RestAssured project related to the context analysis regarding cloud computing services and their underlying cloud computing systems. The context analysis is the prerequisite to threat and control identification that are performed later in the risk management process. The focus of this paper is the use of a pattern at the time of design systematic context analysis and scope definition for risk management methods.

Suggested Citation

  • Ludger Goeke & Nazila Gol Mohammadi & Maritta Heisel, 2018. "Context Analysis of Cloud Computing Systems Using a Pattern-Based Approach," Future Internet, MDPI, vol. 10(8), pages 1-27, July.
    • Handle: RePEc:gam:jftint:v:10:y:2018:i:8:p:72-:d:160984
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/10/8/72/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/10/8/72/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Umar Mukhtar Ismail & Shareeful Islam & Moussa Ouedraogo & Edgar Weippl, 2016. "A Framework for Security Transparency in Cloud Computing," Future Internet, MDPI, vol. 8(1), pages 1-22, February.
    2. Eduardo B. Fernandez & Nobukazu Yoshioka & Hironori Washizaki & Madiha H. Syed, 2016. "Modeling and Security in Cloud Ecosystems," Future Internet, MDPI, vol. 8(2), pages 1-15, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Abdulrahman K. Alnaim, 2022. "Misuse Patterns from the Threat of Modification of Non-Control Data in Network Function Virtualization," Future Internet, MDPI, vol. 14(7), pages 1-17, June.
    2. Osama Abied & Othman Ibrahim & Siti Nuur-Ila Mat Kamal & Ibrahim M. Alfadli & Weam M. Binjumah & Norafida Ithnin & Maged Nasser, 2022. "Probing Determinants Affecting Intention to Adopt Cloud Technology in E-Government Systems," Sustainability, MDPI, vol. 14(23), pages 1-29, November.
    3. Pusp Raj Joshi & Shareeful Islam & Syed Islam, 2017. "A Framework for Cloud Based E-Government from the Perspective of Developing Countries," Future Internet, MDPI, vol. 9(4), pages 1-26, November.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:10:y:2018:i:8:p:72-:d:160984. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.