Next Article in Journal
Joint AP Association and Bandwidth Allocation Optimization Algorithm in High-Dense WLANs
Previous Article in Journal
Hybrid Approach with Improved Genetic Algorithm and Simulated Annealing for Thesis Sampling
Article Menu
Issue 8 (August) cover image

Export Article

Open AccessArticle
Future Internet 2018, 10(8), 72; https://doi.org/10.3390/fi10080072

Context Analysis of Cloud Computing Systems Using a Pattern-Based Approach

paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen, 47157 Duisburg, Germany
These authors are ordered alphabetically and contributed equally to this work.
*
Author to whom correspondence should be addressed.
Received: 14 June 2018 / Revised: 21 July 2018 / Accepted: 29 July 2018 / Published: 31 July 2018
(This article belongs to the Special Issue Security Patterns in Industry)
Full-Text   |   PDF [2040 KB, uploaded 10 August 2018]   |  

Abstract

Cloud computing services bring new capabilities for hosting and offering complex collaborative business operations. However, these advances might bring undesirable side-effects, e.g., introducing new vulnerabilities and threats caused by collaboration and data exchange over the Internet. Hence, users have become more concerned about security and privacy aspects. For secure provisioning of a cloud computing service, security and privacy issues must be addressed by using a risk assessment method. To perform a risk assessment, it is necessary to obtain all relevant information about the context of the considered cloud computing service. The context analysis of a cloud computing service and its underlying system is a difficult task because of the variety of different types of information that have to be considered. This context information includes (i) legal, regulatory and/or contractual requirements that are relevant for a cloud computing service (indirect stakeholders); (ii) relations to other involved cloud computing services; (iii) high-level cloud system components that support the involved cloud computing services; (iv) data that is processed by the cloud computing services; and (v) stakeholders that interact directly with the cloud computing services and/or the underlying cloud system components. We present a pattern for the contextual analysis of cloud computing services and demonstrate the instantiation of our proposed pattern with real-life application examples. Our pattern contains elements that represent the above-mentioned types of contextual information. The elements of our pattern conform to the General Data Protection Regulation. Besides the context analysis, our pattern supports the identification of high-level assets. Additionally, our proposed pattern supports the documentation of the scope and boundaries of a cloud computing service conforming to the requirements of the ISO 27005 standard (information security risk management). The results of our context analysis contribute to the transparency of the achieved security and privacy level of a cloud computing service. This transparency can increase the trust of users in a cloud computing service. We present results of the RestAssured project related to the context analysis regarding cloud computing services and their underlying cloud computing systems. The context analysis is the prerequisite to threat and control identification that are performed later in the risk management process. The focus of this paper is the use of a pattern at the time of design systematic context analysis and scope definition for risk management methods. View Full-Text
Keywords: cloud computing; information security; data protection; context analysis; pattern cloud computing; information security; data protection; context analysis; pattern
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Goeke, L.; Mohammadi, N.G.; Heisel, M. Context Analysis of Cloud Computing Systems Using a Pattern-Based Approach. Future Internet 2018, 10, 72.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top