Home > Research > Publications & Outputs > A methodology for the development and verificat...
View graph of relations

A methodology for the development and verification of access control systems in cloud computing

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNOther chapter contribution

Published
Publication date2013
Host publicationCollaborative, Trusted and Privacy-Aware e/m-Services
EditorsChristos Douligeris, Nineta Polemi, Athanasios Karantjias, Winfried Lamersdorf
Place of PublicationBerlin
PublisherSpringer Verlag
Pages88-99
Number of pages12
ISBN (electronic)9783642374371
ISBN (print)9783642374364
<mark>Original language</mark>English

Publication series

NameIFIP Advances in Information and Communication Technology
PublisherSpringer
Volume399
ISSN (Print)1868-4238
ISSN (electronic)1868-422X

Abstract

Cloud computing is an emergent technology that has generated significant interest in the marketplace and is forecasted for high growth. Moreover, Cloud computing has a great impact on different type of users from individual consumers and businesses to small and medium size (SMBs) and enterprise businesses. Although there are many benefits to adopting Cloud computing, there are significant barriers to adoption, viz. security and privacy. In this paper, we focus on carefully planning security aspects regarding access control of Cloud computing solutions before implementing them and, furthermore, on ensuring they satisfy particular organizational security requirements. Specifically, we propose a methodology for the development of access control systems. The methodology is capable of utilizing existing security requirements engineering approaches for the definition and evaluation of access control models, and verification of access control systems against organizational security requirements using techniques that are based on formal methods. A proof of concept example is provided that demonstrates the application of the proposed methodology on Cloud computing systems.