Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Other chapter contribution
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Other chapter contribution
}
TY - CHAP
T1 - A methodology for the development and verification of access control systems in cloud computing
AU - Gouglidis, Antonios
AU - Mavridis, Ioannis
PY - 2013
Y1 - 2013
N2 - Cloud computing is an emergent technology that has generated significant interest in the marketplace and is forecasted for high growth. Moreover, Cloud computing has a great impact on different type of users from individual consumers and businesses to small and medium size (SMBs) and enterprise businesses. Although there are many benefits to adopting Cloud computing, there are significant barriers to adoption, viz. security and privacy. In this paper, we focus on carefully planning security aspects regarding access control of Cloud computing solutions before implementing them and, furthermore, on ensuring they satisfy particular organizational security requirements. Specifically, we propose a methodology for the development of access control systems. The methodology is capable of utilizing existing security requirements engineering approaches for the definition and evaluation of access control models, and verification of access control systems against organizational security requirements using techniques that are based on formal methods. A proof of concept example is provided that demonstrates the application of the proposed methodology on Cloud computing systems.
AB - Cloud computing is an emergent technology that has generated significant interest in the marketplace and is forecasted for high growth. Moreover, Cloud computing has a great impact on different type of users from individual consumers and businesses to small and medium size (SMBs) and enterprise businesses. Although there are many benefits to adopting Cloud computing, there are significant barriers to adoption, viz. security and privacy. In this paper, we focus on carefully planning security aspects regarding access control of Cloud computing solutions before implementing them and, furthermore, on ensuring they satisfy particular organizational security requirements. Specifically, we propose a methodology for the development of access control systems. The methodology is capable of utilizing existing security requirements engineering approaches for the definition and evaluation of access control models, and verification of access control systems against organizational security requirements using techniques that are based on formal methods. A proof of concept example is provided that demonstrates the application of the proposed methodology on Cloud computing systems.
KW - Security
KW - Inter-organizational systems
KW - Cloud business
KW - Verification
U2 - 10.1007/978-3-642-37437-1_8
DO - 10.1007/978-3-642-37437-1_8
M3 - Other chapter contribution
SN - 9783642374364
T3 - IFIP Advances in Information and Communication Technology
SP - 88
EP - 99
BT - Collaborative, Trusted and Privacy-Aware e/m-Services
A2 - Douligeris, Christos
A2 - Polemi, Nineta
A2 - Karantjias, Athanasios
A2 - Lamersdorf, Winfried
PB - Springer Verlag
CY - Berlin
ER -