Security requirements specification framework for cloud users

Abstract

Cloud computing has gained significance due to its accessibility and highly scalable computing resources in today's emerging IT technologies. These cloud resources are shared among all cloud entities at different levels of operation. And due to its complex architecture it is prone to a number of security threats. These security and privacy challenges must be taken into consideration by organizations when they have to outsource their data, infrastructure and applications into a cloud environment. The objective of this paper is twofold i.e. it highlights critical security challenges introduced in cloud environment, specific security requirements are analyzed for cloud users and a framework for engineering these security requirements is also presented. The paper proposes a cloud security assurance framework that helps users by providing a methodology for identifying security requirements of their assets at early stages of the cloud deployment process. It also provides mechanism to specify cloud system's deployment requirements. © 2014 Springer-Verlag.