SECURING PROCESSES FOR OUTSOURCING INTO THE CLOUD

Sven Wenzel, Christian Wessel, Thorsten Humberg, Jan Jürjens

2012

Abstract

Cloud computing is yet one of the leading developments and depicts the biggest progress in web technologies. It offers a convenient way for using shared and easy accessible resources, in both a web-based and demand-oriented sense. However, cloud computing brings concept-based risks, e.g. the risk of private data becoming publicly available. Outsourcing of services into a cloud computing environment arises numerous compliance and security-problems for the potential customer. Legal as well as business requirements have to be met after migration to a cloud environment. Compliance to laws, industry-specific regulations and other rules have to be kept. In this paper we present the research project SecureClouds and our ongoing research towards security and compliance analysis of processes which are to be outsourced into the cloud. We further show a first prototype of an analytic tool-environment that allows us to examine whether outsourcing of a business process is possible while keeping all security and compliance requirements.

References

  1. BITKOM (2009). Cloud-Computing - Evolution in der Technik. Technical report, BITKOM.
  2. BSI (2006). IT Basic Protection Catalog. Online: http:// www.bsi.bund.de.
  3. Dixon, J. and Jones, T. (2011). Hype cycle for business process management. Technical report, Gartner Study.
  4. Gräuler, M., Martens, and B.; Teuteberg, F. (2011). ITSicherheitsmanagement im Cloud Computing. In Proceedings INFORMATIK 2011, Germany.
  5. Jürjens, J. (2005). Secure Systems Development with UML. Springer, 1. edition.
  6. Jürjens, J. and Shabalin, P. (2007). Tools for secure systems development with UML. In International Journal on Software Tools for Technology Transfer (STTT), Volume 9 (5-6): 527-544.
  7. Knauss, E., Lubke, D., and Meyer, S. (2009). Feedbackdriven requirements engineering: The Heuristic Requirements Assistant. In ICSE'09, Washington, DC.
  8. Mell, P. and Grance, T. (2009). Effectively and Securely Using the Cloud computing Paradigm.
  9. Menzel, M., Thomas, I., and Meinel, C. (2009). Security requirements specification in service-oriented business process management. In ARES.
  10. Michel, M. (2011). Konzeption und Umsetzung eines UMLsecTool-Plugins zur Prüfung von Authorization Constraints für die Prozessmodellierungssprache BPMN 2.0. Bachelor thesis, TU Dortmund, Germany.
  11. Peschke, M., Hirsch, M., Jürjens, J., and Braun, S. (2011). Werkzeuggestützte Identifikation von ITSicherheitsrisiken.
  12. Runeson, P., Alexandersson, M., and Nyholm, O. (2007). Detection of duplicate defect reports using natural language processing. In ICSE'07, Washington, DC.
  13. Schneider, K., Knauss, E., Houmb, S., Islam, S., and Jürjens, J. (2011). Enhancing security requirements engineering by organizational learning. Requirements Engineering, pages 1-22.
  14. W. van der Aalst, H. Reijers, A. Weijters, F. van Dongen, M. Song, H. Verbeck. (2007). Business process mining: An industrial application. Information Systems, Vol. 32, No. 5.
  15. Wolter, C., Menzel, M., and Meinel, C. (2008). Modelling security goals in business processes. In Modellierung 2008, Germany.
Download


Paper Citation


in Harvard Style

Wenzel S., Wessel C., Humberg T. and Jürjens J. (2012). SECURING PROCESSES FOR OUTSOURCING INTO THE CLOUD . In Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CloudSecGov, (CLOSER 2012) ISBN 978-989-8565-05-1, pages 675-680. DOI: 10.5220/0003979306750680


in Bibtex Style

@conference{cloudsecgov12,
author={Sven Wenzel and Christian Wessel and Thorsten Humberg and Jan Jürjens},
title={SECURING PROCESSES FOR OUTSOURCING INTO THE CLOUD},
booktitle={Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CloudSecGov, (CLOSER 2012)},
year={2012},
pages={675-680},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003979306750680},
isbn={978-989-8565-05-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CloudSecGov, (CLOSER 2012)
TI - SECURING PROCESSES FOR OUTSOURCING INTO THE CLOUD
SN - 978-989-8565-05-1
AU - Wenzel S.
AU - Wessel C.
AU - Humberg T.
AU - Jürjens J.
PY - 2012
SP - 675
EP - 680
DO - 10.5220/0003979306750680