Towards a Unified Secure Cloud Service Development and Deployment Life-Cycle

Authors

Aleksandar Hudic (AIT Austrian Institute of Technology GmbH), Matthias Flittner (Karlsruhe Institute of Technology), Thomas Lorünser (AIT Austrian Institute of Technology GmbH), Philipp M. Radl (AIT Austrian Institute of Technology GmbH), Roland Bless (Karlsruhe Institute of Technology)

Abstract

Designing and developing cloud services is a challenging task that includes requirements engineering, secure service deployment, maintenance, assurance that proper actions have been taken to support security and, in addition, considering legal aspects. This is unfortunately not possible by taking current methods and techniques into consideration. Therefore, we require a systematic and comprehensive approach for building such services that starts the integration of security concerns from early stages of design and development, and continuous to refines and integrate them in the deployment phase. In this paper we therefore propose a solution that integrates security requirements engineering and continuous refinement in a comprehensive security development and deployment life-cycle for cloud services and applications. Our approach is focused on iterative refinement of the security-based requirements during both software engineering (development phase) and software maintenance (deployment phase).

Conference

Workshop on Software Assurance.

Publication Reference

Aleksandar Hudic, Matthias Flittner, Thomas Lorünser, Philipp M. Radl, and Roland Bless. "Towards a Unified Secure Cloud Service Development and Deployment Life-Cycle", in: SAW@ARES, pp. 428-436, IEEE.

[Download]

Bibtex

@inproceedings{hflrb16,
  Author     = {Aleksandar Hudic and Matthias Flittner and Thomas Lor{"u}nser and Philipp M. Radl and Roland Bless},
  Title     = {{Towards a Unified Secure Cloud Service Development and Deployment Life-Cycle}},
  Booktitle    = {SAW@ARES 2016},
  Publisher  = {IEEE},
  pages = {428--436}
}