ABSTRACT
Security continues to be a major challenge for cloud computing, and it is one that must be addressed if cloud computing is to be fully accepted. Most technological means of securing non-cloud computing systems can be either applied directly or modified to secure a cloud; however, no integrated model-based methodology is yet available to analyze cloud security requirements and develop policies to deal with both internal and external security challenges. This work proposes just such a methodology and demonstrates its application with cases of use. Cloud assets are represented by high-order object models, 554and misuse cases together with mal-activity swimlane diagrams are developed to assess security threats hierarchically. Cloud security requirements are then specified, and policies are developed to meet them. Examples show how the methodology can be used to elicit, identify, analyze, and develop cloud security requirements and policies using a structured approach, and a case study evaluates its application. Finally, the work shows how the prevention and mitigation security policies presented here can be conveniently incorporated into the normal functionality of a cloud computing system.
