In the recent years, ascloud computing has rapidly grown, many research efforts have been presentedthat consider se-curity and privacy into the development process. Almorsy etal. 10 introduced a Model-Driven Security Engineering at Runtime (MDSE@R)approach for multi-tenant cloud-based applications. MDSE@R supports differenttenants and service providers security requirements at runtime instead ofdesign time by externalizing security from the application. More specific,service providers may impose some security controls as mandatory but multitenants can also add extra security requirements at runtime at their owninstance of the application.
Fernandez et al. 11 presented a method on how tobuild a cloud Security Reference Architecture (SRE). An SRE is an abstractarchitecture that describes functionality without implementation details andincludes security mechanisms to the appropriate places in order to provide adegree of security. This approach includes threat identification and usesmisuse patterns in order to describe how an attack can be performed. Throughthis process, it can be verified that security patterns have been selectedcorrectly and have been placed properly in the cloud architecture.
In 2015,Perez et al 12 presented a data-centric authorization solution, namelySecRBAC, in order to secure data in the cloud. SecRBC is a rule-based approachthat provides data managing authorization to CSP through roles and objecthierarchies. The authorization model uses advanced cryptographic techniques inorder to protect data from CSP misbehavior also. In 2016, Mouratidis et al.13 extended Secure Tropos requirements engineering approach for traditionalsoftware systems in order to enable modeling of security requirements that areunique in cloud computing environment and to support the selection of theappropriate cloud deployment model as well as the cloud service provider thatbest satisfies security requirements of the system under consideration. In2013, Tancock et al.
32 presented the archi-tecture of a Privacy ImpactAssessment (PIA) tool in order to identify and evaluate possible futuresecurity and privacy risks on data stored in a cloud infrastructure. The risksummary that derives from PIA tool takes into consideration aspects like whothe cloud provider is, what is the trust rating and what security and privacymechanisms are used. As threat modeling is an important aspect for developingsecure systems, Cloud Privacy Threat Modeling (CPTM) methodology 33 wasproposed in order to support the identification of possible attacks and to proposethe corresponding countermeasures for a cloud system through a number ofspecific steps. However, CPTM was designed in order to support only EU dataprotection directivesand as a result the methodology presented a number ofweaknesses in threat identification. Thus, A. Gholami and E. Laure 34extended CPTM methodology in order to be complied with various legalframeworks. As it is hard for an organization to choose the appropriate clouddeployment type (public, private, hybrid or community), K.
Beckers et al.presented a method that can support requirements engineers to decide whichcloud deployment model best fits the privacy requirements of the system underconsideration 35. This approach is based on a threat analysis in parallelwith the privacy requirements that the system shall satisfy and some otherfacts and assumptions about the environment like the number of stakeholders oneach deployment scenario and the domains that have to be outsourced into acloud. Despite the fact that allthese contributions develop dif-ferent kind of mechanisms or processes thatconsider security and privacy issues in the context of cloud computing, most ofthem present a number of limitations. Some of them are related to specificcloud service models. MDSE@R is referred to a Software as a Service service(SaaS) model while the method for building a Security Reference Architecture isreferred to an Infrastructure as a Service (IaaS) service model.
On the otherhand, most of the proposed frameworks, methods or processes in the context ofcloud computing deal exclusively with security or privacy issues or in somecases privacy is considered as a subset of security. For instance, MDSE@R,secRBAC and SecureTropos consider only security issues while the Privacy AssessmentImpact Tool (PIA), CPMT and the method for selecting the appropriate clouddeployment model focus explicitly on privacy issues. In our previous work 8,we presented the reasons why security and privacy have to be considered as twodifferent concepts but have to be examined under the same unified framework.
This framework has also been presented in our work. Nevertheless, one of themost important issues is that most of the proposed frameworks that are based onthe idea of cloud computing integrate security and privacy controls duringimplementation phase and not earlier in requirements phase. But, such practicesmight create late corrections in security and privacyrequirements which means additional cost and severe delays in project delivery. As cloud computing is a newand continuously developing environment, many research efforts have beenpresented over the last decade that highlight the need of adopting security andprivacy mechanisms from the early stage of development life cycle.
Nevertheless, until today security and privacy in the context of cloudcomputing is still performed as an ad-hoc process rather than an integratedprocess in the development life cycle. As it is mentioned above, Mouratidis etal. 13 presented a requirements engineering method in order to model cloudsecurity requirements at the design level but no privacy requirements have beenconsidered.
Under these circumstances, literature presents a lack of integratedmethods that through a number of specific steps could be able to support theparallel elicitation and analysis of cloud security and privacy requirementsfrom the early stage of system design. It is worth noting that a security andprivacy requirements engineering method at the design level should includesteps in order to fill the gap between analysis and implementation phase inorder to support system developers to select the appropriate technologies thatbest satisfy security and privacy requirements. III.
CONCLUSION AND FUTURE WORK In this paper, we presenteda set of security and privacy requirements engineering methods that have beenintroduced by several researchers. Our research has focused on two areas: onthose methods that aim to support software engineers to design and developinformation systems hosted in traditional architectures and on those methodsthat can be applied in cloud systems. As already mentioned,different security and privacy re-quirements engineering methods have beenintroduced in the past as software engineers community agree that security andprivacy is still an integral part of the information systems design process.Referring to traditional architectures, there are different approaches thateach method has been based on.
For instance, security or privacy requirementscan be derived from the determination of security or privacy goals, from theresults of a risk analysis or from problem diagrams. Additionally, as it isclear from the above analysis, most researchers deal with security or privacyissues separately, a fact that can cause possible conflicts and latereconsiderations in functional requirements. On the other hand, cloudcomputing is a more demanding structure as it introduces specialcharacteristics like multi-tenancy and on-demand services. Specialcharacteristics intro-duce new security and privacy concepts that softwareengineers have to take into account during system designing and devel-oping.
However, even though cloud computing presents a rapid growth last decade, allmethods that have been presented by researchers present limitations while it isnoting the lack of integrated methods that support the elicitation and analysisof security and privacy requirements in parallel. The purpose of this researchis to demonstrate that in cloud computing area there is a lack of integratedrequirements engineering methods that consider security and privacy as twodifferent concepts that have to be examined in parallel under the same unifiedframework. This study along with our previously proposed conceptual framework8 will be the base for developing a new methodology in the cloud computingarea that will consider security and privacy under the same unified framework.