The protection of information assets from harm is a critical goal of
information security 
. In software systems with highly dynamic social
and technological contexts, such as cloud applications and services 
ensuring information security poses several new challenges. From a software
engineering perspective, these challenges include the identification of
information assets and their owners, potential attacks and vulnerabilities, and
the extent to which security requirements can be enforced.
Funded by the National Priority Research Program (NPRP) of Qatar, the Adaptive Information Security (AIS)
(No. 5-079-1-018, May 2013-May 2016) focuses on three of its
prerequisites in the context of cloud computing:
understanding user security requirements for cloud
traceability between security requirements, design and
implementation of some cloud services; and
adaptive security design for dynamic contexts.
We aim to address these challenges by developing tools and techniques for
adaptive information security through a requirements-driven approach comprising
three novel contributions:
improved representations and analysis of security requirements,
richer and more effective links between requirements and design during both forward- and
better exploitation of adaptive design enabled by dynamic security policies.
The project will build on the expertise of internationally leading researchers
in the UK and Qatar, and deliver both conceptual and tool integration of the
individual contributions through a collaborative research programme with a
shared focus, joint activities, exchange visits, and an international workshop
for dissemination and planning of further work.
||| M.E. Whitman, ``Enemy at the Gate: Threats to
Information Security", Commun. ACM, 46(8):91-95,
||| M. Armbrust, A. Fox, R. Griffith, A.D. Joseph,
R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin,
I. Stoica, and M. Zaharia, ``A View of Cloud Computing'',
Commun. ACM, 53(4):50-58, 2010.
Office: +44 (0) 1908 6 55562