The protection of information assets from harm is a critical goal of information security [57]. In software systems with highly dynamic social and technological contexts, such as cloud applications and services [3], ensuring information security poses several new challenges. From a software engineering perspective, these challenges include the identification of information assets and their owners, potential attacks and vulnerabilities, and the extent to which security requirements can be enforced. Funded by the National Priority Research Program (NPRP) of Qatar, the Adaptive Information Security (AIS) project (No. 5-079-1-018, May 2013-May 2016) focuses on three of its prerequisites in the context of cloud computing:
  1. understanding user security requirements for cloud applications;
  2. traceability between security requirements, design and implementation of some cloud services; and
  3. adaptive security design for dynamic contexts.
We aim to address these challenges by developing tools and techniques for adaptive information security through a requirements-driven approach comprising three novel contributions:
  1. improved representations and analysis of security requirements,
  2. richer and more effective links between requirements and design during both forward- and reverse-engineering, and
  3. better exploitation of adaptive design enabled by dynamic security policies.
The project will build on the expertise of internationally leading researchers in the UK and Qatar, and deliver both conceptual and tool integration of the individual contributions through a collaborative research programme with a shared focus, joint activities, exchange visits, and an international workshop for dissemination and planning of further work.

References

[57] M.E. Whitman, ``Enemy at the Gate: Threats to Information Security", Commun. ACM, 46(8):91-95, 2003.
[3] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, ``A View of Cloud Computing'', Commun. ACM, 53(4):50-58, 2010.

Email: y.yu@open.ac.uk Office: +44 (0) 1908 6 55562