Cloud security requirements analysis and security policy development using a high-order object-oriented modeling technique

Security continues to be a major challenge for cloud computing, and it is one that must be addressed if cloud computing is to be fully accepted. Most technological means of securing non-cloud computing systems can be either applied directly or modified to secure a cloud; however, no integrated model-based methodology is yet available to analyze cloud security requirements and develop policy to deal with both internal and external security challenges. This work proposes just such a methodology and demonstrates its application with specific cases. Cloud assets are represented by high order object models, and misuse cases together with malactivity swimlane diagrams are developed to assess security threats hierarchically. Cloud security requirements are then specified, and policies are developed to meet them. Examples show how the methodology can be used to elicit, identify, analyze, and develop cloud security requirements and policies using a structured approach, and a case study evaluates its application by a cloud service provider. Finally, the work shows how the prevention and mitigation security policies presented here can be conveniently incorporated into the normal functionality of a cloud computing system --Abstract, page iii

Privacy enhancing technologies (PETs) for connected vehicles in smart cities

This is an accepted manuscript of an article published by Wiley in Transactions on Emerging Telecommunications Technologies, available online: https://doi.org/10.1002/ett.4173 The accepted version of the publication may differ from the final published version.Many Experts believe that the Internet of Things (IoT) is a new revolution in technology that has brought many benefits for our organizations, businesses, and industries. However, information security and privacy protection are important challenges particularly for smart vehicles in smart cities that have attracted the attention of experts in this domain. Privacy Enhancing Technologies (PETs) endeavor to mitigate the risk of privacy invasions, but the literature lacks a thorough review of the approaches and techniques that support individuals' privacy in the connection between smart vehicles and smart cities. This gap has stimulated us to conduct this research with the main goal of reviewing recent privacy-enhancing technologies, approaches, taxonomy, challenges, and solutions on the application of PETs for smart vehicles in smart cities. The significant aspect of this study originates from the inclusion of data-oriented and process-oriented privacy protection. This research also identifies limitations of existing PETs, complementary technologies, and potential research directions.Published onlin