{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T04:17:28Z","timestamp":1749010648440,"version":"3.41.0"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319405117"},{"type":"electronic","value":"9783319405124"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-40512-4_5","type":"book-chapter","created":{"date-parts":[[2016,6,13]],"date-time":"2016-06-13T08:40:09Z","timestamp":1465807209000},"page":"80-95","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Supporting the Security Certification and Privacy Level Agreements in the Context of Clouds"],"prefix":"10.1007","author":[{"given":"Amir Shayan","family":"Ahmadian","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fabian","family":"Coerschulte","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jan","family":"J\u00fcrjens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,6,14]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Alebrahim, A., Hatebur, D., Goeke, L.: Pattern-based and ISO 27001 compliant risk analysis for cloud systems. In: 2014 IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), pp. 42\u201347, August 2014","DOI":"10.1109\/ESPRE.2014.6890527"},{"key":"5_CR2","unstructured":"Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: a berkeley view of cloud computing. Technical report UCB\/EECS-2009-28, EECS Department, University of California, Berkeley. http:\/\/www.eecs.berkeley.edu\/Pubs\/TechRpts\/2009\/EECS-2009-28.html"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Beckers, K., Schmidt, H., Kuster, J., Fassbender, S.: Pattern-based support for context establishment and asset identification of the ISO 27000 in the field of cloud computing. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 327\u2013333, August 2011","DOI":"10.1109\/ARES.2011.55"},{"key":"5_CR4","unstructured":"CARiSMA: Carisma framework, May 2015. https:\/\/www-secse.cs.tu-dortmund.de\/carisma\/"},{"key":"5_CR5","unstructured":"Cloud Security Alliance: Security guidance for critical areas of focus in cloud computing v3.0 (2011). https:\/\/downloads.cloudsecurityalliance.org\/initiatives\/guidance\/csaguide.v3.0.pdf"},{"key":"5_CR6","unstructured":"Cloud Security Alliance: The notorious nine cloud computing top threats in 2013, February 2013. https:\/\/cloudsecurityalliance.org\/download\/the-notorious-nine-cloud-computing-top-threats-in-2013\/"},{"key":"5_CR7","unstructured":"Cloud Security Alliance: Privacy level agreement: A compliance tool for providing cloud services in the European union, February 2013. https:\/\/cloudsecurityalliance.org\/download\/thenotorious-nine-cloud-computing-top-threats-in-2013\/"},{"key":"5_CR8","unstructured":"Cloud Security Alliance: Cloud Control Matrix (2014). https:\/\/downloads.cloudsecurityalliance.org\/init iatives\/ccm\/ccm-v3.0.1.zip"},{"key":"5_CR9","unstructured":"ClouDAT: Cloudat project, May 2015. http:\/\/ti.uni-due.de\/ti\/clouddat\/de\/"},{"key":"5_CR10","unstructured":"DISA: Application Security and Development STIG V3 R10 (2015). http:\/\/iase.disa.mil\/stigs\/Documents\/U_Application_Security_and_Development_V3R4_STIG.zip"},{"key":"5_CR11","unstructured":"European Network and Information Security Agency: Cloud computing - benefits, risks and recommendations for information security (2009). https:\/\/resilience.enisa.europa.eu\/cloud-security-and-resilience\/publications\/cloud-computing-benefits-risks-and-recommendations-for-information-security"},{"key":"5_CR12","volume-title":"Security Patterns in Practice: Designing Secure Architectures Using Software Patterns","author":"E Fernandez-Buglioni","year":"2013","unstructured":"Fernandez-Buglioni, E.: Security Patterns in Practice: Designing Secure Architectures Using Software Patterns, 1st edn. Wiley, New York (2013)","edition":"1"},{"issue":"5","key":"5_CR13","doi-asserted-by":"publisher","first-page":"809","DOI":"10.1016\/j.infsof.2008.05.010","volume":"51","author":"E Fern\u00e1ndez-Medina","year":"2009","unstructured":"Fern\u00e1ndez-Medina, E., J\u00fcrjens, J., Trujillo, J., Jajodia, S.: Model-driven development for secure information systems. Inf. Softw. Technol. 51(5), 809\u2013814 (2009)","journal-title":"Inf. Softw. Technol."},{"key":"5_CR14","unstructured":"Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing, June 2008. https:\/\/www.gartner.com\/doc\/685308\/assessing-security-risks-cloud-computing"},{"key":"5_CR15","unstructured":"ISO: ISO\/IEC 27005 Information technology - Security techniques - Information security risk management. ISO 27005: 2008, International Organization for Standardization, Geneva, Switzerland (2008)"},{"key":"5_CR16","unstructured":"ISO: ISO\/IEC 27001 Information Security Management System (ISMS) standard. ISO 27001: 2013, International Organization for Standardization, Geneva, Switzerland, October 2013"},{"key":"5_CR17","unstructured":"ISO: ISO\/IEC 27000 Information technology - Security techniques - Information security management systems, Overview and vocabulary. ISO 27000: 2014, International Organization for Standardization, Geneva, Switzerland, May 2014"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1007\/978-3-642-33704-8_8","volume-title":"Computer Network Security","author":"X Jin","year":"2012","unstructured":"Jin, X., Sandhu, R., Krishnan, R.: RABAC: role-centric attribute-based access control. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 84\u201396. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-33704-8_8"},{"key":"5_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1007\/3-540-44618-4_29","volume-title":"CONCUR 2000 - Concurrency Theory","author":"J J\u00fcrjens","year":"2000","unstructured":"J\u00fcrjens, J.: Secure information flow for concurrent processes. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, p. 395. Springer, Heidelberg (2000)"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens, J.: Modelling audit security for smart-card payment schemes with UMLsec. In: 16th International Conference on Information Security (IFIPSEC 2001), pp. 93\u2013108. IFIP, Kluwer (2001)","DOI":"10.1007\/0-306-46998-7_7"},{"key":"5_CR21","volume-title":"Secure Systems Development with UML","author":"J J\u00fcrjens","year":"2005","unstructured":"J\u00fcrjens, J.: Secure Systems Development with UML. Springer, New York (2005). Chinese translation: Tsinghua University Press, Beijing 2009"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens, J.: Verification of low-level crypto-protocol implementations using automated theorem proving. In: 3rd ACM & IEEE International Conference on Formal Methods and Models for Co-Design (MEMOCODE 2005), pp. 89\u201398. Institute of Electrical and Electronics Engineers (2005)","DOI":"10.1109\/MEMCOD.2005.1487898"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens, J., Wimmel, G.: Formally testing fail-safety of electronic purse protocols. In: 16th International Conference on Automated Software Engineering (ASE 2001), pp. 408\u2013411. IEEE (2001)","DOI":"10.1109\/ASE.2001.989840"},{"key":"5_CR24","series-title":"International Federation for Information Processing","doi-asserted-by":"publisher","first-page":"489","DOI":"10.1007\/0-306-47009-8_36","volume-title":"Towards the E-Society: E-Commerce, E-Business, and E-Government","author":"J J\u00fcrjens","year":"2001","unstructured":"J\u00fcrjens, J., Wimmel, G.: Security modelling for electronic commerce: the common electronic purse specifications. In: Schmid, B., Stanoevska-Slabeva, K., Tschammer, V. (eds.) Towards the E-Society: E-Commerce, E-Business, and E-Government. IFIP, vol. 74, pp. 489\u2013505. Springer US, New York (2001)"},{"key":"5_CR25","unstructured":"National Institute for Standards and Technology: The NIST Definition of Cloud Computing. Technical report, Special Publication 800\u2013145 of the National Institute of Standards and Technology (NIST), September 2011. http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-145\/SP800-145.pdf"},{"key":"5_CR26","unstructured":"Nist, Aroms, E.: NIST Special Publication 800\u201353 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations. CreateSpace, Paramount, CA (2012). http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-53r4.pdf"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Ratiu, D., Feilkas, M., J\u00fcrjens, J.: Extracting domain ontologies from domain specific APIs. In: 12th European Conference on Software Maintenance and Reengineering (CSMR 2008), pp. 203\u2013212. IEEE (2008)","DOI":"10.1109\/CSMR.2008.4493315"}],"container-title":["Lecture Notes in Business Information Processing","Business Modeling and Software Design"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-40512-4_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T21:31:57Z","timestamp":1748986317000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-40512-4_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319405117","9783319405124"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-40512-4_5","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"type":"print","value":"1865-1348"},{"type":"electronic","value":"1865-1356"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"14 June 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}