{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T05:44:12Z","timestamp":1781329452147,"version":"3.54.1"},"reference-count":95,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2015,1,6]],"date-time":"2015-01-06T00:00:00Z","timestamp":1420502400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Requirements Eng"],"published-print":{"date-parts":[[2016,6]]},"DOI":"10.1007\/s00766-014-0218-7","type":"journal-article","created":{"date-parts":[[2015,1,5]],"date-time":"2015-01-05T15:31:38Z","timestamp":1420471898000},"page":"225-249","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":46,"title":["Building a security reference architecture for cloud systems"],"prefix":"10.1007","volume":"21","author":[{"given":"Eduardo B.","family":"Fernandez","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Raul","family":"Monge","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Keiko","family":"Hashizume","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2015,1,6]]},"reference":[{"issue":"3","key":"218_CR1","doi-asserted-by":"crossref","first-page":"59","DOI":"10.4067\/S0718-18762013000300005","volume":"8","author":"R Clarke","year":"2013","unstructured":"Clarke R (2013) Data risks in the cloud. J Theor Appl Electron Commer Res 8(3):59\u201373. doi: 10.4067\/S0718-18762013000300005 , ISSN 0718-1876","journal-title":"J Theor Appl Electron Commer Res"},{"key":"218_CR2","doi-asserted-by":"crossref","unstructured":"Hashizume K, Rosado DG, Fern\u00e1ndez-Medina E, Fern\u00e1ndez EB (2013) An analysis of security issues for cloud computing. J Internet Serv Appl 4(1). doi: 10.1186\/1869-0238-4-5","DOI":"10.1186\/1869-0238-4-5"},{"key":"218_CR3","unstructured":"Avgeriou P (2003) Describing, instantiating and evaluating a reference architecture: a case study. Enterp Archit J"},{"key":"218_CR4","doi-asserted-by":"crossref","unstructured":"Taylor RN, Medvidovic N, Dashofy EM (2009) Software architecture: foundations, theory, and practice. Wiley, London. \u00a0 ISBN 0470167742, 9780470167748","DOI":"10.1145\/1595696.1595754"},{"key":"218_CR5","unstructured":"HP (2011) Understanding the HP CloudSystem Reference Architecture. White paper, Hewlett-Packard Development Company"},{"key":"218_CR6","unstructured":"IBM (2012) IBM SmartCloud. White paper, IBM Corporation"},{"key":"218_CR7","unstructured":"Microsoft Global Foundation Services (2009) Securing Microsoft\u2019s cloud infrastructure. Technical report, Microsoft"},{"key":"218_CR8","unstructured":"NIST Cloud Computing Security Working Group (2013) NIST cloud computing security reference architecture. Working document, NIST"},{"issue":"1","key":"218_CR9","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1007\/s13174-011-0044-9","volume":"3","author":"RH Campbell","year":"2012","unstructured":"Campbell RH, Montanari M, Farivar R (2012) A middleware for assured clouds. J Internet Serv Appl 3(1):87\u201394. doi: 10.1007\/s13174-011-0044-9","journal-title":"J Internet Serv Appl"},{"issue":"15","key":"218_CR10","first-page":"2916","volume":"15","author":"M Hafner","year":"2009","unstructured":"Hafner M, Memon M, Breu R (2009) SeAAS\u2014a reference architecture for security services in SOA. J UCS 15(15):2916\u20132936","journal-title":"J UCS"},{"key":"218_CR11","unstructured":"Hashizume K, Fernandez EB, Larrondo-Petrie MM (2012) Cloud service model patterns. In: 19th international conference on pattern languages of programs (PLoP2012), Tucson, AZ"},{"key":"218_CR12","unstructured":"Hashizume K, Fernandez EB, Larrondo-Petrie M (2012) Cloud infrastructure pattern. In: First international symposium on software architecture and patterns. LACCEI, Panama City, Panama, pp 23\u201327"},{"key":"218_CR13","unstructured":"Fernandez EB (2013) Security patterns in practice: designing secure architectures using software patterns, 1st edn. Wiley, London. \u00a0 ISBN 1119998948"},{"key":"218_CR14","doi-asserted-by":"crossref","first-page":"36","DOI":"10.4018\/978-1-4666-2125-1.ch003","volume-title":"Security engineering for cloud computing: approaches and tools","author":"K Hashizume","year":"2013","unstructured":"Hashizume K, Yoshioka N, Fernandez EB (2013) Three misuse patterns for cloud computing. In: Rosado DG, Mellado D, Fernandez-Medina E, Piattini MG (eds) Security engineering for cloud computing: approaches and tools. IGI Global, \u00a0Hershey, pp 36\u201353. doi: 10.4018\/978-1-4666-2125-1.ch003"},{"key":"218_CR15","doi-asserted-by":"crossref","unstructured":"Angelov S, Grefen P, Greefhorst D (2012) A framework for analysis and design of software reference architectures. Inf Softw Technol 54(4):417\u2013431. doi: 10.1016\/j.infsof.2011.11.009 , ISSN 0950-5849","DOI":"10.1016\/j.infsof.2011.11.009"},{"key":"218_CR16","unstructured":"CSA (2011) Quick guide to the reference architecture TCI (trusted cloud initiative). Technical report, Cloud Security Alliance"},{"key":"218_CR17","unstructured":"Warmer J, Kleppe A (2003) The object constraint language: getting your models ready for MDA, 2nd edn. Addison-Wesley Longman, Boston. ISBN 0321179366"},{"key":"218_CR18","unstructured":"Garavel H, Graf S (2013) Formal methods for safe and secure computer systems. Technical report. BSI Study 875, Federal Office for Information Security, Bonn"},{"issue":"12","key":"218_CR19","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2012.400","volume":"45","author":"A Brown","year":"2012","unstructured":"Brown A, Apple B, Michael JB, Schumann MA (2012) Atomic-level security for web applications in a cloud environment. IEEE Comput 45(12):80\u201383. doi: 10.1109\/MC.2012.400","journal-title":"IEEE Comput"},{"key":"218_CR20","doi-asserted-by":"crossref","unstructured":"Fern\u00e1ndez EB, Washizaki H, Yoshioka N, VanHilst M (2011) An approach to model-based development of secure and reliable systems. In: Sixth international conference on availability, reliability and security, ARES, pp 260\u2013265, Vienna. doi: 10.1109\/ARES.2011.45","DOI":"10.1109\/ARES.2011.45"},{"key":"218_CR21","doi-asserted-by":"crossref","unstructured":"Delessy N, Fernandez EB, Larrondo-Petrie MM (2007) A pattern language for identity management. In: Proceedings of the international multi-conference on computing in the global information technology, ICCGI \u201907, p 31, IEEE Computer Society, Washington, DC. doi: 10.1109\/ICCGI.2007.5 , ISBN 0-7695-2798-1","DOI":"10.1109\/ICCGI.2007.5"},{"key":"218_CR22","doi-asserted-by":"crossref","unstructured":"Braz FA, Fern\u00e1ndez EB, VanHilst M (2008) Eliciting security requirements through misuse activities. In: 19th international workshop on database and expert systems applications (DEXA 2008), 1\u20135 Sept 2008, Turin, pp 328\u2013333. doi: 10.1109\/DEXA.2008.101","DOI":"10.1109\/DEXA.2008.101"},{"key":"218_CR23","unstructured":"Fernandez EB, Yoshioka N, Washizaki H, Yoder J (2014) Abstract security patterns for requirements specification and analysis of secure systems. In: WER 2014 conference, a track of the 17th Ibero-American conference on software engineering (CIbSE 2014), Pucon, Chile"},{"key":"218_CR24","doi-asserted-by":"crossref","unstructured":"Fernandez E, Yuan X (2000) Semantic analysis patterns. In: Laender A, Liddle S, Storey V (eds) Conceptual modeling\u2014ER 2000, vol 1920 of lecture notes in computer science. Springer, Berlin, pp 183\u2013195. doi: 10.1007\/3-540-45393-8_14 , ISBN 978-3-540-41072-0","DOI":"10.1007\/3-540-45393-8_14"},{"key":"218_CR25","doi-asserted-by":"crossref","unstructured":"Fernandez E, Pelaez J, Larrondo-Petrie M (2007) Attack patterns: a new forensic and design tool. In: Craiger P, Shenoi S (eds) Advances in digital forensics III, vol 242 of IFIP\u2014The International Federation for Information Processing. Springer, New York, pp 345\u2013357. doi: 10.1007\/978-0-387-73742-3_24 , ISBN 978-0-387-73741-6","DOI":"10.1007\/978-0-387-73742-3_24"},{"key":"218_CR26","doi-asserted-by":"crossref","unstructured":"Fern\u00e1ndez EB, Yoshioka N, Washizaki H (2009) Modeling misuse patterns. In: Proceedings of the fourth international conference on availability, reliability and security, ARES 2009, 16\u201319 March, 2009, Fukuoka, pp 566\u2013571. doi: 10.1109\/ARES.2009.139","DOI":"10.1109\/ARES.2009.139"},{"key":"218_CR27","unstructured":"Fowler M (2002) Patterns of enterprise application architecture. Addison-Wesley Longman, Boston. ISBN 0321127420"},{"key":"218_CR28","doi-asserted-by":"crossref","unstructured":"Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, Leaf D (2011) Cloud computing reference architecture. Special publication 500-292, NIST","DOI":"10.6028\/NIST.SP.500-292"},{"key":"218_CR29","doi-asserted-by":"crossref","unstructured":"Stricker V, Lauenroth K, Corte P, Gittler F, Panfilis SD, Pohl K (2010) Creating a reference architecture for service-based systems\u2014a pattern-based approach. In: Towards the future internet\u2014emerging trends from European research, pp 149\u2013160. doi: 10.3233\/978-1-60750-539-6-149","DOI":"10.3233\/978-1-60750-539-6-149"},{"key":"218_CR30","volume-title":"7th annual conference on systems engineering research (CSER 2009)","author":"G Muller","year":"2009","unstructured":"Muller G, van de Laar P (2009) Researching reference architectures and their relationships with frameworks, methods, techniques, and tools. In: Kalawsky R, O\u2019Brien J, Goonetilleke T, Grocott C (eds) 7th annual conference on systems engineering research (CSER 2009). Research School of Systems Engineering, Loughborough University, Loughborough"},{"key":"218_CR31","doi-asserted-by":"crossref","unstructured":"Uzunov AV, Fernandez EB, Falkner K (2012) Securing distributed systems using patterns: a survey. Comput Secur 31(5):681\u2013703. doi: 10.1016\/j.cose.2012.04.005 , ISSN 0167-4048","DOI":"10.1016\/j.cose.2012.04.005"},{"key":"218_CR32","unstructured":"Object Management Group (2014) Unified Modeling Language\u2122 (UML\u00ae) Tech. rep., Object Management Group Inc"},{"key":"218_CR33","doi-asserted-by":"crossref","unstructured":"Medvidovic N, Taylor R (2000) A classification and comparison framework for software architecture description languages. IEEE Trans Softw Eng 26(1):70\u201393. doi: 10.1109\/32.825767 , ISSN 0098-5589","DOI":"10.1109\/32.825767"},{"key":"218_CR34","unstructured":"OWASP (2013) OWASP Top 10\u20142013: the ten most critical web application security risks. Technical report, The OWASP Foundation"},{"key":"218_CR35","doi-asserted-by":"crossref","unstructured":"Chonka A, Xiang Y, Zhou W, Bonti A (2011) Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J Netw Comput Appl 34(4):1097\u20131107. doi: 10.1016\/j.jnca.2010.06.004 , ISSN 1084-8045","DOI":"10.1016\/j.jnca.2010.06.004"},{"key":"218_CR36","doi-asserted-by":"crossref","unstructured":"Fernandes D, Soares L, Gomes J, Freire M, In\u00e1cio P (2014) Security issues in cloud environments: a survey. IntJ Inf Secur 13(2):113\u2013170. doi: 10.1007\/s10207-013-0208-7 , ISSN 1615-5262","DOI":"10.1007\/s10207-013-0208-7"},{"key":"218_CR37","doi-asserted-by":"crossref","unstructured":"Ryan MD (2013) Cloud computing security: the scientific challenge, and a survey of solutions. J Syst Softw 86(9):2263\u20132268. doi: 10.1016\/j.jss.2012.12.025 , ISSN 0164-1212","DOI":"10.1016\/j.jss.2012.12.025"},{"key":"218_CR38","doi-asserted-by":"crossref","unstructured":"Kalloniatis C, Mouratidis H, Vassilis M, Islam S, Gritzalis S, Kavakli E (2014) Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput Stand Interfaces 36(4):75\u2013759. doi: 10.1016\/j.csi.2013.12.010 , ISSN 0920-5489","DOI":"10.1016\/j.csi.2013.12.010"},{"key":"218_CR39","doi-asserted-by":"crossref","unstructured":"Tsugawa M, Matsunaga A, Fortes JA (2014) Cloud computing security: what changes with software-defined networking? In: Jajodia S, Kant K, Samarati P, Singhal A, Swarup V, Wang C (eds) Secure cloud computing. Springer, New York, pp 77\u201393. doi: 10.1007\/978-1-4614-9278-8_4 , ISBN 978-1-4614-9277-1","DOI":"10.1007\/978-1-4614-9278-8_4"},{"key":"218_CR40","unstructured":"Prolexic (2012) DDoS Denial of service protection and the cloud. White paper Prolexic Technologies Inc"},{"key":"218_CR41","doi-asserted-by":"crossref","unstructured":"Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in Cloud. J Netw Comput Appl 36(1):42\u201357. doi: 10.1016\/j.jnca.2012.05.003 , ISSN 1084-8045","DOI":"10.1016\/j.jnca.2012.05.003"},{"key":"218_CR42","doi-asserted-by":"crossref","unstructured":"Juels A, Oprea A (2013) New approaches to security and availability for cloud data. Commun ACM 56(2):64\u201373. doi: 10.1145\/2408776.2408793 , ISSN 0001-0782","DOI":"10.1145\/2408776.2408793"},{"key":"218_CR43","unstructured":"EMA (2010) Securing the administration of virtualization. Market research report, Enterprise Management Associates"},{"key":"218_CR44","unstructured":"Moscato F, Aversa R, Di Martino B, Fortis T, Munteanu V (2011) An analysis of mOSAIC ontology for Cloud resources annotation. In: 2011 federated conference on computer science and information systems (FedCSIS), pp 973\u2013980"},{"key":"218_CR45","unstructured":"Zhang M, Ranjan r, Haller A, Georgakopoulos D, Menzel M, Nepal S (2012) An ontology-based system for cloud infrastructure services\u2019 discovery. In: 2012 8th international conference on collaborative computing: networking, applications and worksharing (CollaborateCom), pp 524\u2013530"},{"key":"218_CR46","doi-asserted-by":"crossref","unstructured":"Lombardi F, Pietro RD (2011) Secure virtualization for cloud computing. J Netw Comput Appl 34(4):1113\u20131122. doi: 10.1016\/j.jnca.2010.06.008 , ISSN 1084-8045","DOI":"10.1016\/j.jnca.2010.06.008"},{"key":"218_CR47","doi-asserted-by":"crossref","unstructured":"Malik S, Khan S, Srinivasan S (2013) Modeling and analysis of state-of-the-art VM-based cloud management platforms. IEEE Trans Cloud Comput 1(1):1\u20131. doi: 10.1109\/TCC.2013.3 , ISSN 2168-7161","DOI":"10.1109\/TCC.2013.3"},{"issue":"1","key":"218_CR48","first-page":"25","volume":"1","author":"A Kalantari","year":"2012","unstructured":"Kalantari A, Esmaeli A, Ibrahim S (2012) A service-oriented security reference architecture. Int J Adv Comput Sci Inf Technol (IJACSIT) 1(1):25\u201331","journal-title":"Int J Adv Comput Sci Inf Technol (IJACSIT)"},{"key":"218_CR49","doi-asserted-by":"crossref","unstructured":"Dodani M (2010) On \u2018cloud nine\u2019 through architecture. J Object Technol 9(3):31\u201339. doi: 10.5381\/jot.2010.9.3.c3 , ISSN 1660-1769","DOI":"10.5381\/jot.2010.9.3.c3"},{"key":"218_CR50","unstructured":"IBM (2013) IBM cloud computing reference architecture 3.0\u2014security. Technical report, IBM Developer Works, IBM Corporation"},{"key":"218_CR51","unstructured":"OAuth (2014) The OAuth 2.0 authorization framework. Web page, OAuth"},{"issue":"4","key":"218_CR52","first-page":"397","volume":"46","author":"M Okuhara","year":"2010","unstructured":"Okuhara M, Shiozaki T, Suzuki T (2010) Security architectures for cloud computing. Fujitsu Sci Tech J (FSTJ) 46(4):397\u2013402","journal-title":"Fujitsu Sci Tech J (FSTJ)"},{"key":"218_CR53","unstructured":"Amazon Web Services (2014) Amazon Web Services: overview of security processes. Technical report, Amazon.com Inc."},{"key":"218_CR54","unstructured":"Cisco HyTrust, VMware, Savvis, Coalfire (2011) PCI-compliant cloud reference architecture. White paper, Payment Card Industry Security Standard Council Data Security Standard"},{"key":"218_CR55","unstructured":"VMWare, SAVVIS (2009) Securing the cloud: a review of cloud computing, security implications and best practices. White paper, VMware Inc."},{"key":"218_CR56","unstructured":"Wilkins M (2011) Oracle reference architecture: cloud foundation architecture, release 3.0. Technical report E24529\u201301, Oracle Corporation"},{"key":"218_CR57","unstructured":"Cisco (2009) Cisco SAFE: a security reference Architecture. White paper, Cisco Systems"},{"key":"218_CR58","unstructured":"Juniper Networks (2013) Juniper Networks metafabric architecture. White paper, Juniper Networks Inc."},{"key":"218_CR59","unstructured":"Haletky E (2013) Trend Micro deep security reference architecture for the secure hybrid cloud. White paper, Trend Micro"},{"key":"218_CR60","unstructured":"E Systems (2014) Eucalyptus reference architectures. Technical report, Eucalyptus Systems"},{"key":"218_CR61","unstructured":"OSA (2014) SP-011: Cloud computing pattern. Technical repoer, OSA"},{"key":"218_CR62","doi-asserted-by":"crossref","unstructured":"Beckers K, C\u00f4t\u00e9 I, Fa\u00dfbender S, Heisel M, Hofbauer S (2013) A pattern-based method for establishing a cloud-specific information security management system. Requir Eng 18(4):343\u2013395. doi: 10.1007\/s00766-013-0174-7 , ISSN 0947-3602","DOI":"10.1007\/s00766-013-0174-7"},{"issue":"20","key":"218_CR63","first-page":"2920","volume":"18","author":"AV Uzunov","year":"2012","unstructured":"Uzunov AV, Fernandez EB, Falkner K (2012) Engineering security into distributed systems: a survey of methodologies. J Univers Comput Sci 18(20):2920\u20133006","journal-title":"J Univers Comput Sci"},{"key":"218_CR64","unstructured":"Badger L, Bohn RB, Chandramouli R, Grance T, Karygiannis T, Patt-Corner R, Voas J (2010) Cloud computing use cases. Working document. NIST"},{"key":"218_CR65","unstructured":"Fowler M (1997) Analysis patterns: reusable objects models. Addison-Wesley Longman, Boston. ISBN 0-201-89542-0"},{"key":"218_CR66","doi-asserted-by":"crossref","unstructured":"Papazoglou M, van den Heuvel WJ (2007) Service oriented architectures: approaches, technologies and research issues. VLDB J 16(3):389\u2013415. doi: 10.1007\/s00778-007-0044-3 , ISSN 1066-8888","DOI":"10.1007\/s00778-007-0044-3"},{"key":"218_CR67","doi-asserted-by":"crossref","unstructured":"Mouratidis H, Islam S, Kalloniatis C, Gritzalis S (2013) A framework to support selection of cloud providers based on security and privacy requirements. J Syst Softw 86(9):2276\u20132293. doi: 10.1016\/j.jss.2013.03.011 , ISSN 0164-1212","DOI":"10.1016\/j.jss.2013.03.011"},{"key":"218_CR68","volume-title":"Security in Depth Reference Architecture, Release 3.0.","author":"D Chappelle","year":"2013","unstructured":"Chappelle D (2013) Security in depth reference architecture, release 3.0. White paper, Oracle Corporation, Redwood Shores"},{"key":"218_CR69","doi-asserted-by":"crossref","unstructured":"Joosen W, Lagaisse B, Truyen E, Handekyn K (2012) Towards application driven security dashboards in future middleware. J Internet Serv Appl 3(1):107\u2013115. doi: 10.1007\/s13174-011-0047-6 , ISSN 1867-4828","DOI":"10.1007\/s13174-011-0047-6"},{"key":"218_CR70","volume-title":"Computer Security","author":"D Gollmann","year":"2006","unstructured":"Gollmann D (2006) Computer security. Wiley, \u00a0London"},{"key":"218_CR71","doi-asserted-by":"crossref","unstructured":"Harrison NB, Avgeriou P (2010) How do architecture patterns and tactics interact? A model and annotation. J Syst Softw 83(10):1735\u20131758. doi: 10.1016\/j.jss.2010.04.067 , ISSN 0164-1212","DOI":"10.1016\/j.jss.2010.04.067"},{"key":"218_CR72","doi-asserted-by":"crossref","unstructured":"Sindre G, Opdahl A (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34\u201344. doi: 10.1007\/s00766-004-0194-4 , ISSN 0947-3602","DOI":"10.1007\/s00766-004-0194-4"},{"key":"218_CR73","unstructured":"Howard M, Lipner S (2006) The security development lifecycle. Microsoft Press, Redmond. ISBN 0735622140"},{"key":"218_CR74","doi-asserted-by":"crossref","unstructured":"Fernandez EB, Hashizume K, Buckley I, Larrondo-Petrie MM, VanHilst M (2010) Web services security: standards and products. In: Gutierrez C, Fernandez-Medina E, Piattini M (eds) Web services security development and architecture: theoretical and practical issues, information science reference. Imprint of: IGI Publishing, Hershey. ISBN 1605669504, 9781605669502","DOI":"10.4018\/978-1-60566-950-2.ch008"},{"issue":"2","key":"218_CR75","doi-asserted-by":"crossref","first-page":"430","DOI":"10.3390\/fi4020430","volume":"4","author":"EB Fern\u00e1ndez","year":"2012","unstructured":"Fern\u00e1ndez EB, Ajaj O, Buckley I, Delessy-Gassant N, Hashizume K, Larrondo-Petrie MM (2012) A survey of patterns for web services security and reliability standards. Future Internet 4(2):430\u2013450. doi: 10.3390\/fi4020430","journal-title":"Future Internet"},{"key":"218_CR76","doi-asserted-by":"crossref","unstructured":"Voorsluys W, Broberg J, Venugopal S, Buyya R (2009) Cost of virtual machine live migration in clouds: a performance evaluation. In: Proceedings of the 1st international conference on cloud computing, CloudCom \u201909. Springer, Berlin, pp 254\u2013265. doi: 10.1007\/978-3-642-10665-1_23 , ISBN 978-3-642-10664-4","DOI":"10.1007\/978-3-642-10665-1_23"},{"key":"218_CR77","unstructured":"Santos N, Gummadi KP, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 conference on hot topics in cloud computing, HotCloud\u201909, USENIX Association, Berkeley"},{"key":"218_CR78","doi-asserted-by":"crossref","unstructured":"Zhang F, Huang Y, Wang H, Chen H, Zang B, (2008) PALM: security preserving VM live migration for systems with VMM-enforced protection. In: Trusted infrastructure technologies conference, 2008. APTC \u201908. Third Asia-Pacific, pp 9\u201318. doi: 10.1109\/APTC.2008.15","DOI":"10.1109\/APTC.2008.15"},{"key":"218_CR79","doi-asserted-by":"crossref","unstructured":"Danev B, Masti RJ, Karame GO, Capkun S (2011) Enabling secure VM-vTPM migration in private clouds. In: Proceedings of the 27th annual computer security applications conference, ACSAC \u201911. ACM, New York, pp 187\u2013196. doi: 10.1145\/2076732.2076759 , ISBN 978-1-4503-0672-0","DOI":"10.1145\/2076732.2076759"},{"key":"218_CR80","unstructured":"Fernandez EB, Monge R, Hashizume K, (2013) Two patterns for cloud computing: secure virtual machine image repository and cloud policy management point. In: 20th conference on pattern languages of programs (PLoP 2013), Monticello, IL"},{"key":"218_CR81","unstructured":"Buschmann F, Meunier R, Rohnert H, Sommerlad P, Stal M (1996) Pattern-oriented software architecture: a system of patterns. Wiley, New York. ISBN 0-471-95869-7"},{"key":"218_CR82","unstructured":"Fernandez EB, Yoshioka N, Washizaki H (2014) Patterns for cloud firewalls. In: AsianPLoP (pattern languages of programs), Tokyo"},{"key":"218_CR83","doi-asserted-by":"crossref","unstructured":"Li M, Zang W, Bai K, Yu M, Liu P (2013) MyCloud: supporting user-configured privacy protection in cloud computing. In: Proceedings of the 29th annual computer security applications conference, ACSAC \u201913. ACM, New York, pp 59\u201368. doi: 10.1145\/2523649.2523680 , ISBN 978-1-4503-2015-3","DOI":"10.1145\/2523649.2523680"},{"key":"218_CR84","doi-asserted-by":"crossref","unstructured":"Young W, Leveson NG (2014) An integrated approach to safety and security based on systems theory. Commun ACM 57(2):31\u201335. doi: 10.1145\/2556938 , ISSN 0001-0782","DOI":"10.1145\/2556938"},{"key":"218_CR85","doi-asserted-by":"crossref","unstructured":"Hogan M, Liu F, Sokol A, Tong J (2011) NIST cloud computing standards roadmap. Special oublication 500-291, National Institute of Standards and Technology","DOI":"10.6028\/NIST.SP.500-291v1"},{"key":"218_CR86","doi-asserted-by":"crossref","unstructured":"Montanari M, Campbell R (2011) Attack-resilient compliance monitoring for large distributed infrastructure systems. In: 2011 5th international conference on network and system security (NSS), pp 192\u2013199. doi: 10.1109\/ICNSS.2011.6060000","DOI":"10.1109\/ICNSS.2011.6060000"},{"key":"218_CR87","unstructured":"Zenoss (2014) Unified monitoring and event management. Technical report, Zenoss"},{"key":"218_CR88","doi-asserted-by":"crossref","unstructured":"Huang J, Nicol D (2013) Trust mechanisms for cloud computing. J Cloud Comput 2(1). doi: 10.1186\/2192-113X-2-9","DOI":"10.1186\/2192-113X-2-9"},{"key":"218_CR89","doi-asserted-by":"crossref","unstructured":"Montanari M, Chan E, Larson K, Yoo W, Campbell RH (2013) Distributed security policy conformance. Comput Secur 33:28\u201340. doi: 10.1016\/j.cose.2012.11.007 , ISSN 0167-4048","DOI":"10.1016\/j.cose.2012.11.007"},{"key":"218_CR90","unstructured":"Bernstein D, Vij D (2010) Intercloud security considerations. In: 2010 IEEE second international conference on cloud computing technology and science (CloudCom), pp 537\u2013544. doi: 10.1109\/CloudCom.82"},{"key":"218_CR91","doi-asserted-by":"crossref","unstructured":"Buyya R, Ranjan R, Calheiros RN (2009) Modeling and simulation of scalable Cloud computing environments and the CloudSim toolkit: challenges and opportunities. In: 2009 international conference on high performance computing and simulation, HPCS 2009, Leipzig, 21\u201324 June 2009, pp 1\u201311. doi: 10.1109\/HPCSIM.2009.5192685","DOI":"10.1109\/HPCSIM.2009.5192685"},{"key":"218_CR92","doi-asserted-by":"crossref","unstructured":"Kretzschmar M, Golling M (2011) Security management spectrum in future multi-provider Inter-Cloud environments: method to highlight necessary further development. In: 2011 5th international DMTF academic alliance workshop on systems and virtualization Management (SVM), pp 1\u20138. doi: 10.1109\/SVM.2011.6096462","DOI":"10.1109\/SVM.2011.6096462"},{"key":"218_CR93","doi-asserted-by":"crossref","unstructured":"Senk C (2013) Adoption of security as a service. J Internet Serv Appl 4(1):11. doi: 10.1186\/1869-0238-4-11 , ISSN 1867-4828","DOI":"10.1186\/1869-0238-4-11"},{"key":"218_CR94","doi-asserted-by":"crossref","unstructured":"Uzunov AV, Fernandez EB (2014) An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput Stand Interfaces 36(4):734\u2013747. doi: 10.1016\/j.csi.2013.12.008 , ISSN 0920-5489","DOI":"10.1016\/j.csi.2013.12.008"},{"key":"218_CR95","doi-asserted-by":"crossref","unstructured":"Fernandez EB, Larrondo-Petrie MM, Sorgente T, VanHilst M (2006) A methodology to develop secure systems using patterns. In: Mouratidis H, Giorgini P (eds) Integrating security and software engineering: advances and future vision. IGI Global, Hershey. ISBN 1599041472","DOI":"10.4018\/978-1-59904-147-6.ch005"}],"container-title":["Requirements Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-014-0218-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00766-014-0218-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-014-0218-7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,16]],"date-time":"2025-05-16T00:05:36Z","timestamp":1747353936000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00766-014-0218-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,1,6]]},"references-count":95,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2016,6]]}},"alternative-id":["218"],"URL":"https:\/\/doi.org\/10.1007\/s00766-014-0218-7","relation":{},"ISSN":["0947-3602","1432-010X"],"issn-type":[{"value":"0947-3602","type":"print"},{"value":"1432-010X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,1,6]]}}}