{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T15:12:55Z","timestamp":1781104375397,"version":"3.54.1"},"reference-count":45,"publisher":"IGI Global Scientific Publishing","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,1,1]]},"abstract":"<p>Security issues are paramount when considering adoption of any cloud technology. This article proposes the Secure Cloud Architecture (SeCA) model on the basis of data classifications which defines a properly secure cloud architecture by testing the cloud environment on eight attributes. The SeCA model is developed using a literature review and a Delphi study with seventeen experts, consisting of three rounds. The authors integrate the CI3A\u2014an extension on the CIA-triad\u2014to create a basic framework for testing the classification inputted. The data classification is then tested on regional, geo-spatial, delivery, deployment, governance and compliance, network, premise and encryption attributes. After this testing has been executed, a specification for a secure cloud architecture is outputted.<\/p>","DOI":"10.4018\/jisp.2012010102","type":"journal-article","created":{"date-parts":[[2012,2,29]],"date-time":"2012-02-29T15:49:13Z","timestamp":1330530553000},"page":"14-32","source":"Crossref","is-referenced-by-count":9,"title":["Designing a Secure Cloud Architecture"],"prefix":"10.4018","volume":"6","author":[{"given":"Thijs","family":"Baars","sequence":"first","affiliation":[{"name":"Utrecht University, The Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9237-221X","authenticated-orcid":true,"given":"Marco","family":"Spruit","sequence":"additional","affiliation":[{"name":"Utrecht University, The Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"jisp.2012010102-0","unstructured":"Asadoorian, P. (2007). Escaping from the virtualization cave. PaulDotCom. Retrieved July 12, 2011, from http:\/\/www.pauldotcom.com\/2007\/07\/31\/escaping_from_the_virtualizati.html"},{"key":"jisp.2012010102-1","unstructured":"Benson, T., Sahu, S., Akella, A., & Shaikh, A. (2010). A first look at problems in the cloud. In Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, Boston, MA (pp. 1-7). Berkeley, CA: USENIX."},{"key":"jisp.2012010102-2","unstructured":"Chen, Y., Paxson, V., & Katz, R. H. (2010). What\u2019s new about cloud computing security (Tech. Rep. No. UCB\/EECS-2010-5, Vol. 20). Berkeley, CA: University of California. Retrieved from http:\/\/www.eecs.berkeley.edu\/Pubs\/TechRpts\/2010\/EECS-2010-5.pdf"},{"key":"jisp.2012010102-3","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., & Zamboni, D. (2009). Cloud security is not (just) virtualization security. In Proceedings of the ACM Workshop on Cloud Computing Security (p. 97). New York, NY: ACM.","DOI":"10.1145\/1655008.1655022"},{"key":"jisp.2012010102-4","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.9.3.458"},{"key":"jisp.2012010102-5","doi-asserted-by":"crossref","unstructured":"Das, A. S., & Srinathan, K. (2007). Privacy preserving cooperative clustering service. In Proceedings of the 15th International Conference on Advanced Computing and Communications, Guwahati, India (pp. 435-440). Washington, DC: IEEE Computer Society.","DOI":"10.1109\/ADCOM.2007.52"},{"key":"jisp.2012010102-6","unstructured":"Feigenbaum, J., Pinkas, B., Ryger, R. S., & Saint Jean, F. (2004). Secure computation of surveys. In Proceedings of the EU Workshop on Secure Multiparty Protocols (pp. 1-6)."},{"key":"jisp.2012010102-7","unstructured":"Forum, J. (2009). Cloud cube model: Selecting cloud formations for secure collaboration. Retrieved from http:\/\/www.opengroup.org\/jericho\/cloud_cube_model_v1.0.pdf"},{"key":"jisp.2012010102-8","doi-asserted-by":"crossref","unstructured":"Foster, I., Zhao, Y., Raicu, I., & Lu, S. (2008). Cloud computing and grid computing 360-degree compared. In Proceedings of the Grid Computing Environments Workshop, Austin, TX (pp. 1-10). Washington, DC: IEEE Computer Society.","DOI":"10.1109\/GCE.2008.4738445"},{"key":"jisp.2012010102-9","unstructured":"Ghinste, B. V. (2010). Gartner: Private cloud computing plans from conference polls. MSDN Blogs. Retrieved June 27, 2011, from http:\/\/blogs.msdn.com\/b\/architectsrule\/archive\/2010\/05\/07\/gartner-private-cloud-computing-plans-from-conference-polls.aspx"},{"key":"jisp.2012010102-10","unstructured":"Gilder, G. (2006). The information factories. Wired.com. Retrieved June 27, 2011, from http:\/\/www.wired.com\/wired\/archive\/14.10\/cloudware_pr.html"},{"key":"jisp.2012010102-11","article-title":"Secure multi-party computation","volume":"Vol. 2","author":"O.Goldreich","year":"2000","journal-title":"Foundations of cryptography"},{"key":"jisp.2012010102-12","unstructured":"Hao, F., Lakshman, T., Mukherjee, S., & Song, H. (2010). Secure cloud computing with a virtualized network infrastructure. In Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, Boston, MA (pp. 16-16). Berkeley, CA: USENIX."},{"key":"jisp.2012010102-13","doi-asserted-by":"crossref","unstructured":"Hogben, G., & Catteddu, D. (2009). Cloud computing: Benefits, risks and recommendations for information security. In C. Serr\u00e3o, V. Aguilera D\u00edaz, & F. Cerullo (Eds.)Web application security (Vol. 72). Berlin, Germany: Springer-Verlag. Retrieved from http:\/\/www.enisa.europa.eu\/act\/rm\/files\/deliverables\/cloud-computing-risk-assessment\/at_download\/fullReport","DOI":"10.1007\/978-3-642-16120-9_9"},{"key":"jisp.2012010102-14","doi-asserted-by":"crossref","unstructured":"Hu, H., & Xu, J. (2009). Non-exposure location anonymity. In Proceedings of the IEEE 25th International Conference on Data Engineering, Shanghai, China (pp. 1120-1131). Washington, DC: IEEE Computer Society.","DOI":"10.1109\/ICDE.2009.106"},{"key":"jisp.2012010102-15","doi-asserted-by":"crossref","unstructured":"Jensen, M., Schwenk, J., Gruschka, N., & Iacono, L. L. (2009). On technical security issues in cloud computing. In Proceedings of the IEEE International Conference on Cloud Computing, Bangalore, India (pp. 109-116). Washington, DC: IEEE Computer Society.","DOI":"10.1109\/CLOUD.2009.60"},{"key":"jisp.2012010102-16","unstructured":"Kaliski, B. S., Jr., & Pauley, W. (2010). Toward risk assessment as a service in cloud environments. In Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, Boston, MA (pp. 13-13). Berkeley, CA: USENIX."},{"key":"jisp.2012010102-17","unstructured":"Ko, S. Y., Jeon, K., & Morales, R. (2011). The HybrEx model for confidentiality and privacy in cloud computing. In Proceedings of the Conference on Hot Topics in Cloud Computing, Portland, OR. Berkeley, CA: USENIX. Retrieved from http:\/\/www.usenix.org\/event\/hotcloud11\/tech\/final_files\/Ko.pdf"},{"key":"jisp.2012010102-18","unstructured":"Krautheim, F. J. (2009). Private virtual infrastructure for cloud computing. In Proceedings of the Conference on Hot Topics in Cloud Computing, San Diego, CA (p. 5). Berkeley, CA: USENIX."},{"key":"jisp.2012010102-19","doi-asserted-by":"crossref","unstructured":"Li, A., Yang, X., Kandula, S., & Zhang, M. (2010). CloudCmp: Shopping for a cloud made easy. In Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, Boston, MA (p. 5). Berkeley, CA: USENIX.","DOI":"10.1145\/1879141.1879143"},{"key":"jisp.2012010102-20","unstructured":"McAfee. (2009). Technical FAQ. Security. Santa Clara, CA: Author. Retrieved from http:\/\/www.mcafee.com\/us\/resources\/white-papers\/wp-saas-faq.pdf"},{"key":"jisp.2012010102-21","unstructured":"Mehta, N., & Smith, R. (2007). VMWare DHCP server remote code execution vulnerabilities. IBM Internal Security Systems. Retrieved July 12, 2011, from http:\/\/www.iss.net\/threats\/275.html"},{"key":"jisp.2012010102-22","doi-asserted-by":"crossref","unstructured":"Mell, P., & Grance, T. (2010). NIST definition of cloud computing v15. Retrieved from http:\/\/www.csrc.nist.gov\/groups\/SNS\/cloud-computing\/cloud-def-v15.doc","DOI":"10.6028\/NIST.SP.800-145"},{"key":"jisp.2012010102-23","doi-asserted-by":"crossref","unstructured":"Mowbray, M., & Pearson, S. (2009). A client-based privacy manager for cloud computing. In Proceedings of the Fourth International ICST Conference on Communication System Software and Middleware, Dublin, Ireland (p. 1). New York, NY: ACM.","DOI":"10.1145\/1621890.1621897"},{"key":"jisp.2012010102-24","author":"A.Mulholland","year":"2010","journal-title":"Enterprise cloud computing"},{"key":"jisp.2012010102-25","unstructured":"Ormandy, T. (2007). An empirical study into the security exposure to host of hostile virtualized environments. In Proceedings of the CanSecWest Applied Security Conference, Vancouver, BC, Canada."},{"key":"jisp.2012010102-26","unstructured":"Peterson, Z., & Gondree, M. (2011). A position paper on data sovereignty: The importance of geolocating data in the cloud. In Proceedings of the Conference on Hot Topics in Cloud Computing, Portland, OR. Berkeley, CA: USENIX. Retrieved from http:\/\/www.usenix.org\/event\/hotcloud11\/tech\/final_files\/Peterson.pdf"},{"key":"jisp.2012010102-27","doi-asserted-by":"crossref","unstructured":"Popa, L., Yu, M., Ko, S. Y., Ratnasamy, S., & Stoica, I. (2010). CloudPolice: Taking access control out of the network. In Proceedings of the Ninth ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, CA (p. 7). New York, NY: ACM.","DOI":"10.1145\/1868447.1868454"},{"key":"jisp.2012010102-28","unstructured":"Reuters. (2008). What on Earth is \u201ccloud computing\u201d? Reuters. Retrieved June 27, 2011, from http:\/\/blogs.reuters.com\/mediafile\/2008\/09\/25\/what-on-earth-is-cloud-computing\/"},{"key":"jisp.2012010102-29","unstructured":"Richter, W., Ammons, G., Harkes, J., Goode, A., Bila, N., de Lara, E., et al. (2011). Privacy-sensitive VM retrospection. In Proceedings of the Conference on Hot Topics in Cloud Computing, Portland, OR (pp. 1-6). Berkeley, CA: USENIX. Retrieved from http:\/\/www.usenix.org\/events\/hotcloud11\/tech\/final_files\/Richter.pdf"},{"key":"jisp.2012010102-30","doi-asserted-by":"crossref","unstructured":"Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, you, get off my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL (pp. 199-212). New York, NY: ACM.","DOI":"10.1145\/1653662.1653687"},{"key":"jisp.2012010102-31","unstructured":"School, W. B. (2005). Delphi decision aid. Retrieved October 5, 2010, from http:\/\/armstrong.wharton.upenn.edu\/delphi2\/"},{"key":"jisp.2012010102-32","doi-asserted-by":"crossref","first-page":"1","DOI":"10.28945\/199","article-title":"The Delphi method for graduate research.","volume":"6","author":"G. J.Skulmoski","year":"2007","journal-title":"Journal of Information Technology Education"},{"key":"jisp.2012010102-33","doi-asserted-by":"crossref","unstructured":"Tiwana, B., Balakrishnan, M., Aguilera, M. K., Ballani, H., & Mao, Z. M. (2010). Location, location, location! Modeling data proximity in the cloud. In Proceedings of the Ninth ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, CA (p. 15). New York, NY: ACM.","DOI":"10.1145\/1868447.1868462"},{"key":"jisp.2012010102-34","doi-asserted-by":"crossref","unstructured":"Troncoso-Pastoriza, J. R., & P\u00e9rez-Gonz\u00e1lez, F. (2010). CryptoDSPs for cloud privacy. In Proceedings of the Workshop on Cloud Information System Engineering, Hong Kong, China (pp. 1-12). New York, NY: ACM.","DOI":"10.1007\/978-3-642-24396-7_34"},{"key":"jisp.2012010102-35","doi-asserted-by":"publisher","DOI":"10.1145\/1496091.1496100"},{"key":"jisp.2012010102-36","doi-asserted-by":"publisher","DOI":"10.1145\/1734160.1734165"},{"key":"jisp.2012010102-37","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2009.23"},{"key":"jisp.2012010102-38","unstructured":"Wang, C., & Zhou, Y. (2010). A collaborative monitoring mechanism for making a multitenant platform accountable. In Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, Boston, MA (pp. 18-25). Berkeley, CA: USENIX. Retrieved from http:\/\/www.usenix.org\/event\/hotcloud10\/tech\/full_papers\/WangC.pdf"},{"key":"jisp.2012010102-39","doi-asserted-by":"crossref","unstructured":"Wang, Q., Luo, Y., & Huang, L. (2008). Privacy-preserving protocols for finding the convex hulls. In Proceedings of the Third International Conference on Availability, Reliability and Security (pp. 727-732). Washington, DC: IEEE Computer Society.","DOI":"10.1109\/ARES.2008.11"},{"key":"jisp.2012010102-40","doi-asserted-by":"crossref","unstructured":"Wang, Q., Wang, C., Li, J., Ren, K., & Lou, W. (2009). Enabling public verifiability and data dynamics for storage security in cloud computing. In M. Backes & P. Ning (Eds.), Proceedings of the 14th European Symposium on Computer Security (LNCS 5789, pp. 355-370).","DOI":"10.1007\/978-3-642-04444-1_22"},{"key":"jisp.2012010102-41","unstructured":"Williams, D., Elnikety, E., Eldehiry, M., Jamjoom, H., Huang, H., & Weatherspoon, H. (2011). Unshackle the cloud! In Proceedings of the Conference on Hot Topics in Cloud Computing, Portland, OR. Berkeley, CA: USENIX. Retrieved from http:\/\/www.cs.cornell.edu\/~djwill\/pubs\/unshackle.pdf"},{"key":"jisp.2012010102-42","unstructured":"Wood, T., Cecchet, E., Ramakrishnan, K., Shenoy, P., Van Der Merwe, J., & Venkataramani, A. (2010). Disaster recovery as a cloud service: Economic benefits & deployment challenges. In Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing (p. 8). Berkeley, CA: USENIX."},{"key":"jisp.2012010102-43","unstructured":"Wood, T., Gerber, A., Ramakrishnan, K., Shenoy, P., & Van der Merwe, J. (2009). The case for enterprise-ready virtual private clouds. In Proceedings of the Conference on Hot Topics in Cloud Computing, Monterey, CA (pp. 4-9). Berkeley, CA: USENIX."},{"key":"jisp.2012010102-44","doi-asserted-by":"crossref","unstructured":"Yao, A. C. (1982). Protocols for secure computations. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, Chicago, IL (pp. 160-164). Washington, DC: IEEE Computer Society.","DOI":"10.1109\/SFCS.1982.38"}],"container-title":["International Journal of Information Security and Privacy"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=64344","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T16:17:05Z","timestamp":1654100225000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jisp.2012010102"}},"subtitle":["The SeCA Model"],"short-title":[],"issued":{"date-parts":[[2012,1,1]]},"references-count":45,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2012,1]]}},"URL":"https:\/\/doi.org\/10.4018\/jisp.2012010102","relation":{},"ISSN":["1930-1650","1930-1669"],"issn-type":[{"value":"1930-1650","type":"print"},{"value":"1930-1669","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,1,1]]}}}