Tian Xia, Hironori Washizaki, Takehisa Kato, Haruhiko Kaiya, Shinpei Ogata, Eduardo B. Fernandez, Hideyuki Kanuka, Masayuki Yoshino, Dan Yamamoto, Takao Okubo, Nobukazu Yoshioka and Atsuo Hazeyama, “Cloud Security and Privacy Metamodel: Metamodel for Security and Privacy Knowledge in Cloud Services,” 6th International Conference on Model-Driven Engineering and Software Development (MODELSWARD 2018), short paper, FUNCHAL, MADEIRA – Portugal 22 – 24 January, 2018.

Security and privacy are important in cloud services. Numerous security and privacy patterns as well as nonpattern-based knowledge such as practices and principles exist in cloud services. Selecting and combining the appropriate knowledge is difficult due to numerous options and the nature of the layered cloud stack. Herein we propose a metamodel called the Cloud Security and Privacy Metamodel (CSPM) to handle security and privacy in cloud service development and operations. CSPM can classify and support existing cloud security and privacy patterns and practices in a consistent and uniform manner. Moreover, we propose a security and privacy aware process to develop cloud system utilizing CSPM. Several case studies verify the effectiveness and usability of our approach. As a result, we confirmed effectiveness and usability of CSPM, as well as some possible future work.