Abstract
Cloud computing is a business paradigm, where cloud providers offer resources (e.g., storage, computing, network) and cloud consumers use them after accepting a specific service level agreement. Cloud requirements can rapidly change over time, so organizations need to count with rapid methods to elicit, analyze, specify, verify, and manage dynamic requirements in a systematic and repeatable way. The existing works of this field are generally focused in a limited number of requirements and capabilities for cloud services. This chapter aims to provide a comprehensive and systematic literature review of academic researches done in requirements engineering for cloud computing area. During this study, some approaches for cloud computing were found that considered a limited number of characteristics (e.g., security, privacy, performance) and few activities involving diverse stakeholders. Generally, cloud stakeholders have got neither guidelines nor standards to manage multiple aspects of services in cloud environments. Thus, a literature review was first conducted and five dimensions are discussed (i.e., Contractual, Compliance, Financial, Operational, and Technical) in order to classify cloud characteristics, specify requirements, and support cloud contracts. Different specialists and experts may be requested to evaluate particular dimensions in the service level agreement and cloud service adoption. Finally, a simple sample is given to illustrate how to identify the cloud dimensions.
Access provided by CONRICYT-eBooks. Download chapter PDF
Similar content being viewed by others
Keywords
- Cloud computing
- Requirements engineering
- Cloud dimension
- Requirements specification
- Literature review
- Information system
- Service level agreement
1 Introduction
Cloud computing is an Internet-based business where service providers offer information and communication technology (ICT) resources by optimizing physical and logical infrastructure, and service consumers pay only those which they use for storing, analyzing, processing, transferring, and managing data in provider’s resources. Cloud computing enables organizations to consume ICT resources as a utility (like gas and electricity), rather than having to invest and maintain on-premise computing infrastructures. Thus, cloud computing is changing the way in which companies are doing business and dealing with information technology.
Even though the success of any software solution depends mostly in the identification of requirements in early stages of software development [1], it is shown that there are not well-known foundations and methodologies for handling cloud requirements in the academic community [2, 3]; and no empirical evidence was found about how to elicit and manage requirements in cloud domain [4]. Therefore, a systematic literature review is necessary to compile all the evidences of requirements engineering activities in this context, to synthesize high-level insights from published studies, and to consider the challenges presented in research results. Individual published studies considered in systematic reviews are called primary studies, so systematic reviews are labeled secondary studies [5].
Primary studies have reported experiences and lessons learned from applying diverse methods and techniques for adopting cloud services. The secondary study presented in this chapter is expected to identify, analyze, and interpret those primary researches, in order to contribute to the existing knowledge bases and to improve the state of the practice in requirements engineering for cloud computing.
It is a fact that cloud environments are stochastic and dynamic, so it is complex to manage cloud requirements in a systematic and repeatable way [3], especially when requirements rapidly change in a non-predictive manner. The main causes why cloud requirements change are: (a) organizational policies change the business priorities, so the requirements have to be aligned with the new scope and goals; (b) environment and marketplace change by the addition of competitors or new business targets; (c) legislation changes may request new forms, features, and security algorithms in cloud applications; and (d) new technology solutions appear. Thus, the main objective of this work is to understand and carefully analyze cloud computing domain, considering published researches in the field of requirements engineering, in order to identify and quantify research topics on requirements engineering in cloud computing.
The NIST introduces a cloud definition framework, where there are five main characteristics (i.e., broad network access, rapid elasticity, measured service, on-demand self-service, and resource pooling), five roles (i.e., consumer, provider, auditor, carrier, and broker), three service models (i.e., Software as a Service , Platform as a Service , and Infrastructure as a Service ), and four deployment models (i.e., public cloud, private cloud, community cloud, and hybrid cloud) [6]. In this contribution, the NIST cloud definition framework is also extended and five cloud dimensions are added (i.e., contractual, financial, compliance, operational, and technical) after conducting a literature review.
The five proposed cloud dimensions link static properties (e.g., contractual aspects) and dynamic requirements (e.g., technical and operational aspects). Some dimensions may be separately analyzed by domain experts (e.g., compliance dimension is analyzed by lawyers in small and medium-sized enterprises). The final purpose is to bind different service perspectives in order to manage cloud service adoption. This chapter aims to consolidate different cloud aspects to fluidly satisfy consumer dynamic requirements. In conclusion, cloud consumers (i.e., organizations and users) are provided with accurate information to address their requirements to service offers and cloud providers are fitted with precise attributes to offer service capabilities. This avoids potentially ambiguous terms.
The rest of this paper is organized as follows. Section 3.2 introduces some insights about cloud computing and requirements engineering. Section 3.3 presents a brief discussion about the findings and some graphs of the literature review. In Sect. 3.4, the proposed dimensions and some models are proposed in order to facilitate cloud requirements specification. Finally, Sect. 3.5 discuses the final remarks and future works.
2 Background
Cloud computing is a paradigm of external arrangement, where third party services are contracted according to Service Level Agreements (SLA) between cloud providers and service consumers, by means of Internet protocols. In this way, cloud providers optimize the usability of their own technology infrastructure offering storage solutions (hosting) and computer services (outsourcing), and cloud consumers pay for cloud services taking into account the type of service charge (i.e., pay per use, subscription, etc.) [6, 7]. The cloud environments are stochastic and dynamic, so it is complex to identify, clarify, and manage cloud requirements in a systematic way [3, 8], especially when services and requirements change in an unpredictable manner.
Requirements engineering is the field of software engineering dedicated to identify, analyze, specify, and validate software requirements [9]. The software requirements represent the needs and constraints considered in the software solution of a real problem.
Requirements engineering is related to software design, software testing, software maintenance, configurations management, quality assurance, and other processes of software engineering. Pohl in his book [10] considers elicitation, analysis, specification, validation/verification, and management of requirements, as requirements engineering processes. In addition, Flores et al. assume that requirements engineering process for general services involve the next activities [11]:
-
1.
Requirements Specification : service requirements are identified.
-
2.
Requirements Analysis : requirements are analyzed in detail and possible conflicts between them are examined.
-
3.
Requirements Validation : requirements consistency and completeness must be evaluated.
-
4.
Requirements Management : it supports all activities and solutions during RE process.
Wieger in [1] classifies requirements engineering artifacts in: business requirements, scenarios and uses cases, business rules, functional requirements, quality attributes, external interface requirements, constraints, data definitions, and potential software solutions. Moreover, Pohl specifies goals, scenarios, and requirements oriented to the software solutions, as part of the RE artifacts [10].
In cloud computing, requirements engineering approaches are mostly concentrated in object-oriented artifacts and service-oriented tools. Thus, some authors adjusted existing tools, languages, and methodologies to this paradigm. The biggest challenge in cloud computing is the lack of standard, that help meet the objectives covering many different aspects of cloud services [12]. Existing requirements engineering processes for cloud computing are generally about a limited number of nonfunctional requirements. Moreover, most of the approaches about cloud requirements are focused on particular characteristics, as security [8], privacy [13], availability, and other performance aspects [14, 15].
However, cloud business paradigm is still growing popularity, because cloud offers and cloud demands are rising at the marketplace. Cloud providers optimize their physical infrastructure offering IT resources as cloud services, and consumers outsource solutions adopting cloud models (i.e., Software as a Service , Platform as a Service , and Infrastructure as a Service ). In consequence, cloud computing is very complex to administrate because of the dynamism imposed by the context, i.e., elastic resources (released, turned off/on, resized, scaled up/down), stochastic requirements depending of business changes (peak/nonpeak times), heterogeneous consumers from different places and jurisdictions, distributed systems, and remote manage.
Some authors propose frameworks and methods, but there is no available empirical evidence on the elicitation methods utilized by cloud providers [4]. For instance, Repschlaeger et al. [2] present a framework that includes evaluation criteria to adopt cloud services, and Schrödl and Wind [16] propose a framework to validate established process models for RE in regards to the implementation for cloud computing. Schrödl and Wind conclude that none of the common models (V-model, Volere, Extreme Programming, and Rational Unified Process) is suitable to cover the needs of requirements engineering under cloud computing.
Small and medium-sized enterprises also develop projects for adopting cloud services and migrating legacy systems to cloud environments. Besides cloud projects are a major trend in IT solutions [17], little information about frameworks and methods for supporting projects during system development life cycle for this domain is given [18]. In addition, the lack of requirements engineering methods promotes the occurrence of unpredictable risks related with incorrect or unjustified decisions which can be made during project plan developments. There are no standardized processes to manage requirements engineering activities or to decide how they should be performed, and organizations try to adapt existing techniques or create new one for supporting cloud projects, missing suitable, and systematic guidance [3, 4]. Thus, this chapter aims to provide a comprehensive and systematic literature review of the academic research done in requirements engineering for cloud computing, and introduces the main concerns in this area. Having an overview about methods and techniques for handling cloud requirements , providers and consumers can implement existing approaches taking into account different dimensions for cloud services. Regarding this background, different aspects of requirements are considered for cloud computing by identifying and classifying core concepts within existing academia literature. Security is one of the most relevant issues in cloud computing community [18, 19]. Moreover, IT governance, legal, laws, ethical, standards, and managerial issues are not completely considered in the researches done in this area [20, 21].
In order to conduct this review, several reviews and mapping studies about cloud computing were first consulted, because they compile all the evidence about contributions and synthesize high-level insights from primary studies during past years. In fact, there was not found any general peer-reviewed paper on requirements engineering for cloud computing specifically, while secondary researches found showed that academic community is mainly focused on only specific characteristics of cloud services, i.e., security [19, 21–24], technological aspects [17], accounting models [25], quality of services [26, 27], and service composition [28]. The proposed cloud dimensions for requirements engineering are derived from those characteristics.
3 Literature Review
Selecting digital libraries and relevant databases was crucial for this secondary research (literature review). Four popular digital libraries were chosen: IEEE Xplore Digital Library, ACM Digital Library, Elsevier ScienceDirect, and SpringerLink. Those libraries covered important works in requirements engineering and cloud computing. However, some considerations were made on the research scope and strategy of this research. First, Google Scholar engine was taken out of the scope, because it returned the largest number of duplicate articles during the search simulations. Second, ACM Digital Library returned similar results offered by IEEE and Springer engines, but it also returned some relevant studies. Third, it was not found relevant evidence of related works about cloud requirements before 2009 during the pilot searches, so the manual search of primary studies in digital libraries published between 2009 and 2015 was planned. Finally, the basic query string was searched within titles and calibrated regarding each engine. Data extraction and selection process was undertaken using the steps described in Fig. 3.1.
Selection process of the literature review
Advanced search options for each database source were used that allowed to improve the inclusion of articles related to the study. Even though some articles were first picked by title and abstract, they were no precisely about requirements engineering for cloud computing. Thus, some articles were excluded from the set of relevant primary studies after considering the inclusion and exclusion criteria. The inclusion and exclusion criteria which were applied in this literature reviews are listed in Table 3.1. Search engines previously mentioned returned a list of studies as result of the research protocol which also were considered in three phases of manual inspection. First, each paper was scanned to ensure that its contributions were related to the scope of this review. Then, some studies were selected after applying the criteria on each title, abstract, keywords, and conclusion. Finally, each full-text was analyzed considering the criteria in order to decide whether or not a study should be involved in this review.
From the list of selected articles, the tendency of publication date was evaluated, and it is showed in Fig. 3.2. The interest in the topic has changed over time, and half of the selected studies put attention to security and privacy aspects of cloud computing. Most of the articles were published in 2013, but only two articles were written by the same authors and two articles were published in the same journal. It seems that cloud computing fundamentals and processes are occasionally considered by researchers in different journals and scientific events. However, several organizations and workgroups were found to be working on standards and processes, such as National Institute of Standards and Technology (NIST),Footnote 1 Cloud Standard Customer Council (CSCC),Footnote 2 IEEE Cloud Computing Standard Study Group (IEEE CCSSG),Footnote 3 and Open Cloud Consortium (OCC).Footnote 4
Number of studies per year
To conduct the literature review, eight research questions were formulated. The research questions and the findings are graphically evaluated below.
RQ1: What are the main requirements engineering approaches investigated in cloud computing?
From the selected primary studies, it can be noted that frameworks and methodologies motivated research activities on the field of cloud computing. Recently, contributions proposed frameworks to evaluate and to handle requirements for cloud computing projects, however there are not well-known tools and automatic techniques supporting cloud adoption. The answer of this question is summarized in Fig. 3.3.
Main requirements engineering approaches (RQ1)
RQ2: What phases and activities of requirements engineering do the approaches support?
The results for this question are shown in Fig. 3.4. Requirements engineering activities were listed and answer “All” were considered when the contribution was generic and represented all activities in its process. The most studied activities were requirements elicitation and requirements specification, and some authors considered both activities in the same step in requirements engineering process. Requirements validation was not considered in the primary studies, and it was concluded that this activity was difficult to carry on especially because stakeholders have limited control over the services.
Phases and activities of requirements engineering (RQ2)
RQ3: Who are the actors/stakeholders or roles considered in the approaches?
For this question, the roles presented by NIST [29] were considered, i.e., consumer, provider, broker, carrier, and auditor. The results are presented in Fig. 3.5. Most of the selected papers had consumers as main actors during requirements engineering activities. Carrier that supports transportation of service and auditor that evaluates the service provided were explicitly out of the primary study scopes. Developer role was considered in several studies, but analyst, consultant, and manager were not implicitly considered. During the research, answer “stakeholder” was selected when the contribution was general, unclear about who were the target actors, or focused on several actors.
Actors/stakeholders/roles considered in the approaches (RQ3)
RQ4: What are the cloud requirements and attributes covered in the studied literature?
Most of the studies were focused on specific attributes and requirements, and the results are shown in Fig. 3.6. Security is the most studied aspect of cloud computing in the field of requirements engineering. Cloud security is a trend topic and many research groups try to find a way for guaranteeing security in cloud services. Privacy , trust, and access control can be considered as part of security aspects.
Cloud requirements attributes covered in the studies (RQ4)
RQ5: What are the domains involved in the primary studies?
Figure 3.7 presents the different domains announced in the studies. The selected approaches were mainly general and with little information about domains and supported areas. Several primary studies considered banking, healthcare, and enterprise scenarios. However, there was strong tendency to integrate many domains in the same solution, “General” in Fig. 3.7, so it is concluded that general and generic approaches are needed for handling cloud requirements suitable to all domains.
Domains involved in the studies (RQ5)
RQ6: What are the cloud computing models considered in the proposals?
Deployment models were not taken into account in the selected papers and most studies did not specify any service model as study scope. Figure 3.8 shows the final results. Only one article [30] considered Platform as a Service and Software as a Service in the same approach. Software as Service is the most studied model, because cloud service adoption was mainly related to application development and programs in the primary studies. “General” in Fig. 3.8 indicates that authors did not specify the models and the proposal is generic.
Cloud computing models considered in the studies (RQ6)
RQ7: How automatable are the approaches?
For this question, there were three possible answers and semiautomatic approaches were often presented in the primary studies. There were many contributions that presented some manual activities supported by tools or programs, but only three studies [31–33] presented automatic and automatable approaches for requirements engineering in cloud computing. The results are shown in the pie chart presented in Fig. 3.9.
Automated approaches in cloud computing
RQ8: What are the open issues and publication trends in requirements engineering for cloud computing?
Cloud services are deployed in multiple resources shared by many different stakeholders [34, 35], and the main challenge is how to elicit commonalities and variances of numerous consumer requirements [36]. So far, there was identified a large amount of issues towards legal constraints [37–40], privacy , access control , and security requirements [13, 31–34, 41–46]. However, several approaches were also focused on functional aspects [36, 47], nonfunctional requirements [48], trust and reputation characteristics [35], and other requirements [3]. In the same manner, specific primary studies considered important to analyze separately billing attributes [49], architectural aspects [12], autonomic requirements [50], brokerage regulations [30], and contractual ruling [51].
Quality Assessment. Finally, a quality assessment considering a scale from 0 to 1 was conducted. The goal was to detect those primary studies with low quality or irrelevant contribution. Quality assessment of the studies considered was a significant part into the research protocol, because it helped reviewers to evaluate whether the contribution of each study was relevant for this review or not. In order to detect the level of significance of each study, six quality assessment questions and possible scores based on [52] were defined, and the final checklist was built, as follow:
-
QA1: How clear was the approach presented in the study?
-
QA2: How relevant and mature was the approach for cloud computing?
-
QA3: How detailed were the activities explained in the approach?
-
QA4: How clear was the approach applied in the application domain?
-
QA5: How complete was the list of goals and requirements considered in the approach?
-
QA6: How flexible and extensible was the approach presented in the study?
In Table 3.2, the number of papers that present high, medium, and low values for each of the qualitative questions is summarized. In conclusion, most of the studies were over the medium values.
Finally, it can be concluded that cloud computing is a traversal field and it can be studied in different domains (i.e., health, insurance, financial, etc.). However, cloud computing processes are occasionally considered by researchers in different journals and scientific events. The literature failed to provide a systematic approach to identify requirements and select the most suitable cloud service provider based on such requirements [13]. Nowadays, consumers have to trust providers taking into account functional attributes, price, and provider’s reputation and market share [13, 35, 41].
4 Discussions
From a set of 187 documents, only 26 relevant works have been selected and some terms were extracted to define the vocabulary of cloud computing. The terms are classified into five cloud dimensions. Each proposed dimension represents a specific aspect of cloud computing, and cloud adoption process should consider those dimensions in order to completely satisfy service requirements. For each dimension, service consumers should also follow the most suitable requirements engineering methods considering the nature of their requirements. The NIST cloud definition framework [6] is presented in Fig. 3.10 and the five dimensions are added.
Extension of the NIST cloud definition framework [6]
The proposed dimensions show the semantic connections among such terms, and the cloud domain knowledge can be inferred from it. The dimensions are related to cloud services and SLA, and they can also be used to identify cloud requirements and constraints in natural language documents, such as request for proposal and software specification template. Organizations may also consider having experts in diverse fields (such as accounting manager, lawyer for legal terms, etc.) to elicit specific requirements for each dimension, especially for billing and law regulation.
The idea of cloud computing as a multidimensional paradigm is not new. For instance, Repschlaeger et al. [53] presented six target dimensions based on general objective which stakeholders pursue: (1) service and cloud management; (2) IT security and compliance; (3) reliability and trustworthiness; (4) scope and performance; (5) costs; and (6) flexibility. Pichan et al. [54] considered three dimensions to analyze services in cloud computing: (1) technical; (2) organizational; and (3) legal. However, practitioners also deal with other requirements and capabilities that research question four (RQ4) has showed. For example, IT contracts include terms regarding technical properties, financial factors, compliance restrictions, operational responsibilities, and contractual aspects in cloud computing.
In this contribution, cloud service dimensions are considered the basis for specifying cloud requirements and capabilities. The cloud dimensions are explained below.
Contractual Dimension . Contract trails specify stakeholders, disclaims, and general agreements between parties (i.e., “Supporting Party” and “Signatory Party”). This dimension covers all organizational aspects of cloud service level agreement. It includes actors (i.e., “Provider”, “Consumer”, “Broker”, “Carrier”, and “Auditor”), time periods and contract duration (i.e., attributes of “Contract”), and objects like binding in “Service Level Agreements” (SLA), similar to the information of business contractual headlines. Communication between actors is very important, thus contractual dimension also specifies roles, responsibilities, and relations between actors (i.e., “Term of Service”). “Umbrella Agreement” specifies all agreements and contracts with similar provider and characteristics. For the requirements elicitation of contractual dimensions, Bochicchi et al. [51] proposed an approach based on contract management process modeling and information modeling to extend the current generation of open contract management tools.
Financial Dimension . Economic aspects of cloud services are involved in “Billing”, “Pricing”, “Account” and “Credit”. This dimension is defined considering cloud computing as a utility [15], where economic and financial capabilities play a central role in cloud adoption [55]. Cloud service provider employs pricing plan (i.e., renting, usage-based pricing), in which cloud service consumers pay proportionally to the amount of time or resource they use [14]. This dimension involves all aspects of cloud agreements for billing, such as pay methods, credit management, and cost variables. Klems et al. [18] presented a framework to estimate cloud computing costs. For analyzing requirements of billing management, Iwashita et al. [49] represented some approaches based on the Soft Systems Methodology (SSM) with Unified Modeling Language (UML). Finally, “Penalty” is also part of this dimension, because it has always an economic impact.
Compliance Dimension . Regulations (i.e., “Guarantee” and “Remedy”) that restrict cloud services such as legal, standards, and proceedings. They describe all legal and regulatory restrictions for cloud service adoption [56], and it also specifies government regulation, business standards, security policy, and privacy certifications which cloud service should be compliant with [57]. The restrictions are part of “Policy” strictly imposed in order to respect laws and regulations in the place where data resides or is collected (i.e., “ Jurisdiction ”). “Remedy” involves “Penalty” when a “Policy” is violated. The consumer should pay attention to all requirement dimensions at a given time and describe in details some specifications about security, privacy, data manipulation, performance, and availability under “Policy” class. For instances, several approaches may be suitable for analyzing Compliance Dimensions. Mouratidis et al. [13] present a methodology that supports just elicitation and security of privacy requirements in cloud computing, by the understanding of the organizational context (i.e., goals, actors, tasks, resources, and plan) and the analysis of constraints, threats, and vulnerabilities [58]. Beckers et al. [41] contribute a catalog of security and privacy requirement patterns that support engineers in eliciting compliance requirements [31, 37]. Ficco et al. [42] present the development of a methodology that considers security concerns as an integral part of cloud-based applications design and implementation. Humberg et al. [39] developed an approach to represent regulations in the form of ontologies, which can then be used to examine a given system for compliance requirements in cloud computing.
Operational Dimension. All characteristics that cover specifications about service management, deployment, and access control . Operational Dimension is related to “Service Description”, “Virtual Resource” and “Physical Resource”. It is based on usual events (such as restore, maintain, configuration, and backups) and unusual events (such as incident management and recovery). By considering operational aspects, the cloud providers must have efficient means to support resource allocation and scheduling decisions to remain competitive [59]. Bao et al. [60] proposed a measurement method, which mainly measures availability and performance of cloud services and it supports operational decisions. Simultaneously, it is important to ensure the confidentiality of co-tenants who share the same infrastructure by auditing virtual behavior. Operative Dimension explains all aspects to keep the service running and meet the changes in runtime. In requirements engineering, Rimal et al. [12] classified architectural features according to the requirements of end users and provided key guidelines to software architects and cloud computing application developers for creating future architectures.
Technical Dimension . It encompasses functional properties and measurable aspects of cloud service. Some key performance indicators are measured using a set of measureable properties. Technical aspects are specified in SLA to understand, compare, and control SLA. Measurable and technical factors that need “Indicator”, “Metric”, “Measure”, “Unit”, “Collection Method”, and “Function”. “Service Level Objective” is used to compare “Current Value” audited by the “Monitor”. All technical aspects are requested to defined cloud services. For Technical Dimension and application requirements, Sun et al. [47] provided a framework for searching the cloud market for a set of products that meet those requirements, using ontologies. Zardari and Bahsoon [36] also proposed a process for cloud adoption considering cloud requirements and Goal Oriented Requirements Engineering (GORE).
There are a number of overlapping properties and classes within the five dimensions, such as “Monitor”, “Account”, and “Penalty”. “Monitor” is requested to ensure that cloud services do not break the laws and regulations in the jurisdiction where data resides or is collected, simultaneously ensuring the confidentiality of co-tenants who share the same infrastructure [54]. Thus, frequent audits should be performed on the dimensional properties to monitor compliance with security terms and to ensure adherence to agreements terms, performance standards, procedure, and regulations [61, 62]. Most of the time services are like “black boxes” to cloud consumers, so services are evaluated by their behavior (i.e., comparing its inputs, outputs, and performance level) with the expected results [58].
The service consumer, as a requirements engineer, may compare different methodologies (BPMN, UML, GoRE, SecureUML, Secure i*, Tropos, KAOS, and SQUARE) and present a conceptual framework with a strong focus on security and compliance for cloud computing. The consumer may also combine the approaches to come to the definition of the requirements, because some approaches may be focused on just few requirements engineering activities and different dimensions.
5 Sample Scenario: Sales Company
In this section, there is a sample about how to identify cloud dimensions. For example, a sales company (i.e., “Consumer” in Contractual Dimension ) has recently shown consistent growth, so it aims to reduce the workload of the organization by migrating the purchase and sales module to cloud computing. The goal is to let suppliers and customers interoperate through this module after exchanging security certificates. The module allows visualizing the available stock and book new orders in real time, without overloading the company infrastructure. This company expects to reduce its total costs by paying a service subscription price (“Pricing”) and to gain flexibility considering unlimited storage and network resources (i.e., “Service Description”). The requirements engineer uses a natural language description (e.g., something similar to the description just provided) as an input to specify the basic needs of his/her system. The engineer maps the terms of the expressed needs to the proposed conceptual model. Then, the conceptual model shows relationships with other concepts, which can be associated to additional dimensions that were not considered in the needs expressed by the requirements engineer at the beginning. For example, “Subscription Price” from the initial description is related to Financial Dimension . “Storage” and “Network” are related to Operational Dimension.
Other classes are implicit in the initial description, such as “Data Security”, “Ethical”, and “Law Regulation” that are linked to “Policy” in Compliance Dimension . At this stage, the requirements engineer can realize that other concepts (e.g., “Measure”, “Unit”, “Current Value”, etc.) in the model are related to his/her needs, and those concepts may have a relevant impact during the cloud service adoption, so he/she should pay considerable attention to them.
Finally, the company relies on the requirements engineering deliverable (e.g., supporting documents and descriptions) produced as a result of the proposed conceptual model. This deliverable helps the company to document initial requirements, to understand cloud services, to manage its dynamic requirements , to find inconsistency and risks, to compare cloud offers of different providers, and to contract the best cloud solution according to the company business goals and mission.
6 Conclusions
Summarizing, requirements engineering for cloud computing was investigated. Some primary studies were selected between 2009 and 2015, and only 26 filtered studies answered the proposed research questions. The literature review presented an overview about the topic and created new concerns about cloud requirements .
Cloud computing may be considered as a multidimensional paradigm, where different activities (i.e., elicitation, analysis, specification, validation/verification, and management), roles (i.e., consumer, provider, broker, auditor, carrier, user, analyst, consultant, manager, engineer, developer), and service dimensions (i.e., contractual, operational, technical, compliance, and financial) are integrated.
The cloud dimensions are explained in this chapter and a conceptual model integrated all of them. It is considered that the service consumer still needs to do some initial modeling and specification, because requirements have to be documented to ensure that the service provider offers exactly what is needed by the consumer. The service consumer should describe the required services, components, or applications using the dimensions. The dimensions are very complete and flexible for adding new features, so they can be the bases for future proposals, models, and ontologies.
Because the requirements change frequently, a streamline is needed. They should be monitored and traced using some traceability mechanisms (i.e., backward-from, forward-from, backward-to, or forward-to). Consequently, the requirements can undergo changes over the time and are normally covered under change management. A simple change in a requirement implies modifications in the parameters, configuration, and components, and the solution may no longer support the necessary functionality. In our future work, the objective is to give support to the complete requirement engineering process for cloud computing, by offering a framework to manage requirements in all dimensions and also support cloud adoption.
References
Wiegers, K., Beatty, J. (2013). Software requirements. Pearson Education.
Repschlaeger, J., Zarnekow, R., Wind, S., Turowski, K. (2012). Cloud Requirement Framework: Requirements and Evaluation Criteria to Adopt Cloud solutions. In European Conference on Information Systems (ECIS) (p. 42).
Zardari, S., Bahsoon, R. (2011). Cloud adoption: a goal-oriented requirements engineering approach. In Proceedings of the 2nd International Workshop on Software Engineering for Cloud Computing (pp. 29–35). ACM.
Todoran, I., Seyff, N., Glinz, M. (2013). How cloud providers elicit consumer requirements: An exploratory study of nineteen companies. In 2013 21st IEEE International Requirements Engineering Conference (RE) (pp. 105–114). IEEE.
Kitchenham, B. (2004). Procedures for performing systematic reviews. Keele, UK, Keele University, 33(2004), 1–26.
Mell, P., Grance, T. (2011). The NIST Definition of Cloud Computing (Draft). NIST Special Publication, 800–145:1–6, 145.
Vaquero, L. M., Rodero-Merino, L., Caceres, J., Lindner, M. (2008). A break in the clouds: towards a cloud definition. ACM SIGCOMM Computer Communication Review, 39(1), 50–55.
Iankoulova, I., Daneva, M. (2012). Cloud computing security requirements: A systematic review. In 2012 Sixth International Conference on Research Challenges in Information Science (RCIS) (pp. 1–7). IEEE.
Abran, A., Bourque, P., Dupuis, R., Moore, J. W. (2001). Guide to the software engineering body of knowledge-SWEBOK. IEEE Press.
Pohl, K. (2010). Requirements engineering: fundamentals, principles, and techniques. Springer Publishing Company, Incorporated.
Flores, F., Mora, M., Álvarez, F., Garza, L., Duran, H. (2010). Towards a systematic service-oriented requirements engineering process (S-SoRE). In International Conference on ENTERprise Information Systems (pp. 111–120). Springer Berlin Heidelberg.
Rimal, B. P., Jukan, A., Katsaros, D., Goeleven, Y. (2011). Architectural requirements for cloud computing systems: an enterprise cloud approach. Journal of Grid Computing, 9(1), 3–26.
Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S. (2013). A framework to support selection of cloud providers based on security and privacy requirements. Journal of Systems and Software, 86(9), 2276–2293.
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I. and Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), pp. 50–58.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation computer systems, 25(6), 599–616.
Schrödl, H., Wind, S. (2011). Requirements engineering for cloud computing. Journal of Communication and Computer, 8(9), 707–715.
Sriram, I., Khajeh-Hosseini, A. (2010). Research agenda in cloud technologies.
Klems, M., Nimis, J., Tai, S. (2008). Do clouds compute? a framework for estimating the value of cloud computing. In Workshop on E-Business (pp. 110–123). Springer Berlin Heidelberg.
Mazher, N., Ashraf, I. (2014). A Systematic Mapping Study on Cloud Computing Security. International Journal of Computer Applications, 89(16):6–9.
El-Gazzar, R. F. (2014). A literature review on cloud computing adoption issues in enterprises. In International Working Conference on Transfer and Diffusion of IT (pp. 214–242). Springer Berlin Heidelberg.
Pfarr, F., Buckel, T., Winkelmann, A. (2014). Cloud Computing Data Protection–A Literature Review and Analysis. In 2014 47th Hawaii International Conference on System Sciences (pp. 5018–5027). IEEE.
Benslimane, Y., Plaisent, M., Bernard, P., Bahli, B. (2014). Key Challenges and Opportunities in Cloud Computing and Implications on Service Requirements: Evidence from a Systematic Literature Review. In Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on (pp. 114–121). IEEE.
Latif, R., Abbas, H., Assar, S., Ali, Q. (2014). Cloud computing risk assessment: a systematic literature review. In Future Information Technology (pp. 285–295). Springer Berlin Heidelberg.
Zapata, B. C., Alemán, J. L. F., Toval, A. (2015). Security in cloud computing: A mapping study. Comput. Sci. Inf. Syst., 12(1), 161–184.
da Silva, F. A. P., Neto, P. A. D. M. S., Garcia, V. C., Assad, R. E., Trinta, F. A. M. (2012). Accounting models for cloud computing: A systematic mapping study. In Proceedings of the International Conference on Grid Computing and Applications (GCA) (pp. 3–9). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).
Abdelmaboud, A., Jawawi, D. N., Ghani, I., Elsafi, A., Kitchenham, B. (2015). Quality of service approaches in cloud computing: A systematic mapping study. Journal of Systems and Software, 101, 159–179.
Lehrig, S., Eikerling, H., Becker, S. (2015). Scalability, elasticity, and efficiency in cloud computing: A systematic literature review of definitions and metrics. In Proceedings of the 11th International ACM SIGSOFT Conference on Quality of Software Architectures (pp. 83–92). ACM.
Jula, A., Sundararajan, E., Othman, Z. (2014). Cloud computing service composition: A systematic literature review. Expert Systems with Applications, 41(8), 3809–3824.
Grance, T., Patt-Corner, R., Voas, J. B. (2012). Cloud Computing Synopsis and Recommendations. NIST Special Publication, 800–146.
Kourtesis, D., Bratanis, K., Friesen, A., Verginadis, Y., Simons, A. J., Rossini, A., Schwichtenberg, A. and Gouvas, P. (2013). Brokerage for quality assurance and optimisation of cloud services: An analysis of key requirements. In International Conference on Service-Oriented Computing (pp. 150–162). Springer International Publishing.
Beckers, K., Côté, I., Goeke, L., Güler, S., Heisel, M. (2014). A structured method for security requirements elicitation concerning the cloud computing domain. International Journal of Secure Software Engineering (IJSSE), 5(2), 20-43.
Jhawar, R., Piuri, V., Samarati, P. (2012). Supporting security requirements for resource management in cloud computing. In Computational Science and Engineering (CSE), 2012 IEEE 15th International Conference on (pp. 170–177). IEEE.
Muller, I., Han, J., Schneider, J. G., Versteeg, S. (2011). Tackling the Loss of Control: Standards-based Conjoint Management of Security Requirements for Cloud Services. In Cloud Computing (CLOUD), 2011 IEEE International Conference on (pp. 573–581). IEEE.
Clarke, R. (2010). User requirements for cloud computing architecture. In Cluster, Cloud and Grid Computing (CCGrid), 2010 10th IEEE/ACM International Conference on (pp. 625–630). IEEE.
Moyano, F., Fernandez-Gago, C., Lopez, J. (2013). A framework for enabling trust requirements in social cloud applications. Requirements Engineering, 18(4), 321–341.
Zhou, X., Yi, L., Liu, Y. (2011). A collaborative requirement elicitation technique for SaaS applications. In Service Operations, Logistics, and Informatics (SOLI), 2011 IEEE International Conference on (pp. 83–88). IEEE.
Beckers, K., Heisel, M., Côté, I., Goeke, L., Güler, S. (2013). Structured pattern-based security requirements elicitation for clouds. In Availability, Reliability and Security (ARES), 2013 Eighth International Conference on (pp. 465–474). IEEE.
Gordon, D. G., Breaux, T. D. (2011). Managing multi-jurisdictional requirements in the cloud: towards a computational legal landscape. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (pp. 83–94). ACM.
Humberg, T., Wessel, C., Poggenpohl, D., Wenzel, S., Ruhroth, T., Jürjens, J. (2013). Using Ontologies to Analyze Compliance Requirements of Cloud-Based Processes. In International Conference on Cloud Computing and Services Science (pp. 36–51). Springer International Publishing.
Kousiouris, G., Vafiadis, G., Corrales, M. (2013). A Cloud provider description schema for meeting legal requirements in cloud federation scenarios. In Conference on e-Business, e-Services and e-Society (pp. 61–72). Springer Berlin Heidelberg.
Beckers, K., Côté, I., Goeke, L. (2014). A catalog of security requirements patterns for the domain of cloud computing systems. In Proceedings of the 29th Annual ACM Symposium on Applied Computing (pp. 337–342). ACM.
Ficco, M., Palmieri, F., Castiglione, A. (2015). Modeling security requirements for cloud based system development. Concurrency and Computation: Practice and Experience, 27(8), 2107–2124.
Guesmi, A., Clemente, P. (2013). Access control and security properties requirements specification for clouds’ seclas. In Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on (Vol. 1, pp. 723–729). IEEE.
Kalloniatis, C., Mouratidis, H., Islam, S. (2013). Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Engineering, 18(4), 299–319.
Liccardo, L., Rak, M., Di Modica, G., Tomarchio, O. (2012). Ontology-based Negotiation of security requirements in cloud. In Computational Aspects of Social Networks (CASoN), 2012 Fourth International Conference on (pp. 192–197). IEEE.
Naveed, R., Abbas, H. (2014). Security Requirements Specification Framework for Cloud Users. In Future Information Technology (pp. 297–305). Springer Berlin Heidelberg.
Sun, Y. L., Harmer, T., Stewart, A. (2012). Specifying cloud application requirements: an ontological approach. In International Conference on Cloud Computing (pp. 82–91). Springer International Publishing.
Tariq, A., Khan, S. A., Iftikhar, S. (2014). Requirements Engineering process for Software-as-a-Service (SaaS) cloud environment. In Emerging Technologies (ICET), 2014 International Conference on (pp. 13–18). IEEE.
Iwashita, M., Tanimoto, S., Fujinoki, Y. (2013). Approaches to analyze requirements of billing management for cloud computing services. In Computer and Information Science (ICIS), 2013 IEEE/ACIS 12th International Conference on (pp. 17–22). IEEE.
Vassev, E., Hinchey, M. (2014). Autonomy requirements engineering for self-adaptive science clouds. In Parallel & Distributed Processing Symposium Workshops (IPDPSW), 2014 IEEE International (pp. 1344–1353). IEEE.
Bochicchio, M. A., Longo, A., Mansueto, C. (2011). Cloud services for SMEs: Contract Management’s requirements specification. In 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops (pp. 145–152). IEEE.
Brereton, P., Kitchenham, B. A., Budgen, D., Turner, M., Khalil, M. (2007). Lessons from applying the systematic literature review process within the software engineering domain. Journal of systems and software, 80(4), 571–583.
Repschlaeger, J., Wind, S., Zarnekow, R., Turowski, K. (2012). A reference guide to cloud computing dimensions: infrastructure as a service classification framework. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 2178–2188). IEEE.
Pichan, A., Lazarescu, M., Soh, S. T. (2015). Cloud forensics: technical challenges, solutions and comparative analysis. Digital Investigation, 13, 38–57.
Carroll, M., Van Der Merwe, A., Kotze, P. (2011). Secure cloud computing: Benefits, risks and controls. In 2011 Information Security for South Africa (pp. 1–9). IEEE.
Andrikopoulos, V., Binz, T., Leymann, F., Strauch, S. (2013). How to adapt applications for the Cloud environment. Computing, 95(6), 493–535.
Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D. (2011). NIST cloud computing reference architecture. NIST special publication, 500(2011), 292.
Zalazar, A. S., Rodriguez, S., Ballejos, L. C. (2015). Handling Dynamic Requirements in Cloud Computing. In Simposio Argentino de Ingeniería de Software (ASSE 2015)-JAIIO 44 (Rosario, 2015).
Heilig, L., Voß, S. (2014). Decision analytics for cloud computing: a classification and literature review. Tutorials in Operations Research–Bridging Data and Decisions, 1–26.
Bao, D., Xiao, Z., Sun, Y., Zhao, J. (2010). A method and framework for quality of cloud services measurement. In 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE) (Vol. 5, pp. V5–358). IEEE.
Boampong, P. A., Wahsheh, L. A. (2012). Different facets of security in the cloud. In Proceedings of the 15th Communications and Networking Simulation Symposium (p. 5). Society for Computer Simulation International.
Rimal, B. P., Choi, E., Lumb, I. (2010). A taxonomy, survey, and issues of cloud computing ecosystems. In Cloud Computing (pp. 21–46). Springer London.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Zalazar, A.S., Ballejos, L., Rodriguez, S. (2017). Analyzing Requirements Engineering for Cloud Computing. In: Ramachandran, M., Mahmood, Z. (eds) Requirements Engineering for Service and Cloud Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-51310-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-51310-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51309-6
Online ISBN: 978-3-319-51310-2
eBook Packages: Computer ScienceComputer Science (R0)