Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter


Decision Framework Model for Cloud Based System Migration

The increasing distribution of cloud services comes with significant benefits but also substantial risks to privacy and security. The goal of this project was to develop a decision framework model regarding the adaption of and the migration to cloud-based systems into existing infrastructure.

Project Outline & Findings

We created a taxonomy of social engineering attacks to classify attacks. Social Engineering is one the most important attack vectors against “knowledge workers”. Moreover, it is important to understand how social engineering attack scenarios differ when system infrastructure components are migrated into the cloud. In addition, we looked at important components such as the network work infrastructure to build components of the decision framework and a process for migration and autonomic management. We then extended extends the state of the art by providing insights into the migration needs and risks that that hinder cloud migration in a corporate environment.

Based on these finding we developed a software prototype to support an effective, fast and well-informed decision based on the risks of a migration to the cloud. The tool also estimates risks and determines cost associated with specific requirements.

We finally evaluated both the theoretical framework and the prototype implementation in two real-world use cases industrial contexts by applying both Theo case study research method and action research.


  • Krombholz, Katharina, Heidelinde Hobel, Markus Huber, and Edgar Weippl. “Social engineering attacks on the knowledge worker.” In Proceedings of the 6th International Conference on Security of Information and Networks, pp. 28-35. ACM, 2013. (Green OA)
    DOI 10.1145/2523514.2523596
  • Krombholz, Katharina, Heidelinde Hobel, Markus Huber, and Edgar Weippl. “Advanced social engineering attacks.” In Journal of Information Security and applications 22 (2015): pp.113-122. (Green OA)
    DOI 10.1016/j.jisa.2014.09.005
  • Ullrich, Johanna, Katharina Krombholz, Heidelinde Hobel, Adrian Dabrowski, and Edgar R. Weippl. “IPv6 Security: Attacks and Countermeasures in a Nutshell.” In WOOT. 2014.
  • Ismail, Umar Mukhtar, Shareeful Islam, Moussa Ouedraogo, and Edgar Weippl. “A Framework for Security Transparency in Cloud Computing.” In Future Internet 8, no. 1 (2016): 5 (Gold OA)
    DOI 10.3390/fi8010005
  • Islam, Shareeful, Moussa Ouedraogo, Christos Kalloniatis, Haralambos Mouratidis, and Stefanos Gritzalis. “Assurance of Security and Privacy Requirements for Cloud Deployment Model.” IEEE Transactions on Cloud Computing (2015). (Green OA)
    DOI 10.1109/TCC.2015.2511719
  • Rahman, Alifah Aida Lope Abdul, and Shareeful Islam. “Sustainability forecast for cloud migration.” In Maintenance and Evolution of Service-Oriented and Cloud-Based Environments (MESOCA), 2015 IEEE 9th International Symposium on the, pp. 31-35. IEEE, 2015. (Green OA)
    DOI 10.1109/MESOCA.2015.7328123
  • Islam, Shareeful, Edgar R. Weippl, and Katharina Krombholz. “A decision framework model for migration into cloud: Business, application, security and privacy perspectives.” In Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services, pp. 185-189. ACM, 2014. (Green OA)
  • Islam, Shareeful, Haralambos Mouratidis, and Edgar R. Weippl. “An empirical study on the implementation and evaluation of a goal-driven software development risk management model.” In Information and Software Technology 56, no. 2 (2014): pp. 117-133. (Green OA)

Further Information


This project was funded by the Austrian Science Fund (FWF) P 26289-N23.