Adaptable, model-driven security engineering for SaaS cloud-based applications
01 Apr 2014-Vol. 21, Iss: 2, pp 187-224
TL;DR: This work introduces a novel model-driven security engineering approach based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime.
Abstract: Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple "tenants" of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants--i.e. multi-tenancy--increases tenants' concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants' needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants' security requirements. We use abstract models to capture service provider and multiple tenants' security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.
Citations
More filters
TL;DR: A comprehensive and detailed study and survey of the state of art techniques and mechanisms in this field are provided and the most important data replication mechanisms in cloud environments are discussed.
127 citations
TL;DR: A new hybrid method is proposed for efficient service composition in the cloud computing where the agent-based method is used to compose services by identifying the QoS parameters and the particle swarm optimization (PSO) algorithm is employed for selecting the best services based on fitness function.
Abstract: Cloud computing as a new computing paradigm has a great capacity for storing and accessing the remote data and services. Presently, many organizations decide to reduce the burden of local resources and support them by outsourcing the resources to the cloud. Typically, scalable resources are provided as services over the Internet. The way of choosing appropriate services in the cloud computing is done by determining the different Quality of Service (QoS) parameters to perform optimized resource allocation. Therefore, service composition as a developing approach combines the existing services to increase the number of cloud applications. Independent services can be integrated into complex composited services through service composition. In this paper, a new hybrid method is proposed for efficient service composition in the cloud computing. The agent-based method is also used to compose services by identifying the QoS parameters and the particle swarm optimization (PSO) algorithm is employed for selecting the best services based on fitness function. The simulation results have shown the performance of the method in terms of reducing the combined resources and waiting time.
117 citations
TL;DR: A taxonomy is defined and used to compare the main approaches and research outcomes in the area during the last decade and including ancestor research initiatives to identify the underlying research gaps and to elaborate on the corresponding research challenges.
Abstract: More than a decade ago, the research topic models@run.time was coined. Since then, the research area has received increasing attention. Given the prolific results during these years, the current outcomes need to be sorted and classified. Furthermore, many gaps need to be categorized in order to further develop the research topic by experts of the research area but also newcomers. Accordingly, the paper discusses the principles and requirements of models@run.time and the state of the art of the research line. To make the discussion more concrete, a taxonomy is defined and used to compare the main approaches and research outcomes in the area during the last decade and including ancestor research initiatives. We identified and classified 275 papers on models@run.time, which allowed us to identify the underlying research gaps and to elaborate on the corresponding research challenges. Finally, we also facilitate sustainability of the survey over time by offering tool support to add, correct and visualize data.
85 citations
TL;DR: To solve the load-balancing problem in the cloud environments, the advantages and disadvantage of the nature-inspired meta-heuristic algorithms have been analyzed and their significant challenges are considered for proposing the techniques that are more effective in the future.
70 citations
References
More filters
Book•
01 Jan 2001
TL;DR: In almost 600 pages of riveting detail, Ross Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables.
Abstract: Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about. Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
1,852 citations
"Adaptable, model-driven security en..." refers background in this paper
...Software security engineering aims to develop secure systems that remain dependable in the face of attacks (Anderson 2001)....
[...]
...3.1 Design time security engineering Software security engineering aims to develop secure systems that remain dependable in the face of attacks (Anderson 2001)....
[...]
TL;DR: The software engineering baccalaureate program consists of a rigorous curriculum of science, math, computer science, and software engineering courses.
Abstract: Software engineers work on multidisciplinary teams to identify and develop software solutions and to maintain software intensive systems of all sizes. The focus of this program is on the rigorous engineering practices necessary to build, maintain, and protect modern software intensive systems. Consistent with this focus, the software engineering baccalaureate program consists of a rigorous curriculum of science, math, computer science, and software engineering courses.
1,124 citations
07 Apr 2003
TL;DR: It is shown that this can lead to anomalous behaviour, and in particular that it is not possible to model recursive calls, in which an object receives a second message whilst still in the process of reacting to the first.
Abstract: One of the principal uses of UML is the modelling of synchronous object-oriented software systems, in which the behaviour of each of several classes is modelled using a state diagram. UML permits a transition of the state diagram to show both the event which causes the transition (typically, the fact that the object receives a message) and the object's reaction (typically, the fact that the object sends a message). UML's semantics for state diagrams is "run to completion". We show that this can lead to anomalous behaviour, and in particular that it is not possible to model recursive calls, in which an object receives a second message whilst still in the process of reacting to the first. Drawing on both ongoing work by the UML2.0 submitters and recent theoretical work [1, 6], we propose a solution to this problem using state diagrams in two complementary ways.
1,050 citations
TL;DR: The approach is based on role-based access control with additional support for specifying authorization constraints and can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.
Abstract: We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UMLcan be used to specify information related to access control in the overall design of an application and how this information can be used to automatically generate complete access control infrastructures. Our approach can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.
862 citations
"Adaptable, model-driven security en..." refers background or methods in this paper
...By its very nature, this leads quickly to systems with builtin (hardcoded) security capabilities that are often hard to modify (Lodderstedt et al. 2002)....
[...]
...SecureUML (Lodderstedt et al. 2002) provides a meta-model to design RBAC policies of target systems....
[...]
TL;DR: In this article, a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines, is presented, which extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.
Abstract: Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.
662 citations