Building a security reference architecture for cloud systems
TL;DR: This work proposes here a method to build a SRA for clouds defined using UML models and patterns, which goes beyond existing models in providing a global view and a more precise description, and presents a metamodel as well as security and misuse patterns for this purpose.
Abstract: Reference architectures (RAs) are useful tools to understand and build complex systems, and many cloud providers and software product vendors have developed versions of them. RAs describe at an abstract level (no implementation details) the main features of their cloud systems. Security is a fundamental concern in clouds and several cloud vendors provide security reference architectures (SRAs) to describe the security features of their services. A SRA is an abstract architecture describing a conceptual model of security for a cloud system and provides a way to specify security requirements for a wide range of concrete architectures. We propose here a method to build a SRA for clouds defined using UML models and patterns, which goes beyond existing models in providing a global view and a more precise description. We present a metamodel as well as security and misuse patterns for this purpose. We validate our approach by showing that it can describe more precisely existing models and that it has a variety of uses. We describe in detail one of these uses, a way of evaluating the security level of a SRA.
Citations
More filters
TL;DR: In this paper, the state of the art of privacy-preserving schemes for ad hoc social networks including mobile social networks (MSNs) and vehicular social network (VSNs) is reviewed.
Abstract: We review the state of the art of privacy-preserving schemes for ad hoc social networks including mobile social networks (MSNs) and vehicular social networks (VSNs). Specifically, we select and examine in-detail 33 privacy-preserving schemes developed for or applied in the context of ad hoc social networks. Based on novel schemes published between 2008 and 2016, we survey privacy preservation models including location privacy, identity privacy, anonymity, traceability, interest privacy, backward privacy, and content oriented privacy. Recent significant attacks of leaking privacy, countermeasures, and game theoretic approaches in VSNs and MSNs are summarized in the form of tables. In addition, an overview of recommendations for further research is provided. With this survey, readers can acquire a thorough understanding of research trends in privacy-preserving schemes for ad hoc social networks.
112 citations
Posted Content•
TL;DR: This survey selects and examines in-detail 33 privacy-preserving schemes developed for or applied in the context of ad hoc social networks and surveys privacy preservation models including location privacy, identity privacy, anonymity, traceability, interest privacy, backward privacy, and content oriented privacy.
Abstract: In this paper, we review the state of the art of privacy-preserving schemes for ad hoc social networks, including, mobile social networks (MSNs) and vehicular social networks (VSNs). Specifically, we select and in-detail examine thirty-three privacy preserving schemes developed for or applied in the context of ad hoc social networks. These schemes are published between 2008 and 2016. Based on this existing privacy preservation schemes, we survey privacy preservation models, including location privacy, identity privacy, anonymity, traceability, interest privacy, backward privacy, and content oriented privacy. The recent important attacks of leaking privacy, countermeasures, and game theoretic approaches in VSNs and MSNs are summarized in form of tables. In addition, an overview of recommendations for further research is also provided. With this survey, readers can have a more thorough understanding of research trends in privacy-preserving schemes for ad hoc social networks
70 citations
07 Apr 2016
TL;DR: This work presents a pattern for fog computing which describes its architecture, including its computing, storage and networking services, and includes most of the functionality found in current fog architectures.
Abstract: Fog Computing is a new variety of the cloud computing paradigm that brings virtualized cloud services to the edge of the network to control the devices in the IoT. We present a pattern for fog computing which describes its architecture, including its computing, storage and networking services. Fog computing is implemented as an intermediate platform between end devices and cloud computing data centers. The recent popularity of the Internet of Things (IoT) has made fog computing a necessity to handle a variety of devices. It has been recognized as an important platform to provide efficient, location aware, close to the edge, cloud services. Our model includes most of the functionality found in current fog architectures.
40 citations
Cites background from "Building a security reference archi..."
...Figure 1 shows a partial cloud ecosystem where the Cloud RA is the core pattern and Cloud Security RA (SRA) adds security patterns to it [Fernandez et al. 2015]....
[...]
...Cloud Security Reference Architecture [Fernandez et al. 2015] describes a security cloud reference architecture....
[...]
TL;DR: The lack of reference architectures and relevant patterns makes compliance harder than it should be, and some guidelines are given about what this architecture and its corresponding patterns should contain.
Abstract: Features such as elasticity, scalability, universal access, low entry cost, and flexible billing motivate consumers to migrate their core businesses to the cloud. However, in doing so there are challenges about security, privacy, and compliance. Businesses are pressured to comply with regulations depending on their service types; for example, in the US government agencies are required to comply with FISMA, healthcare organizations are required to comply with HIPAA; public retail companies must to comply with SOX and PCI. We survey work on compliance issues and we conclude that the lack of reference architectures and relevant patterns makes compliance harder than it should be. We also explore current industrial trends of compliance approaches. We end by summarizing compliance issues and give some guidelines about what this architecture and its corresponding patterns should contain.
40 citations
TL;DR: A comprehensive state-of-the-art survey of security solutions for distributed publish/subscribe systems, focusing on solutions taking the form of concrete security architectures, providing a distinct perspective on a rapidly growing area of research.
37 citations
Cites background from "Building a security reference archi..."
...Besides providing a “vertical” dimension to the reviews as mentioned already, these brief analyses serve the dual purpose of summaries and evaluations with respect to the threats the security solutions address (cf. (Dikanski et al., 2010; Fernandez et al., 2015))....
[...]
References
More filters
Book•
01 Jan 1996TL;DR: Patterns.
Abstract: Patterns. Architectural Patterns. Design Patterns. Idioms. Pattern Systems. Patterns and Software Architecture. The Pattern Community. Where Will Patterns Go? Notations. Glossary. References. Index of Patterns.
2,639 citations
TL;DR: A definition and a classification framework for architecture description languages are presented and the utility of the definition is demonstrated by using it to differentiate ADLs from other modeling notations, enabling us, in the process, to identify key properties ofADLs.
Abstract: Software architectures shift the focus of developers from lines-of-code to coarser-grained architectural elements and their overall interconnection structure. Architecture description languages (ADLs) have been proposed as modeling notations to support architecture-based development. There is, however, little consensus in the research community on what is an ADL, what aspects of an architecture should be modeled in an ADL, and which of several possible ADLs is best suited for a particular problem. Furthermore, the distinction is rarely made between ADLs on one hand and formal specification, module interconnection, simulation and programming languages on the other. This paper attempts to provide an answer to these questions. It motivates and presents a definition and a classification framework for ADLs. The utility of the definition is demonstrated by using it to differentiate ADLs from other modeling notations. The framework is used to classify and compare several existing ADLs, enabling us, in the process, to identify key properties of ADLs. The comparison highlights areas where existing ADLs provide extensive support and those in which they are deficient, suggesting a research agenda for the future.
2,148 citations
01 Jul 2007
TL;DR: Technology and approaches that unify the principles and concepts of SOA with those of event-based programing are reviewed and an approach to extend the conventional SOA to cater for essential ESB requirements that include capabilities such as service orchestration, “intelligent” routing, provisioning, integrity and security of message as well as service management is proposed.
Abstract: Service-oriented architectures (SOA) is an emerging approach that addresses the requirements of loosely coupled, standards-based, and protocol- independent distributed computing. Typically business operations running in an SOA comprise a number of invocations of these different components, often in an event-driven or asynchronous fashion that reflects the underlying business process needs. To build an SOA a highly distributable communications and integration backbone is required. This functionality is provided by the Enterprise Service Bus (ESB) that is an integration platform that utilizes Web services standards to support a wide variety of communications patterns over multiple transport protocols and deliver value-added capabilities for SOA applications. This paper reviews technologies and approaches that unify the principles and concepts of SOA with those of event-based programing. The paper also focuses on the ESB and describes a range of functions that are designed to offer a manageable, standards-based SOA backbone that extends middleware functionality throughout by connecting heterogeneous components and systems and offers integration services. Finally, the paper proposes an approach to extend the conventional SOA to cater for essential ESB requirements that include capabilities such as service orchestration, "intelligent" routing, provisioning, integrity and security of message as well as service management. The layers in this extended SOA, in short xSOA, are used to classify research issues and current research activities.
2,035 citations
"Building a security reference archi..." refers background or methods in this paper
...They use patterns such as Adapters and Enterprise Service Bus....
[...]
...Producing a concrete architecture using XML web services and an Enterprise Service Bus [66] is a good demonstration of the value of our SRA....
[...]
...• Service Broker (or cloud broker)—trusted parties that combine services from different SPs and enforce regulations and practices [8, 66]....
[...]
Book•
05 Nov 2002
TL;DR: This book discusses the evolution of Layers in Enterprise Applications, Concurrency Problems, and Object-Relational Behavioral Patterns, as well as some Technology-Specific Advice.
Abstract: Preface. Who This Book Is For. Acknowledgements. Colophon. Introduction. Architecture. Enterprise Applications. Kinds of Enterprise Application. Thinking About Performance. Patterns. The Structure of the Patterns. Limitations of These Patterns. I. THE NARRATIVES. 1. Layering. The Evolution of Layers in Enterprise Applications. The Three Principal Layers. Choosing Where to Run Your Layers. 2. Organizing Domain Logic. Making a Choice. Service Layer. 3. Mapping to Relational Databases. Architectural Patterns. The Behavioral Problem. Reading in Data Structural Mapping Patterns. Mapping Relationships. Inheritance. Building the Mapping. Double Mapping. Using Metadata. Database Connections. Some Miscellaneous Points. Further Reading. 4. Web Presentation. View Patterns. Input Controller Patterns. Further Reading. 5. Concurrency (by Martin Fowler and David Rice). Concurrency Problems. Execution Contexts. Isolation and Immutability. Optimistic and Pessimistic Concurrency Control. Preventing Inconsistent Reads. Deadlocks. Transactions. ACID. Transactional Resources. Reducing Transaction Isolation for Liveness. Business and System Transactions. Patterns for Offline Concurrency Control. Application Server Concurrency. Further Reading. 6. Session State. The Value of Statelessness. Session State. Ways to Store Session State. 7. Distribution Strategies. The Allure of Distributed Objects. Remote and Local Interfaces. Where You Have to Distribute. Working with the Distribution Boundary. Interfaces for Distribution. 8. Putting it all Together. Starting With the Domain Layer. Down to the Data Source. Data Source for Transaction Script. Data Source Table Module (125). Data Source for Domain Model (116). The Presentation Layer. Some Technology-Specific Advice. Java and J2EE. .NET. Stored Procedures. Web Services. Other Layering Schemes. II. THE PATTERNS. 9. Domain Logic Patterns. Transaction Script. How It Works. When to Use It. The Revenue Recognition Problem. Example: Revenue Recognition (Java). Domain Model. How It Works. When to Use It. Further Reading. Example: Revenue Recognition (Java). Table Module. How It Works. When to Use It. Example: Revenue Recognition with a Table Module (C#). Service Layer(by Randy Stafford). How It Works. When to Use It. Further Reading. Example: Revenue Recognition (Java). 10. Data Source Architectural Patterns. Table Data Gateway. How It Works. When to Use It. Further Reading. Example: Person Gateway (C#). Example: Using ADO.NET Data Sets (C#). Row Data Gateway. How It Works. When to Use It. Example: A Person Record (Java). Example: A Data Holder for a Domain Object (Java). Active Record. How It Works. When to Use It. Example: A Simple Person (Java). Data Mapper. How It Works. When to Use It. Example: A Simple Database Mapper (Java). Example: Separating the Finders (Java). Example: Creating an Empty Object (Java). 11. Object-Relational Behavioral Patterns. Unit of Work. How It Works. When to Use It. Example: Unit of Work with Object Registration (Java) (by David Rice). Identity Map. How It Works. When to Use It. Example: Methods for an Identity Map (Java). Lazy Load. How It Works. When to Use It. Example: Lazy Initialization (Java). Example: Virtual Proxy (Java). Example: Using a Value Holder (Java). Example: Using Ghosts (C#). 12. Object-Relational Structural Patterns. Identity Field. How It Works. When to Use It. Further Reading. Example: Integral Key (C#). Example: Using a Key Table (Java). Example: Using a Compound Key (Java). Foreign Key Mapping. How It Works. When to Use It. Example: Single-Valued Reference (Java). Example: Multitable Find (Java). Example: Collection of References (C#). Association Table Mapping. How It Works. When to Use It. Example: Employees and Skills (C#). Example: Using Direct SQL (Java). Example: Using a Single Query for Multiple Employees (Java) (by Matt Foemmel and Martin Fowler). Dependent Mapping. How It Works. When to Use It. Example: Albums and Tracks (Java). Embedded Value. How It Works. When to Use It. Further Reading. Example: Simple Value Object (Java). Serialized LOB. How It Works. When to Use It. Example: Serializing a Department Hierarchy in XML (Java). Single Table Inheritance. How It Works. When to Use It. Example: A Single Table for Players (C#). Loading an Object from the Database. Class Table Inheritance. How It Works. When to Use It. Further Reading. Example: Players and Their Kin (C#). Concrete Table Inheritance. How It Works. When to Use It. Example: Concrete Players (C#). Inheritance Mappers. How It Works. When to Use It. 13. Object-Relational Metadata Mapping Patterns. Metadata Mapping. How It Works. When to Use It. Example: Using Metadata and Reflection (Java). Query Object. How It Works. When to Use It. Further Reading. Example: A Simple Query Object (Java). Repository (by Edward Hieatt and Rob Mee). How It Works. When to Use It. Further Reading. Example: Finding a Person's Dependents (Java). Example: Swapping Repository Strategies (Java). 14. Web Presentation Patterns. Model View Controller. How It Works. When to Use It. Page Controller. How It Works. When to Use It. Example: Simple Display with a Servlet Controller and a JSP View (Java). Example: Using a JSP as a Handler (Java). Example: Page Handler with a Code Behind (C#). Front Controller. How It Works. When to Use It. Further Reading. Example: Simple Display (Java). Template View. How It Works. When to Use It. Example: Using a JSP as a View with a Separate Controller (Java). Example: ASP.NET Server Page (C#). Transform View. How It Works. When to Use It. Example: Simple Transform (Java). Two Step View. How It Works. When to Use It. Example: Two Stage XSLT (XSLT). Example: JSP and Custom Tags (Java). Application Controller. How It Works. When to Use It. Further Reading. Example: State Model Application Controller (Java). 15. Distribution Patterns. Remote Facade. How It Works. When to Use It. Example: Using a Java Session Bean as a Remote Facade (Java). Example: Web Service (C#). Data Transfer Object. How It Works. When to Use It. Further Reading. Example: Transferring Information about Albums (Java). Example: Serializing Using XML (Java). 16. Offline Concurrency Patterns. Optimistic Offline Lock (by David Rice). How It Works. When to Use It. Example: Domain Layer with Data Mappers (165) (Java). Pessimistic Offline Lock (by David Rice). How It Works. When to Use It. Example: Simple Lock Manager (Java). Coarse-Grained Lock (by David Rice and Matt Foemmel). How It Works. When to Use It. Example: Shared Optimistic Offline Lock (416) (Java). Example: Shared Pessimistic Offline Lock (426) (Java). Example: Root Optimistic Offline Lock (416) (Java). Implicit Lock (by David Rice). How It Works. When to Use It. Example: Implicit Pessimistic Offline Lock (426) (Java). 17. Session State Patterns. Client Session State. How It Works. When to Use It. Server Session State. How It Works. When to Use It. Database Session State. How It Works. When to Use It. 18. Base Patterns. Gateway. How It Works. When to Use It. Example: A Gateway to a Proprietary Messaging Service (Java). Mapper. How It Works. When to Use It. Layer Supertype. How It Works. When to Use It. Example: Domain Object (Java). Separated Interface. How It Works. When to Use It. Registry. How It Works. When to Use It. Example: A Singleton Registry (Java). Example: Thread-Safe Registry (Java) (by Matt Foemmel and Martin Fowler). Value Object. How It Works. When to Use It. Money. How It Works. When to Use It. Example: A Money Class (Java) (by Matt Foemmel and Martin Fowler). Special Case. How It Works. When to Use It. Further Reading. Example: A Simple Null Object (C#). Plugin (by David Rice and Matt Foemmel). How It Works. When to Use It. Example: An Id Generator (Java). Service Stub (by David Rice). How It Works. When to Use It. Example: Sales Tax Service (Java). Record Set. How It Works. When to Use It. References Index. 0321127420T10162002
1,922 citations
"Building a security reference archi..." refers background in this paper
...Enterprise patterns refer to problems at the enterprise level, including middleware and database aspects [27]....
[...]