Journal ArticleDOI
Building a security reference architecture for cloud systems
Reads0
Chats0
TLDR
This work proposes here a method to build a SRA for clouds defined using UML models and patterns, which goes beyond existing models in providing a global view and a more precise description, and presents a metamodel as well as security and misuse patterns for this purpose.Abstract:
Reference architectures (RAs) are useful tools to understand and build complex systems, and many cloud providers and software product vendors have developed versions of them. RAs describe at an abstract level (no implementation details) the main features of their cloud systems. Security is a fundamental concern in clouds and several cloud vendors provide security reference architectures (SRAs) to describe the security features of their services. A SRA is an abstract architecture describing a conceptual model of security for a cloud system and provides a way to specify security requirements for a wide range of concrete architectures. We propose here a method to build a SRA for clouds defined using UML models and patterns, which goes beyond existing models in providing a global view and a more precise description. We present a metamodel as well as security and misuse patterns for this purpose. We validate our approach by showing that it can describe more precisely existing models and that it has a variety of uses. We describe in detail one of these uses, a way of evaluating the security level of a SRA.read more
Citations
More filters
Book ChapterDOI
Cloud Computing Security Services to Mitigate DDoS Attacks
Akashdeep Bhardwaj,Sam Goundar +1 more
Proceedings ArticleDOI
Preventing and unifying threats in cyberphysical systems
TL;DR: It is intended to show that many of the threats identified are similar in effect and can be prevented in similar ways and that threat patterns are a better attack description than other models.
Journal ArticleDOI
Abstract security patterns and the design of secure systems
TL;DR: In this article , abstract security patterns (ASPs) describe a conceptual security mechanism that includes functions able to stop or mitigate a threat or comply with a regulation or institutional policy, which can be used to secure an application, as well as derive concrete patterns from them.
Journal ArticleDOI
Context Analysis of Cloud Computing Systems Using a Pattern-Based Approach
TL;DR: A pattern at the time of design systematic context analysis and scope definition for risk management methods is presented and the results of the context analysis contribute to the transparency of the achieved security and privacy level of a cloud computing service.
Book ChapterDOI
Enhanced Image Based Authentication with Secure Key Exchange Mechanism Using ECC in Cloud
TL;DR: Proposed scheme resolves existing issues of Image based Authentication with Secure key Exchange Mechanism and implements Captcha to detect machine user and Elliptic Curve Cryptography (ECC) for secure key exchange.
References
More filters
Journal ArticleDOI
A classification and comparison framework for software architecture description languages
TL;DR: A definition and a classification framework for architecture description languages are presented and the utility of the definition is demonstrated by using it to differentiate ADLs from other modeling notations, enabling us, in the process, to identify key properties ofADLs.
Journal ArticleDOI
Service oriented architectures: approaches, technologies and research issues
TL;DR: Technology and approaches that unify the principles and concepts of SOA with those of event-based programing are reviewed and an approach to extend the conventional SOA to cater for essential ESB requirements that include capabilities such as service orchestration, “intelligent” routing, provisioning, integrity and security of message as well as service management is proposed.
Book
Patterns of Enterprise Application Architecture
TL;DR: This book discusses the evolution of Layers in Enterprise Applications, Concurrency Problems, and Object-Relational Behavioral Patterns, as well as some Technology-Specific Advice.