Adaptable, model-driven security engineering for SaaS cloud-based applications

Automated Software Engineering

Volumn 21, Issue 2, 2014, Pages 187-224

  Almorsy, Mohamed ^a   Grundy, John ^a   Ibrahim, Amani S ^a  

^a SWINBURNE UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Adaptive security; Model driven engineering; Security engineering; Software as a service; Tenant oriented security

Indexed keywords

SECURITY SYSTEMS;

ADAPTIVE SECURITY; MODEL-DRIVEN ENGINEERING; SECURITY ENGINEERING; SOFTWARE-AS-A-SERVICE; TENANT-ORIENTED SECURITY;

SOFTWARE AS A SERVICE (SAAS);

EID: 84898843700     PISSN: 09288910     EISSN: 15737535     Source Type: Journal    
DOI: 10.1007/s10515-013-0133-z     Document Type: Article

References (40)

1. Akai, S., Chiba, S.: Extending AspectJ for Separating Regions. ACM, New York (2009)
2. Almorsy, M., Grundy, J., Mueller, I.: An analysis of the cloud computing security problem. In: Proc. of 2010 Asia Pacific Cloud Workshop, Colocated with APSEC, Sydney, Australia (2010)
3. Almorsy, M., Grundy, J., Ibrahim, A.S.: Supporting automated software re-engineering using re-aspects. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering ASE 2012, New York, NY, USA, 2012, pp. 230-233. ACM, New York (2012)
4. Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, New York (2001)
5. Bauer, A., Jürjens, J.: Security protocols, properties, and their monitoring. In: Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, SESS '08. New York, NY, USA, 2008. pp. 33-40. ACM, New York (2008)
6. Blair, G., Bencomo, N., Frame, R.B.: Models@run.time. IEEE Comput., 22-27 (2009)
7. Brock, M., Goscinski, A.: Toward a framework for cloud security algorithms and architectures for parallel processing. In: Lecture Notes in Computer Science, vol. 6082, pp. 254-263. Springer, Berlin (2010)
8. Cai, H., Zhang, K., Zhou, M.J., Gong, W., Cai, J.J., Mao, X.S.: An end-to-end methodology and toolkit for fine granularity SaaS-ization. In: 2009 IEEE International Conference on Cloud Computing, 21-25 Sept. 2009, pp. 101-108 (2009)
9. Cai, H., Wang, N., Zhou, M.J.: A transparent approach of enabling SaaS multi-tenancy in the cloud. In: 2010 6th World Congress on Services, 5-10 July 2010, pp. 40-47 (2010)
10. Chinchani, R., Iyer, A., Ngo, H., Upadhyaya, S.: A target-centric formal model for insider threat and more. Technical Report 2004-16, University of Buffalo, US (2004)
11. Elkhodary, A., Whittle, J.: A survey of approaches to adaptive application security. In: International Workshop on Software Engineering for Adaptive and Self-Managing Systems, pp. 1-16 (2007)
12. Guo, C.J., Sun, W., Huang, Y., Wang, Z.H., Gao, B.: A framework for native multi-tenancy application development and management. In: The 9th IEEE International Conference on E-Commerce Technology and 4th IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services, 2007. CEC/EEE 2007, 23-26 July 2007, pp. 551-558 (2007)
13. Hafner, M., Memon, M., Breu, R.: Seaas - a reference architecture for security services in soa. J. Univers. Comput. Sci. 15, 2916-2936 (2009)
14. Hashii, B., Malabarba, S., Pandey, R., Bishop, M.: Supporting Reconfigurable Security Policies for Mobile Programs. North-Holland Publishing Co., Amsterdam (2000)
15. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering dac, mac and rbac. In: Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, pp. 41-55 (2012)
16. Johansen, R., Stephan, S., Peter, S.: Yiihaw.net aspect weaver usage guide. http://www.itu.dk/∼sestoft/papers/yiihaw-usage-guide.pdf (2007)
17. Jürjens, J.: Towards development of secure systems using UMLsec. In: Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science, vol. 2029, pp. 187-200. Springer, Berlin (2001)
18. Jürjens, J., Wimmel, G.: Formally testing fail-safety of electronic purse protocols. In: Proceedings. 16th Annual International Conference on Automated Software Engineering, Nov. 2001, pp. 408-411 (2001)
19. Lamsweerde, A., Brohez, S., et al.: System goals to intruder anti-goals: attack generation and resolution for security requirements engineering. In: Proc. of the 3rd Workshop on Requirements for High Assurance Systems, Monterey, 2003, pp. 49-56. ACM, New York (2003)
20. Liu, L., Yu, E., Mylopoulos, J.: Secure i*: engineering secure software systems through social analysis. Int. J. Softw. Inf. 3, 89-120 (2009)
21. Lodderstedt, T., Basin, D., Doser, J.: Secureuml: a uml-based modeling language for model-driven security. In: The 5th International Conference on the Unified Modeling Language, Dresden, Germany, 2002, vol. 2460, pp. 426-441. Springer, Berlin (2002)
22. Mead, N., Stehney, T.: Security Quality Requirements Engineering (Square) Methodology. ACM, New York (2005)
23. Mellado, D., Fernández-Medina, E., Piattini, M.: Applying a security requirements engineering process. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) Computer Security - ESORICS 2006. Lecture Notes in Computer Science, vol. 4189, pp. 192-206. Springer, Berlin (2006)
24. Menzel, M., Warschofsky, R., Thomas, I., Willems, C., Meinel, C.: The service security lab: a model-driven platform to compose and explore service security in the cloud. In: 2010 6th World Congress on Services, 5-10 July 2010, pp. 115-122 (2010)
25. Mietzner, R., Leymann, F., Papazoglou, M.P.: Defining composite configurable SaaS application packages using sca, variability descriptors and multi-tenancy patterns. In: Third International Conference on Internet and Web Applications and Services, 2008. ICIW '08, 8-13 June 2008, pp. 156-161 (2008)
26. Montrieux, L., Jürjens, J., Haley, C.B., Yu, Y., Schobbens, P.-Y., Toussaint, H.: Tool support for code generation from a UMLsec property. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE '10, New York, NY, USA, 2010, pp. 357-358. ACM, New York (2010)
27. Morin, B., Barais, O., Nain, G., et al.: Taming dynamically adaptive systems using models and aspects. In: IEEE 31st Int. Conf. on Software Engineering, Vancouver, BC, 2009, pp. 122-132. IEEE Computer Society, Washington (2009)
28. Morin, B., Mouelhi, T., Fleurey, F., Traon, Y., Barais, O., Jézéquelet, J.: Security-Driven Model-Based Dynamic Adaptation. ACM, New York (2010)
29. Mouelhi, T., Fleurey, F., Baudry, B., Traon, Y.: A model-based framework for security policy specification, deployment and testing. In: Proceedings of the 11th Int. Conf. on Model Driven Engineering Languages and Systems, France, 2008. Springer, Berlin (2008)
30. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. (2007)
31. Pervez, Z., Lee, S., Lee, Y.-K.: Multi-tenant, secure, load disseminated SaaS architecture. In: 2010 the 12th International Conference on Advanced Communication Technology, 7-10 Feb. 2010, vol. 1, pp. 214-219 (2010)
32. Pervez, Z., Lee, S., Lee, Y.-K.: Multi-tenant, secure, load disseminated SaaS architecture. In: Proceedings of the 12th International Conference on Advanced Communication Technology, Gangwon-Do, South Korea, pp. 214-219. IEEE Press, New York (2010)
33. Sanchez-Cid, F., Mana, A.: Serenity pattern-based software development life-cycle. In: 19th International Workshop on Database and Expert Systems Application, pp. 305-309 (2008)
34. Scott, K., Kumar, N., Velusamy, S., et al.: Retargetable and Reconfigurable Software Dynamic Translation. IEEE Computer Society, Washington (2003)
35. Sindre, G., Opdahl, A.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34-44 (2005)
36. Vogel, T., Seibel, A., Giese, H.: The role of models and megamodels at runtime. In: Proceedings of the 2010 International Conference on Models in Software Engineering, pp. 224-238 (2010)
37. Wang, D., Zhang, Y., Zhang, B., Liu, Y.: Research and implementation of a new SaaS service execution mechanism with multi-tenancy support. In: Proceedings of the 2009 First IEEE International Conference on Information Science and Engineering, pp. 336-339. IEEE Computer Society, Washington (2009)
38. Xu, J., Jinglei, T., Dongjian, H., Linsen, Z., Lin, C., Fang, N.: Research and implementation on access control of management-type SaaS. In: 2010 the 2nd IEEE International Conference on Information Management and Engineering (ICIME), 16-18 April 2010, pp. 388-392 (2010)
39. Zhang, X., Shen, B., Tang, X., Chen, W.: From isolated tenancy hosted application to multi-tenancy: toward a systematic migration method for web application. In: 2010 IEEE International Conference on Software Engineering and Service Sciences (ICSESS), 16-18 July 2010, pp. 209-212 (2010)
40. Zhong, C., Zhang, J., Xia, Y., Yu, H.: Construction of a trusted SaaS platform. In: 2010 Fifth IEEE International Symposium on Service Oriented System Engineering (SOSE), 4-5 June 2010, pp. 244-251 (2010)