Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Formally Testing Fail-Safety of Electronic Purse Protocols
Proceedings of the 16th IEEE international conference on Automated software engineering
Eliciting security requirements with misuse cases
Requirements Engineering
A Survey of Approaches to Adaptive Application Security
SEAMS '07 Proceedings of the 2007 International Workshop on Software Engineering for Adaptive and Self-Managing Systems
Security protocols, properties, and their monitoring
Proceedings of the fourth international workshop on Software engineering for secure systems
ICIW '08 Proceedings of the 2008 Third International Conference on Internet and Web Applications and Services
A Model-Based Framework for Security Policy Specification, Deployment and Testing
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
SERENITY Pattern-Based Software Development Life-Cycle
DEXA '08 Proceedings of the 2008 19th International Conference on Database and Expert Systems Application
Taming Dynamically Adaptive Systems using models and aspects
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
An End-to-End Methodology and Toolkit for Fine Granularity SaaS-ization
CLOUD '09 Proceedings of the 2009 IEEE International Conference on Cloud Computing
Computer
Research and Implementation of a New SaaS Service Execution Mechanism with Multi-Tenancy Support
ICISE '09 Proceedings of the 2009 First IEEE International Conference on Information Science and Engineering
Multi-tenant, secure, load disseminated SaaS architecture
ICACT'10 Proceedings of the 12th international conference on Advanced communication technology
A Transparent Approach of Enabling SaaS Multi-tenancy in the Cloud
SERVICES '10 Proceedings of the 2010 6th World Congress on Services
SERVICES '10 Proceedings of the 2010 6th World Congress on Services
Construction of a Trusted SaaS Platform
SOSE '10 Proceedings of the 2010 Fifth IEEE International Symposium on Service Oriented System Engineering
Tool support for code generation from a UMLsec property
Proceedings of the IEEE/ACM international conference on Automated software engineering
The role of models and megamodels at runtime
MODELS'10 Proceedings of the 2010 international conference on Models in software engineering
Applying a security requirements engineering process
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Toward a framework for cloud security
ICA3PP'10 Proceedings of the 10th international conference on Algorithms and Architectures for Parallel Processing - Volume Part II
Supporting automated software re-engineering using re-aspects
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
A unified attribute-based access control model covering DAC, MAC and RBAC
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
| Hi-index | 0.00 |
Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple "tenants" of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants--i.e. multi-tenancy--increases tenants' concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants' needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants' security requirements. We use abstract models to capture service provider and multiple tenants' security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.